Emerging Directions in Embedded and Ubiquitous Computing: EUC 2006 Workshops: NCUS, SecUbiq, USN, TRUST, ESO, and MSA, Seoul, Korea, August 1-4, 2006, ... (Lecture Notes in Computer Science, 4097) 3540368507, 9783540368502

Here are the refereed proceedings of the EUC 2006 workshops, held in conjunction with the IFIP International Conference

133 4 21MB

English Pages 1061 Year 2006

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Frontmatter
NCUS 2006 Symposium
Adaptive Router Promotion in Ad-Hoc Networks
A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks
UbiqStor: Server and Proxy for Remote Storage of Mobile Devices
Packet Length Adaptation for Energy-Proportional Routing in Clustered Sensor Networks
A New Context Script Language for Developing Context-Aware Application Systems in Ubiquitous Computing
Dynamic Replication Strategies for Object Storage Systems
A Cost-Effective Mobility Modelling in Nested Network Mobility
Completing UML Model of Component-Based System with Middleware for Performance Evaluation
Energy Efficient PNC Selection Procedure for the IEEE 802.15.3-Based HR-WPAN
An Efficient Multicast Routing Protocol in Multi-rate Wireless Ad Hoc Networks
WPAN Platform Design in Handset Integrating Cellular Network and Its Application to Mobile Games
Reliable Transporting and Optimal Routing on Rate-Based for Ad Hoc Networks
Automatic Extraction of Conversation Protocols from a Choreography Specification of Ubiquitous Web Services
Inter-sector Interference Mitigation Method in Triple-Sectored OFDMA Systems
File Correspondences Dictionary Construction in Multilingual P2P File Sharing Systems
Lightweight Messages: True Zero-Copy Communication for Commodity Gigabit Ethernet
Evaluation of Models for Analyzing Unguided Search in Unstructured Networks
Wapee: A Fault-Tolerant Semantic Middleware in Ubiquitous Computing Environments
Security in P2P Networks: Survey and Research Directions
HYWINMARC: An Autonomic Management Architecture for Hybrid Wireless Networks
Prediction Efficiency in Predictive {\itshape p}-CSMA/CD
A Situation Aware Personalization in Ubiquitous Mobile Computing Environments
A Network and Data Link Layer QoS Model to Improve Traffic Performance
A GML-Based Mobile Device Trace Monitoring System
Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks
SecUbiq 2006 Workshop
A Scalable and Untraceable Authentication Protocol for RFID
Vulnerability of an RFID Authentication Protocol Proposed in at SecUbiq 2005
Reliable Broadcast Message Authentication in Wireless Sensor Networks
Message and Its Origin Authentication Protocol for Data Aggregation in Sensor Networks
A New Security Protocol Based on Elliptic Curve Cryptosystems for Securing Wireless Sensor Networks
Resource Requirement Analysis for a Predictive-Hashing Based Multicast Authentication Protocol
Ubiquitous Authorization Scheme Based on Device Profile
An Efficient Certificateless Signature Scheme
Universal Designated Verifier Ring Signature (Proof) Without Random Oracles
An Identity-Based Signcryption Scheme with Short Ciphertext from Pairings
A Strong Identity Based Key-Insulated Cryptosystem
A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE
Energy Comparison of AES and SHA-1 for Ubiquitous Computing
USN 2006 Workshop
Performance Analysis of Tag Anti-collision Algorithms for RFID Systems
Perturbative Time and Frequency Allocations for RFID Reader Networks
An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm
DiCa: Distributed Tag Access with Collision-Avoidance Among Mobile RFID Readers
Design and Implementation of a High-Speed RFID Data Filtering Engine
Authorized Tracking and Tracing for RFID Tags
An Energy-Efficient MAC Protocol for Delay-Sensitive Wireless Sensor Networks
A Data-Centric Self-organization Scheme for Energy-Efficient Wireless Sensor Networks
Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks
Maximize the Coverage Lifetime of Sensor Networks
An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices
LWOS: A Localization Method Without On-Body Sensor in Wireless Sensor Networks
TRUST 2006 Workshop
Research Directions in the Area of USN (Ubiquitous Sensor Network) Towards Practical UE (Ubiquitous Environments)
On Building a Lightweight Security Architecture for Sensor Networks
A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks
Algorithms for Service Differentiation in MAC Layer over MANETs
A Power-Aware Routing Protocol Using Multi-Route Transmission for Mobile Ad Hoc Networks
A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay
An Adaptive Concurrency Control QOS Agent for Ubiquitous Computing Environments
An Efficient End-to-End QoS Supporting Algorithm in NGN Using Optimal Flows and Measurement Feed-Back for Ubiquitous and Distributed Applications
An RFID System Based MCLT System with Improved Privacy
QT-CBP: A New RFID Tag Anti-collision Algorithm Using Collision Bit Positioning
An RFID-Based Access and Location Service for Pervasive Grids
Autonomous Management of Large-Scale Ubiquitous Sensor Networks
A Privacy-Aware Service Protocol for Ubiquitous Computing Environments
A Neural Network Model for Detection Systems Based on Data Mining and False Errors
An Analysis on the Web Technologies for Dynamically Generating Web-Based User Interfaces in Ubiquitous Spaces
A Policy Description Language for Context-Based Access Control and Adaptation in Ubiquitous Environment
{\itshape C-i}UMS: Context Based Smart and Secure Multimedia Service in Intelligent Ubiquitous Home
A Lightweight IP Traceback Mechanism on IPv6
Enable a Trustworthy Network by Source Address Spoofing Prevention Routers: A Formal Description
A Flexible Bound Admission Control Algorithm for Vertical Handover in Ubiquitous Environment
Network Probabilistic Connectivity: Using Node Cuts
Fast Mounting and Recovery for NAND Flash Memory Based Embedded Systems
Broadcast Encryption Using Efficient Key Distribution and Renewal for Ubiquitous Environments
A Robust Verifiably Encrypted Signature Scheme
ESO 2006 Workshop
Instruction Re-selection for Iterative Modulo Scheduling on High Performance Multi-issue DSPs
Predictability of Least Laxity First Scheduling Algorithm on Multiprocessor Real-Time Systems
Saving Register-File Leakage Power by Monitoring Instruction Sequence in ROB
Run-Time Memory Optimization for DDMB Architecture Through a CCB Algorithm
Code Generation and Optimization for Java-to-C Compilers
Modelling and Analysis of Power Consumption for Component-Based Embedded Software
Design of a Programmable Vertex Processing Unit for Mobile Platforms
An Energy-Aware Whole-System Dynamic Emulator -- SkyEye
Optimizing Scheduling Stability for Runtime Data Alignment
A Chinese Mobile Phone Input Method Based on the Dynamic and Self-study Language Model
An {\itshape ID}-Based Watermarking Scheme for Java Programs
Data-Layout Optimization Using Reuse Distance Distribution
Co-optimization of Performance and Power in a Superscalar Processor Design
FAST: An Efficient Flash Translation Layer for Flash Memory
A Novel Discrete Hopfield Neural Network Approach for Hardware-Software Partitioning of RTOS in the SoC
UML Based Evaluation of Reconfigurable Shape Adaptive DCT for Embedded Stream Processing
A High Performance Buffering of Java Objects for Java Card Systems with Flash Memory
MSA 2006 Workshop
Predictive Prefetching of Context-Aware Information in Mobile Networks
Digital Ortho-image Production for Web GIS Applications
Multimedia Contents Security by Wireless Authentication
Traffic Actuated Car Navigation Systems in Mobile Communication Networks
Analytic Model of the Collision Resolution Protocol with Voice/Data in Mobile Networks
Security Enhancement by Detecting Network Address Translation Based on Instant Messaging
A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks
A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors
An Architecture Framework for Measuring and Evaluating Packet-Switched Voice
HOIDS-Based Detection Method of Vicious Event in Large Networks
New Handoff Control Method Using Fuzzy Multi-Criteria Decision Making in Micro/Pico-cellular Networks
Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications
A Grid Routing Scheme Considering Node Lifetime in Ubiquitous Sensor Networks
Backmatter
Recommend Papers

File loading please wait...
Citation preview

Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Moshe Y. Vardi Rice University, Houston, TX, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany

4097

Xiaobo Zhou Oleg Sokolsky Lu Yan Eun-Sun Jung Zili Shao Yi Mu Dong-Chun Lee Daeyoung Kim Young-Sik Jeong Cheng-Zhong Xu (Eds.)

Emerging Directions in Embedded and Ubiquitous Computing EUC 2006 Workshops: NCUS, SecUbiq, USN, TRUST, ESO, and MSA Seoul, Korea, August 1-4, 2006 Proceedings

13

Volume Editors Xiaobo Zhou University of Colorado at Colorado Springs, USA, E-mail: [email protected] Oleg Sokolsky University of Pennsylvania, USA, E-mail: [email protected] Lu Yan Åbo Akademi, Finland and University of Cambridge, UK, E-mail: [email protected] Eun-Sun Jung SamsungAdvanced Institute of Technology, Korea, E-mail: [email protected] Zili Shao Hong Kong Polytechnic University, China, E-mail: [email protected] Yi Mu University of Wollongong, Australia, E-mail: [email protected] Dong-Chun Lee Howon University, Korea, E-mail: [email protected] Daeyoung Kim Information and Communications University, Korea, E-mail: [email protected] Young-Sik Jeong Wonkwang University, Korea, E-mail: [email protected] Cheng-Zhong Xu Wayne State University, USA, E-mail: [email protected] Library of Congress Control Number: 2006929799 CR Subject Classification (1998): C.2, C.3, D.4, D.2, H.4, K.6.5, H.5.3, K.4 LNCS Sublibrary: SL 3 – Information Systems and Application, incl. Internet/Web and HCI ISSN ISBN-10 ISBN-13

0302-9743 3-540-36850-7 Springer Berlin Heidelberg New York 978-3-540-36850-2 Springer Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. Springer is a part of Springer Science+Business Media springer.com © IFIP International Federation for Information Processing 2006 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 11807964 06/3142 543210

Preface

This volume contains the proceedings of the workshops held in conjunction with the IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2006, in Seoul, Korea, August 1-4, 2006. The objective of these workshops is to complement the spectrum of the main conference, which is a premier international forum for researchers and practitioners from both industry and academia, by discussing hot topics and emerging areas, by sharing recent progress and emerging results, and by promoting cuttingedge research and future cooperation in embedded and ubiquitous computing. With this objective in mind, we selected six workshops out of ten proposals submitted to us for consideration: – NCUS 2006: The Second International Symposium on Network-Centric Ubiquitous Systems – SecUbiq 2006: The Second International Workshop on Security in Ubiquitous Computing Systems – USN 2006: The Second International Workshop on RFID and Ubiquitous Sensor Networks – TRUST 2006: The First International Workshop on Trustworthiness, Reliability and services in Ubiquitous and Sensor neTworks – ESO 2006: The First International Workshop on Embedded Software Optimization – MSA 2006: The First International Workshop on Multimedia Solution and the Assurance in the Ubiquitous Information Systems Response to the call for papers was overwhelming. Six workshops received 375 submissions in total and accepted 102, representing an overall acceptance rate of 27%. All papers published in the workshops proceedings were selected by the Program Committee on the basis of referee reports. Each paper was reviewed by independent referees who judged the papers for originality, quality, presentation, and consistency with the themes of the workshops. We would like to thank the EUC 2006 General Co-chair Cheng-Zhong Xu and the Program Chair Edwin Sha for their guidance and vision, the Steering Committee Co-chairs, Minyi Guo and Laurence T. Yang, for their support and encouragement, chairs of individual workshops for their tireless efforts, and our Korean colleagues for local arrangements. Special thanks are due to Haibo Yu and Bin Xiao for their help with some publication issues. We gratefully acknowledge sponsorship from the International Federation for Information Processing (IFIP) and the cooperation of the IEEE Computer Society and Lecture Notes in Computer Science of Springer. Finally, we hope you will enjoy the proceedings. August 2006

Xiaobo Zhou and Oleg Sokolsky EUC 2006 Workshops Chairs

The Second International Symposium on Network-Centric Ubiquitous Systems (NCUS 2006) Historically, ubiquitous systems have been highly engineered for a particular task, with no spontaneous interactions among devices. Recent advances in wireless communication and sensor and actuator technologies have given rise to a new genre of ubiquitous systems. This new genre is characterized as self-organizing, critically resource constrained, and network centric. The fundamental change is communication: numerous small devices operating collectively, rather than as standalone devices, form a dynamic ambient network that connects each device to more powerful networks and processing resources. NCUS 2006 was the successor of NCUS 2005 held in Nagasaki, Japan and offered a premier international forum for researchers and practitioners from both industry and academia to discuss hot topics and emerging areas, to share recent progress and latest results, and to promote cutting-edge research and future cooperation in ubiquitous systems and ubiquitous networking. The exciting program was the result of the hard and excellent work of many others. We would like to express our sincere appreciation to all authors for their valuable contributions and to all TPC members and external reviewers for their cooperation in completing the program under a very tight schedule. Lu Yan et al. NCUS 2006 Symposium Organizers

Executive Committee Steering Co-chair:

Laurence T. Yang, St. Francis Xavier University, Canada Lu Yan, ˚ Abo Akademi, Finland and University of Cambridge, UK Jianhua Ma, Hosei University, Japan General Co-chairs: Jingyuan (Alex) Zhang, University of Alabama, USA Jon (Jong-Hoon) Youn, University of Nebraska at Omaha, USA Xiaobo Zhou, University of Colorado at Colorado Springs, USA Program Co-chairs: Luis Javier Garc´ıa Villalba, UCM, Spain Minyi Guo, University of Aizu, Japan Yuh-Shyan Chen, National Chung Cheng University, Taiwan

Organization

Program Committee Nael Abu-Ghazaleh Saad Biaz Jacir Luiz Bordim Phillip Bradford Jiannong Cao Guangbin Fan Satoshi Fujita Xiaoyan Hong Anup Kumar Koji Nakano Huai-Rong Shao Randy Smith Dajin Wang Zhijun Wang Claudia J. B. Abbas Qing-An Zeng Ming Yu Jiang (Leo) Li Mohamed O.-Khaoua Mieso Denko Chih-Hung Chang Chung-Ta King Yu-Chee Tseng Xinrong Zhou Antonio Puliafito Chu-Sing Yang Han-Chieh Chao Nidal Nasser Hong Shen Hai Jin Doo-Hwan Bae Jun Pang Rafael T. de Sousa Paulo R. de L. Gondim Mirela S. M. A. Notare Dan Grigoras Ami Marowka Hesham Ali Chulho Won Hamid Sharif Jitender Deogun Seungjin Park

SUNY Binghamton, USA Auburn University, USA University of Brasilia, Brazil University of Alabama, USA Hong Kong Polytechnic University, China Intel Research, China Hiroshima University, Japan University of Alabama, USA University of Louisville, USA Hiroshima University, Japan Samsung USA University of Alabama, USA Montclair State University, USA Millikin University, USA University of Brasilia, Brazil University of Cincinnati, USA SUNY at Binghamton, USA Howard University, USA University of Glasgow, UK University of Guelph, Canada Tamkang University, Taiwan National TsingHua University, Taiwan National Chiao-Tung University, Taiwan ˚ Abo Akademi, Finland University of Messina, Italy National Sun Yat-sen University, Taiwan National Dong Hwa University, Taiwan University of Guelph, Canada JAIST, Japan Huazhong University of Science and Technology, China Advanced Institute of Science and Technology, Korea University of Oldenburg, Germany Universidad de Brasilia, Brazil Universidad de Brasilia, Brazil Faculdades Barddal, Brazil University College Cork, Ireland Shenkar College of Engineering and Design, Israel University of Nebraska at Omaha, USA University of Nebraska at Omaha, USA University of Nebraska at Lincoln, USA University of Nebraska at Lincoln, USA Merrimack College, USA

VII

VIII

Organization

Dana Petcu Maria Ganzha Kathy Liszka Song Ci Hyunyoung Lee Guanling Chen Marcin Paprzycki Il Kyeun Ra Liqiang Zhang Ajay Kshemkalyani Hiroshi Sunaga Dan Feng Eiko Yoneki

Institute e-Austria Timisoara, Romania Elblag University of Humanities and Economy, Poland University of Akron, USA University of Massachusetts Boston, USA University of Denver, USA University of Massachusetts Lowell, USA SWPS, Poland University of Colorado at Denver, USA Indiana University at South Bend, USA University of Illinois at Chicago, USA NTT Labs, Japan Huazhong University of Science and Technology, China University of Cambridge, UK

The Second International Workshop on Security in Ubiquitous Computing Systems (SecUbiq 2006) Ubiquitous computing technology provides an environment where users expect to access resources and services anytime and anywhere. The serious security risks and problems arise because resources can now be accessed by almost anyone with a mobile device in such an open model. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack ubiquitous applications. The security issues, such as authentication, access control, trust management, privacy and anonymity, etc., should be fully addressed. This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of ubiquitous computing system security, and includes studies on analysis, models and systems, new directions, and novel applications of established mechanisms approaching the risks and concerns associated with the utilization and acceptance of ubiquitous computing devices and systems. This year we were very proud to receive 48 high-quality submissions. We conducted a rigorous blind peer review process for each submission, with the great support of all Program Committee members as well as a group of external reviewers. Based on the reviews, we selected 13 papers to be included in this program, representing an acceptance rate of 27%. We congratulate the authors of accepted papers, and regret many quality submissions could not be included, due to the time limit of this program. Taking this opportunity, we would like to thank all the authors for their contributions to the program. We would also like to thank the PC members and external reviewers for their efforts in reviewing the submissions. Yi Mu, Willy Susilo, and Bin Xiao SecUbiq 2006 Workshop Organizers

Executive Committee General Chair: Program Co-chairs: Steering Chair:

Bin Xiao, Hong Kong Polytechnic University, China Yi Mu, University of Wollongong, Australia Willy Susilo, University of Wollongong, Australia Laurence T. Yang, St. Francis Xavier University, Canada

Program Committee Joonsang Baek Xiaofeng Chen Ed Dawson

University of Wollongong, Australia Sun Yat-Sen University, China Queensland University of Technology, Australia

X

Organization

Dieter Gollmann Guang Gong Sung-Kook Han Swee Huay Heng Young-Sik Jeong Steve Kremer Kaoru Kurosawa Joseph Liu Javier Lopez Masahiro Mambo Chris Mitchell Atsuko Miyaji Yi Mu Josef Pieprzyk Rei Safavi-Naini Willy Susilo Tsuyoshi Takagi Jacques Traore Yang Xiao Ning Zhang Huaxiong Wang Dongho Won Duncan S. Wong Chuan-Kun Wu Fangguo Zhang Jianying Zhou Huafei Zhu

Technical University of Hamburg, Germany University of Waterloo, Canada WonKwang University, Korea Multimedia University, Malaysia WonKwang University, Korea ENS Cachan and INRIA Futurs, France Ibaraki University, Japan University of Bristol, UK University of Malaga, Spain Tsukuba University, Japan University of London, UK JAIST, Japan University of Wollongong, Australia Macquarie University, Australia University of Wollongong, Australia University of Wollongong, Australia Future University, Japan France Telecom R&D, Francs University of Memphis, USA University of Manchester, UK Macquarie University, Australia Sungkyunkwan University, Korea City University of Hong Kong, Hong Kong, China Chinese Academy of Sciences, China Sun Yat-Sen University, China Institute for Infocomm Research, Singapore Institute for Infocomm Research, Singapore

External Reviewers Mathieu Baudet Colin Boyd ALvaro Cardenas Sherman Chow Mathieu Ciet Pierre Cregut Jiang Du Siamak Fayyaz Marcel Fernandez Jun Furukawa Bok-Min Goi Juanna Gonzalez Kishan Gupta Dong-Guk Han Matt Henrickson

Bessie C. Hu Tetsu Iwata Shaoquan Jiang Katrin Heoper Yuichi Kaji Hiroaki Kikuchi Tae Hyun Kim Shinsaku Kiyomoto Vinh-The Lam Huo-Chong Ling Dennis Liu Shin’ichiro Matsuo Yasuhiro Ohtaki Juan J. Ortega Angela Piper

Hung-Min Sun Gelareh Taban Xiaojian Tian Toshiaki Tanaka Christophe Tartary RyanEun-Kyung Ryu Lihua Wang Baodian Wei Yan Wang Guomin Yang Wei-Chuen Yau Xuefeng Zhang Robert W. Zhu

The Second International Workshop on RFID and Ubiquitous Sensor Networks (USN 2006) Welcome to the proceedings of the second annual International Workshop on RFID and Ubiquitous Sensor Networks (USN 2006). In the emerging era of a ubiquitous society, RFID and ubiquitous sensor networks will be essential technologies still with many challenging issues to be solved. Small enough to guarantee pervasiveness in the ubiquitous world, ubiquitous sensor networks provide valuable information to be exploited for a great variety of sensor applications. While there has been intensive research during the last few years, the consideration of anywhere and anytime presence still presents new challenges, keeping the topic of sensor networks in the center of ubiquitous systems investigation. At the same time, radio frequency identification (RFID) shows a great potential in market penetration to address today’s object identification systems, and its technologies already entail a success for the industry with some field applications across the globe. However, numerous questions about its implementation, capability, performance, reliability, economy and integration with other technologies still remain to be answered. The purpose of USN 2006 was to establish a discussion forum on all the challenges raised from the evolution of the ubiquitous sensor networks and RFID technologies. As a unique opportunity to obtain insight into the leading technologies of the next pervasive era, USN 2006 tried to provide the place for discussing and exchanging ideas from both academia and industry worldwide. This year we received 46 submissions for the technical program, not only from Asia, but also from Europe and North America and finally accepted 12 papers of very high quality. We owe a great deal of thanks to the members of the Program Committee and the reviewers. The success of this year’s USN would not be possible without their hard work. We are also grateful to all the members of the Steering Committee, Jongsuk Chae, Sang-gug Lee, Hao Min, and Hyun Yoe for their advice and support. Finally, our many thanks to Tom´ as S´ anchez L´ opez of the Information and Communications University for his great help in preparing the workshop. USN 2006 was sponsored by the u-agriculture research center (ITRC program of the Ministry of Information and Communication, Korea) and Auto-ID Labs, Korea. Daeyoung Kim USN 2006 Workshop Chair

XII

Organization

Workshop Chair Daeyoung Kim

Information and Communications University, Korea

Steering Committee Jongsuk Chae Sang-gug Lee Hao Min Hyun Yoe

ETRI, Korea Information and Communications University, Korea Fudan University, China Sunchon National University, Korea

Program Committee Yunju Baek Chih-Yung Chang Yuh-Shyan Chen Yoonmee Doh Yan Huang Young-Sik Jeong Chung-Ta King Youngbae Ko Noboru Koshizuka Yann-Hang Lee Wei Lou Jin Mitsugi Wen-Chih Peng Neeli Rashmi Prasad Mohamed Younis

Pusan National University, Korea Tamkang University, Taiwan National Chung Cheng University, Taiwan ETRI, Korea Motorola Labs, USA Wonkwang University, Korea National Tsing-Hua University, Taiwan Ajou University, Korea University of Tokyo, Japan Arizona State University, USA Hong Kong Polytechnic University, China Keio University, Japan National Chiao Tung University, Taiwan Aalborg University, Denmark University of Maryland, USA

The First International Workshop on Trustworthiness, Reliability and Services in Ubiquitous and Sensor neTworks (TRUST 2006) Welcome to the proceedings of the First International Workshop on Trustworthiness, Reliability and services in Ubiquitous and Sensor networks (TRUST). It was our pleasure to work with the Program Committee and all the other volunteers who helped create this workshop. This workshop was organized with the goal of providing a forum for the exciting research in the increasingly important area of ubiquitous and sensor networks. We wish to thank the authors of the 83 papers that were submitted for publication and presentation at the workshop. The workshop program contains 22 regular papers and 2 invited papers, which represents an acceptance rate of 27%. The overall quality of submissions was high. We conducted a thorough review of all the submissions, with each paper receiving three reviews on average. Due to the large number of submissions, many good papers could not be included in the workshop program. Our special thanks go to the Program Committee and external reviewers listed below, who had the difficult task of reviewing the large number of papers in a relatively short time. We hope that you will enjoy the workshop program. David Chadwick and Eun-Sun Jung TRUST 2006 Workshop Organizers

Program Co-chairs: David Chadwick Eun-Sun Jung

University of Kent, UK Samsung Advanced Institute of Technology, Korea

Program Committee Sheikh Iqbal Ahamed Erik Berglund Kyungsan Cho Slo-Li Chu Yeh-Ching Chung Antonio Coronato Anind K. Dey Xinwen Fu George A.Gravvanis Vesna Hassler Yeong-Deok Kim

Marquette University, USA Link¨ oping University, Sweden Dankook University, Korea Chung Yuan Christian University, Taiwan National Tsing-Hua University, Taiwan ICAR-CNR, Italy Carnegie Mellon University, USA Dakota State University, USA Democritus University of Thrace, Greece European Patent Office, Austria Woosong University, Korea

XIV

Organization

Eung-Nam Ko Byoung-Soo Koh Kuan-Ching Li Jiyoung Lim Kathy J. Liszka Bin Lu Nikolay Moldovyan Myung-Chan Park Taejoon Park YongSuk Park Giuseppe De Pietro Massimo Poncino Laborde Romain Qi Shi Dong Myung Nicolas Sklavos Sheng-De Wang Ilsun You Ning Zhang

Baekseok University, Korea DigiCAPS Co., Ltd, Korea Providence University, Taiwan Korean Bible University, Korea University of Akron, USA West Chester University of Pennsylvania, USA SPECTR, Russia International Graduate University for Peace, Korea Samsung Advanced Institute of Technology, Korea Samsung Advanced Institute of Technology, Korea ICAR-CNR, Italy Politecnico di Torino, Italy University of Kent, UK Liverpool John Moores University, UK Shin Korea Information Security Agency, Korea University of Patras, Greece National Taiwan University, Taiwan Korean Bible University, Korea University of Manchester, UK

External Reviewers Hyobeom Ahn Omaima Bamasak Mario Ciampi Massimo Esposito Park Hwa Jin

SukHoon Kang Jin Ok Kim Soon-Gohn Kim Oh-Heum Kwon Jin Wook Lee

Se-Yul Lee Timothy O’Neil Sassa Otenko JeongHyun Yi

The First International Workshop on Embedded Software Optimization (ESO 2006) Embedded systems are driving an information revolution with their pervasion in our everyday lives. The increasingly ubiquitous embedded systems pose a host of technical challenges different from those faced by general-purpose computers because they are more constrained in terms of timing, power, area, memory and other resources. Embedded software optimization becomes a major concern for embedded system design. ESO 2006 aimed to provide a forum for scientists, engineers, and researchers to discuss and exchange their new ideas, novel results, work in progress and experience on all aspects of embedded software optimization. It covered a wide range of theoretical and experimental topics in the area of embedded system optimization including software optimization techniques for power, timing, memory minimization, code size optimization techniques, software design and optimization for multi-core, parallel and heterogeneous embedded systems, software management for memory systems, real-time software design and optimization, trustworthy computing in embedded software, secure embedded software design, application-specific embedded software design and optimization, code generation and optimization for embedded processors, compilation for reconfigurable architectures, design space exploration and minimization, embedded Java optimization, profiling and analysis techniques for embedded software, verification and testing techniques for embedded software, power/energy estimation tools for embedded software, system-level power/energy management, and case studies. This year we were very proud to receive a huge amount of high-quality submissions. We conducted a rigorous peer review process for each submission, with the great support of all Program Committee members as well as a group of external reviewers. Based on the reviews, we selected 17 papers to be included in this program. We congratulate the authors of accepted papers, and regret many quality submissions could not be included, due to the time and space limit. We would like to thank all the authors for their contributions to the program. We would also like to thank the PC members and external reviewers for their efforts in reviewing the submissions. Finally, we would like to thank Xiaobo Zhou, the EUC Workshops Co-chair, for the guidance in the organization of this workshop.

Zili Shao, Edwin H.-M. Sha, Yu Hen Hu, and Shuvra S. Bhattacharyya ESO 2006 Workshop Organizers

XVI

Organization

Executive Committee General Co-chairs: Program Co-chairs: Steering Co-chairs:

Edwin H.-M. Sha, University of Texas at Dallas, USA Yu Hen Hu, University of Wisconsin-Madison, USA Zili Shao, The Hong Kong Polytechnic University, China Shuvra S. Bhattacharyya, University of Maryland, USA Edwin H.-M. Sha, University of Texas at Dallas, USA Tei-Wei Kuo, National Taiwan University, Taiwan Laurence T. Yang, St. Francis Xavier University, Canada Minyi Guo, University of Aizu, Japan Zili Shao, The Hong Kong Polytechnic University, China

Program Committee Ben A. Abderazek Stefan Andrei Xing Cai Li-Pin Chang Vipin Chaudhary Yen-Kuang Chen Yu Chen Albert Cheng Alexander G. Dean Ed Deprettere Antonio Gentile Tony Givargis Luis Gomes Zonghua Gu Houcine Hassan Seongsoo Hong Pao-Ann Hsiung Ching-Hsien Hsu Zhiping Jia Mike Hua Ji Kazuki Joe Eugene John Ryan Kastner Seon Wook Kim Yu-Kwong Kwok Yann-Hang Lee Rainer Leupers Tao Li Xuandong Li Yan Liu Man Lin

University of Electro-communications, Japan National University of Singapore, Singapore University of Oslo, Norway National Chiao-Tung University, Taiwan Wayne State University, USA Intel, USA Tsingha University, China University of Houston, USA North Carolina State University, USA Leiden University, Netherlands University of Palermo, Italy University of California at Irvine, USA Universidade Nova de Lisboa, Portugal Hong Kong Univ. of Science and Technology, China Polytechnic University of Valencia, Spain Seoul National University, Korea National Chung Cheng University, Taiwan Chung Hua University, Taiwan Shangdong University, China Juniper Networks, USA Nara Woman’s University, Japan University of Texas at San Antonio, USA University of California at Santa Barbara, USA Korea University, Korea University of Hong Kong, China Arizona State University, USA RWTH Aachen University, Germany University of Florida, USA Nanjing University, China The Hong Kong Polytechnic University, China St. Francis Xavier University, Canada

Organization

Jogesh Muppala Koji Nakano Nicolas Navet John O’Donnell Andy Pimentel Gang Qu Olli Silven Frank Singhoff Jarmo Takala Lorenzo Verdoscia Salvatore Vitabile Jingling Xue Haijin Yan Fan Zhang Youtao Zhang Dayong Zhou Huiyang Zhou Dakai Zhu Yongxin Zhu Yun Zhu

XVII

Hong Kong Univ. of Science and Technology, China Hiroshima University, Japan LORIA, France University of Glasgow, UK University of Amsterdam, Netherlands University of Maryland, USA Oulu University, Finland Brest University, France Tampere University of Technology, Finland National Research Council, Italy University of Palermo, Italy University of New South Wales, Australia Motorola Labs, USA Hong Kong Uni. of Science and Technology, China University of Texas at Dallas, USA University of Oklahoma, USA University of Central Florida, USA University of Texas at San Antonio, USA Shanghai Jiao Tong University, China University of Science and Technology of China, China Mohammad Zulkernine Queen’s University, Canada Guojun Wang Central South University, China Hongxing Wei Beijing University of Aero. and Astro., China Bernhard Wess Vienna Institute of Technology, Austria Wayne H. Wolf Princeton University, USA

External Reviewers Cosmin Nicolae Stan

The First International Workshop on Multimedia Solution and the Assurance in the Ubiquitous Information Systems (MSA 2006) Rapid progress in computer hardware technology has made computers compact (e.g., laptop, palmtop), powerful, and more affordable. Furthermore, recent advances in wireless data communications technology have spawned an increasing demand for various types of services. As a result, we are witnessing an explosive growth of research and development efforts in the field of mobile and ubiquitous communication and computing systems. The global growth of interest in the mobile and ubiquitous networks, coupled with a growing high-bandwidth structure, will lead to a rapidly expanding market for ubiquitous network services. Although there are currently no applications with great mass-market that require broadband network access, the popularity of mobile network services should eventually affect the market for ubiquitous networks. For this reason, wireless-based technologies, such as multimedia synchronization technologies, intelligent context-aware schemes, intelligent location-based systems (ILBS) solutions, intelligent transport system (ITS), and the security of the ubiquitous information, need to be studied and developed for future services offered to subscribers in future ubiquitous information systems. This ubiquitous information technology will allow users to travel within an office building, from office to home, around the country and the world with a portable computer in their hands. Disconnection will no longer be a network fault, but a common event intentionally caused by the user in order to preserve a consequence of mobility. This MSA workshop contains a collection of high-quality papers on multimedia solution and the assurance in the ubiquitous information systems (MSA). In addition to this, we received 54 quality submissions, as a result of the call-forpapers for this topic. Each paper went through a rigorous, peer review process as required by the EUC workshops organizers. Based upon the review committee’s decision, 14 papers were selected for their original contributions as well as their suitability to the topic of this workshop session. Many people contributed to the creation of this special issue. Thanks are due to Howon University Mobile Networks Lab members and Kunsan National University Embedded and Mobile Networks Lab members for their contributions. Special thanks to the members of the review committee for their excellent contributions. Their hard work, comments and suggestions have really helped to improve the quality of the papers. We would like to take this opportunity to thank everyone who made this workshop session possible: the authors, the editorial staff of EUC 2006 and the publisher. Dong Chun Lee, Howon University, Korea On Behalf of MSA 2006 Workshop Organizers

Table of Contents

NCUS 2006 Symposium Adaptive Router Promotion in Ad-Hoc Networks Kensuke Tanaka, Noriko Matsumoto, Norihiko Yoshida . . . . . . . . . . . . .

1

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks Jiujun Cheng, Yuhong Li, Weiwei Jiao, Jian Ma . . . . . . . . . . . . . . . . . .

11

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices MinHwan Ok, Daegeun Kim, Myong-soon Park . . . . . . . . . . . . . . . . . . . .

22

Packet Length Adaptation for Energy-Proportional Routing in Clustered Sensor Networks Chao-Lieh Chen, Chia-Yu Yu, Chien-Chung Su, Mong-Fong Horng, Yau-Hwang Kuo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32

A New Context Script Language for Developing Context-Aware Application Systems in Ubiquitous Computing Jae-Woo Chang, Yong-Ki Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

43

Dynamic Replication Strategies for Object Storage Systems Zhipeng Tan, Dan Feng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53

A Cost-Effective Mobility Modelling in Nested Network Mobility Hye-Young Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62

Completing UML Model of Component-Based System with Middleware for Performance Evaluation Yong Zhang, Ningjiang Chen, Jun Wei, Tao Huang . . . . . . . . . . . . . . . .

72

Energy Efficient PNC Selection Procedure for the IEEE 802.15.3-Based HR-WPAN EunChang Choi, JaeDoo Huh, Soo-Joong Kim, WoongChul Choi . . . . .

83

An Efficient Multicast Routing Protocol in Multi-rate Wireless Ad Hoc Networks Kyung-Jin Bae, Dong-Hee Kwon, Woo-Jae Kim, Young-Joo Suh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

93

XX

Table of Contents

WPAN Platform Design in Handset Integrating Cellular Network and Its Application to Mobile Games In-Hwan Kim, Hoo-Jong Kim, Gu-Min Jeong . . . . . . . . . . . . . . . . . . . . . 103 Reliable Transporting and Optimal Routing on Rate-Based for Ad Hoc Networks Ming-Hui Tsai, Tzu-Chiang Chiang, Yueh-Min Huang . . . . . . . . . . . . . . 112 Automatic Extraction of Conversation Protocols from a Choreography Specification of Ubiquitous Web Services Jonghun Park, Byung-Hyun Ha . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Inter-sector Interference Mitigation Method in Triple-Sectored OFDMA Systems JungRyun Lee, Keunyoung Kim, YongHoon Lim . . . . . . . . . . . . . . . . . . . 133 File Correspondences Dictionary Construction in Multilingual P2P File Sharing Systems Hongding Wang, Shaohua Tan, Shiwei Tang, Dongqing Yang, Yunhai Tong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Lightweight Messages: True Zero-Copy Communication for Commodity Gigabit Ethernet Hai Jin, Minghu Zhang, Pengliu Tan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Evaluation of Models for Analyzing Unguided Search in Unstructured Networks Bin Wu, Ajay D. Kshemkalyani . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Wapee: A Fault-Tolerant Semantic Middleware in Ubiquitous Computing Environments Yoonhee Kim, Eun-kyung Kim, Beom-Jun Jeon, In-Young Ko, Sung-Yong Park . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Security in P2P Networks: Survey and Research Directions Esther Palomar, Juan M. Estevez-Tapiador, Julio C. Hernandez-Castro, Arturo Ribagorda . . . . . . . . . . . . . . . . . . . . . 183 HYWINMARC: An Autonomic Management Architecture for Hybrid Wireless Networks Shafique Ahmad Chaudhry, Ali Hammad Akbar, Ki-Hyung Kim, Suk-Kyo Hong, Won-Sik Yoon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Prediction Efficiency in Predictive p-CSMA/CD Marek Mi´skowicz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Table of Contents

XXI

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments Heeseo Chae, Do-Hoon Kim, Dongwon Jeong, Hoh Peter In . . . . . . . . . 213 A Network and Data Link Layer QoS Model to Improve Traffic Performance Jes´ us Arturo P´erez, Victor Hugo Z´ arate, Christian Cabrera . . . . . . . . . 224 A GML-Based Mobile Device Trace Monitoring System Eun-Ha Song, Sung-Kook Han, Laurence T. Yang, Minyi Guo, Young-Sik Jeong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks Chulho Won, Jong-Hoon Youn, Hesham Ali . . . . . . . . . . . . . . . . . . . . . . . 244

SecUbiq 2006 Workshop A Scalable and Untraceable Authentication Protocol for RFID Youngjoon Seo, Hyunrok Lee, Kwangjo Kim . . . . . . . . . . . . . . . . . . . . . . . 252 Vulnerability of an RFID Authentication Protocol Proposed in at SecUbiq 2005 Daesung Kwon, Daewan Han, Jooyoung Lee, Yongjin Yeom . . . . . . . . . 262 Reliable Broadcast Message Authentication in Wireless Sensor Networks Taketsugu Yao, Shigeru Fukunaga, Toshihisa Nakai . . . . . . . . . . . . . . . . 271 Message and Its Origin Authentication Protocol for Data Aggregation in Sensor Networks HongKi Lee, DaeHun Nyang, JooSeok Song . . . . . . . . . . . . . . . . . . . . . . . 281 A New Security Protocol Based on Elliptic Curve Cryptosystems for Securing Wireless Sensor Networks Seog Chung Seo, Hyung Chan Kim, R.S. Ramakrishna . . . . . . . . . . . . . . 291 Resource Requirement Analysis for a Predictive-Hashing Based Multicast Authentication Protocol Seonho Choi, Yanggon Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 Ubiquitous Authorization Scheme Based on Device Profile Kevin Tham, Mark Looi, Ernest Foo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 An Efficient Certificateless Signature Scheme Wun-She Yap, Swee-Huay Heng, Bok-Min Goi . . . . . . . . . . . . . . . . . . . . 322

XXII

Table of Contents

Universal Designated Verifier Ring Signature (Proof) Without Random Oracles Jin Li, Yanming Wang . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 An Identity-Based Signcryption Scheme with Short Ciphertext from Pairings Huiyan Chen, Shuwang L¨ u, Zhenhua Liu, Qing Chen . . . . . . . . . . . . . . . 342 A Strong Identity Based Key-Insulated Cryptosystem Jin Li, Fangguo Zhang, Yanming Wang . . . . . . . . . . . . . . . . . . . . . . . . . . 352 A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE Jin Li, Fangguo Zhang, Yanming Wang . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Energy Comparison of AES and SHA-1 for Ubiquitous Computing Jens-Peter Kaps, Berk Sunar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

USN 2006 Workshop Performance Analysis of Tag Anti-collision Algorithms for RFID Systems Cheng-Hao Quan, Won-Kee Hong, Hie-Cheol Kim . . . . . . . . . . . . . . . . . 382 Perturbative Time and Frequency Allocations for RFID Reader Networks Vinay Deolalikar, Malena Mesarina, John Recker, Salil Pradhan . . . . . 392 An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm Su-Ryun Lee, Chae-Woo Lee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 DiCa: Distributed Tag Access with Collision-Avoidance Among Mobile RFID Readers Kwang-il Hwang, Kyung-tae Kim, Doo-seop Eom . . . . . . . . . . . . . . . . . . 413 Design and Implementation of a High-Speed RFID Data Filtering Engine Hyunsung Park, Jongdeok Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 Authorized Tracking and Tracing for RFID Tags Ming-Yang Chen, Ching-Nung Yang, Chi-Sung Laih . . . . . . . . . . . . . . . . 435 An Energy-Efficient MAC Protocol for Delay-Sensitive Wireless Sensor Networks Changsu Suh, Deepesh Man Shrestha, Young-Bae Ko . . . . . . . . . . . . . . . 445

Table of Contents

XXIII

A Data-Centric Self-organization Scheme for Energy-Efficient Wireless Sensor Networks SungHyup Lee, YoungSoo Choi, HeeDong Park, YoonYoung An, YouZe Cho . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455 Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks Kyung Tae Kim, Hyunsoo Kim, Hee Yong Youn . . . . . . . . . . . . . . . . . . . 465 Maximize the Coverage Lifetime of Sensor Networks Minh-Long Pham, Daeyoung Kim, Taehong Kim, Seong-eun Yoo . . . . 475 An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices Shinyoung Yi, Hojung Cha . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 LWOS: A Localization Method Without On-Body Sensor in Wireless Sensor Networks Shuangquan Wang, Ningjiang Chen, Xin Chen, Jie Yang, Jun Lu . . . . 495

TRUST 2006 Workshop Research Directions in the Area of USN (Ubiquitous Sensor Network) Towards Practical UE (Ubiquitous Environments) Young Yong Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 On Building a Lightweight Security Architecture for Sensor Networks Taejoon Park, Kang G. Shin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks Chonggun Kim, Elmurod Talipov, Byoungchul Ahn . . . . . . . . . . . . . . . . . 522 Algorithms for Service Differentiation in MAC Layer over MANETs Kwan-Woong Kim, Sung-Hwan Bae, Dae-Ik Kim . . . . . . . . . . . . . . . . . . 532 A Power-Aware Routing Protocol Using Multi-Route Transmission for Mobile Ad Hoc Networks Kuang-Han Fei, Sheng-Yan Chuang, Sheng-De Wang . . . . . . . . . . . . . . . 540 A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay Kang Jin Yoon, Tae Sung Kim, Young Yong Kim . . . . . . . . . . . . . . . . . . 550 An Adaptive Concurrency Control QOS Agent for Ubiquitous Computing Environments Eung Nam Ko . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560

XXIV

Table of Contents

An Efficient End-to-End QoS Supporting Algorithm in NGN Using Optimal Flows and Measurement Feed-Back for Ubiquitous and Distributed Applications Se Youn Ban, Seong Gon Choi, Jun Kyun Choi . . . . . . . . . . . . . . . . . . . 570 An RFID System Based MCLT System with Improved Privacy Jin Kwak, Keunwoo Rhee, Namje Park, Howon Kim, Seungjoo Kim, Kouichi Sakurai, Dongho Won . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 QT-CBP: A New RFID Tag Anti-collision Algorithm Using Collision Bit Positioning Hyunji Lee, Jongdeok Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 An RFID-Based Access and Location Service for Pervasive Grids Antonio Coronato, Gennaro Della Vecchia, Giuseppe De Pietro . . . . . . 601 Autonomous Management of Large-Scale Ubiquitous Sensor Networks Jong-Eon Lee, Si-Ho Cha, Dae-Young Kim, Kuk-Hyun Cho . . . . . . . . . 609 A Privacy-Aware Service Protocol for Ubiquitous Computing Environments Gunhee Lee, Song-hwa Chae, Inwhan Hwang, Manpyo Hong . . . . . . . . . 619 A Neural Network Model for Detection Systems Based on Data Mining and False Errors Se-Yul Lee, Bong-Hwan Lee, Yeong-Deok Kim, Dong-Myung Shin, Chan-Hyun Youn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629 An Analysis on the Web Technologies for Dynamically Generating Web-Based User Interfaces in Ubiquitous Spaces Ilsun You, Chel Park . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639 A Policy Description Language for Context-Based Access Control and Adaptation in Ubiquitous Environment Joonseon Ahn, Byeong-Mo Chang, Kyung-Goo Doh . . . . . . . . . . . . . . . . 650 C-iUMS: Context Based Smart and Secure Multimedia Service in Intelligent Ubiquitous Home Jong Hyuk Park, Sangjin Lee, Sung Hee Hong . . . . . . . . . . . . . . . . . . . . . 660 A Lightweight IP Traceback Mechanism on IPv6 Syed Obaid Amin, Myung Soo Kang, Choong Seon Hong . . . . . . . . . . . . 671 Enable a Trustworthy Network by Source Address Spoofing Prevention Routers: A Formal Description Jun Bi, Jianping Wu, Miao Zhang . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681

Table of Contents

XXV

A Flexible Bound Admission Control Algorithm for Vertical Handover in Ubiquitous Environment Jong Min Lee, Ok Sik Yang, Seong Gon Choi, Jun Kyun Choi . . . . . . . 692 Network Probabilistic Connectivity: Using Node Cuts Denis A. Migov, Olga K. Rodionova, Alexey S. Rodionov, Hyunseung Choo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702 Fast Mounting and Recovery for NAND Flash Memory Based Embedded Systems Song-Hwa Park, Tae-Hoon Kim, Tae-Hoon Lee, Ki-Dong Chung . . . . . 710 Broadcast Encryption Using Efficient Key Distribution and Renewal for Ubiquitous Environments Deok-Gyu Lee, Jang-Su Park, Im-Yeong Lee . . . . . . . . . . . . . . . . . . . . . . . 721 A Robust Verifiably Encrypted Signature Scheme Jianhong Zhang, Wei Zou . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731

ESO 2006 Workshop Instruction Re-selection for Iterative Modulo Scheduling on High Performance Multi-issue DSPs Doosan Cho, Ayyagari Ravi, Gang-Ryung Uh, Yunheung Paek . . . . . . . 741 Predictability of Least Laxity First Scheduling Algorithm on Multiprocessor Real-Time Systems Sangchul Han, Minkyu Park . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755 Saving Register-File Leakage Power by Monitoring Instruction Sequence in ROB Wann-Yun Shieh, Hsin-Dar Chen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765 Run-Time Memory Optimization for DDMB Architecture Through a CCB Algorithm Jeonghun Cho, Yunheung Paek . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775 Code Generation and Optimization for Java-to-C Compilers Youngsun Han, Shinyoung Kim, Hokwon Kim, Seok Joong Hwang, Seon Wook Kim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785 Modelling and Analysis of Power Consumption for Component-Based Embedded Software Jun Hu, Xuandong Li, Guoliang Zheng, Chenghua Wang . . . . . . . . . . . 795

XXVI

Table of Contents

Design of a Programmable Vertex Processing Unit for Mobile Platforms Tae-Young Kim, Kyoung-Su Oh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805 An Energy-Aware Whole-System Dynamic Emulator – SkyEye Yu Cheng, Suo Kang, Jie Ren, Hui Zhu, Yuan Chun Shi . . . . . . . . . . . . 815 Optimizing Scheduling Stability for Runtime Data Alignment Ching-Hsien Hsu, Chao-Yang Lan, Shih-Chang Chen . . . . . . . . . . . . . . . 825 A Chinese Mobile Phone Input Method Based on the Dynamic and Self-study Language Model Qiaoming Zhu, Peifeng Li, Ping Gu, Peide Qian . . . . . . . . . . . . . . . . . . . 836 An ID-Based Watermarking Schemefor Java Programs Zheng Yuan, Qiaoyan Wen, Wenling Wu, Qing Zhang . . . . . . . . . . . . . . 848 Data-Layout Optimization Using Reuse Distance Distribution Xiong Fu, Yu Zhang, Yiyun Chen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858 Co-optimization of Performance and Power in a Superscalar Processor Design Yongxin Zhu, Weng-Fai Wong, S ¸ tefan Andrei . . . . . . . . . . . . . . . . . . . . . 868 FAST: An Efficient Flash Translation Layer for Flash Memory Sang-Won Lee, Won-Kyoung Choi, Dong-Joo Park . . . . . . . . . . . . . . . . . 879 A Novel Discrete Hopfield Neural Network Approach for Hardware-Software Partitioning of RTOS in the SoC Bing Guo, Yan Shen, Yue Huang, Zhishu Li . . . . . . . . . . . . . . . . . . . . . . 888 UML Based Evaluation of Reconfigurable Shape Adaptive DCT for Embedded Stream Processing Xianhui He, Yongxin Zhu, Zhenxin Sun, Yuzhuo Fu . . . . . . . . . . . . . . . . 898 A High Performance Buffering of Java Objects for Java Card Systems with Flash Memory Min-Sik Jin, Min-Soo Jung . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908

MSA 2006 Workshop Predictive Prefetching of Context-Aware Information in Mobile Networks In Seon Choi, Gi Hwan Cho . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919

Table of Contents XXVII

Digital Ortho-image Production for Web GIS Applications Hong-Gyoo Sohn, Hyo-Keun Park, Choung-Hwan Park, Joon Heo . . . . 928 Multimedia Contents Security by Wireless Authentication Jung Jae Kim, Kwang Hyoung Lee, So Yeon Min, Jeong Gyu Jee . . . . 936 Traffic Actuated Car Navigation Systems in Mobile Communication Networks Seungjae Lee, Chungwon Lee, Taehee Kim, Jeong Hyun Kim . . . . . . . . 946 Analytic Model of the Collision Resolution Protocol with Voice/Data in Mobile Networks Dong Chun Lee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 Security Enhancement by Detecting Network Address Translation Based on Instant Messaging Jun Bi, Miao Zhang, Lei Zhao . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962 A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo, Jungsook Koo, Dong Chun Lee . . . . . . . . . . . . . . . . . . . . . 972 A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors Bongsoo Son, Taehyung Kim, YongEun Shin . . . . . . . . . . . . . . . . . . . . . . 979 An Architecture Framework for Measuring and Evaluating Packet-Switched Voice Hyuncheol Kim, Seongjin Ahn, Junkyun Choi . . . . . . . . . . . . . . . . . . . . . 988 HOIDS-Based Detection Method of Vicious Event in Large Networks Dong Hwi Lee, Jeom Goo Kim, Kuinam J. Kim . . . . . . . . . . . . . . . . . . . 998 New Handoff Control Method Using Fuzzy Multi-Criteria Decision Making in Micro/Pico-cellular Networks Jong Chan Lee, Dong Li, Ki Hong Park, Hong-Jin Kim . . . . . . . . . . . . 1006 Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications Hyung Jin Kim, Jin-Tae Kim, Kee Yeon Hwang . . . . . . . . . . . . . . . . . . . 1012 A Grid Routing Scheme Considering Node Lifetime in Ubiquitous Sensor Networks Sangjoon Park, Sok-Pal Cho, Byunggi Kim . . . . . . . . . . . . . . . . . . . . . . . . 1021 Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1031

Adaptive Router Promotion in Ad-Hoc Networks Kensuke Tanaka, Noriko Matsumoto, and Norihiko Yoshida Department of Information and Computer Sciences Saitama University, Saitama 338-8570, Japan  [email protected]

Abstract. In ad-hoc networks, routing is one of the most important issues, and various protocols are proposed. However, as situations and topologies of an ad-hoc network are various and dynamic, it is difficult for a single fixed protocol to perform well for all occasions. Therefore, some dynamic and adaptive mechanism in routing protocols is necessary. In this paper, we propose an adaptive routing system for ad-hoc networks. This system begins in the same manner as a reactive protocol, and when the network situation gets unsuitable for the protocol, the system changes its manner of routing with a router-node, or a pseudo cluster-head in Cluster-based Routing, which emerges autonomously at the place of “hot spots” in the network. This paper presents its principle, design, and some preliminary experiment results. Keywords: Ad-hoc Network, Cluster-based Routing, Reactive Routing, Adaptive Network, Network Traffic Reduction.

1

Introduction

Ad-hoc networks are autonomously constructed from end-user nodes without any particular network equipments, and are expected to be used in various occasions. Among several issues to be addressed, routing is one of the most important and difficult subjects. In a basic ad-hoc network, there is no node like a router that manages composition of the whole network and performs routing. Each node must obtain routing information by itself, and determines a route according to the information. Various routing protocols for ad-hoc networks have already been devised and proposed. However, because situation and topology of an ad-hoc network changes dynamically, it is almost impossible to determine which protocol is the optimal in advance. The optimal protocol must change according to the movement of nodes, the variation of communication frequencies, etc. To solve this problem, we propose an adaptive routing system which changes the manner of routing to be suitable for the network situation dynamically. The purpose of our system is to alleviate or prevent “flooding”, in which every node broadcasts and propagates search packets, by promoting a node at a “hot X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 1–10, 2006. c IFIP International Federation for Information Processing 2006 

pro

act

ive

rou

ting

K. Tanaka, N. Matsumoto, and N. Yoshida

Call rate

2

reactive routing

Node mobility

Fig. 1. Ad-Hoc Network Design Space

spot” in the network to a router-like node, or a pseudo cluster head in Clusterbased Routing, which every other node around can ask it for routing information instead of flooding. In the following, Section 2 summarizes routing protocols for ad-hoc networks. Basic protocols, proactive ones and reactive ones, are first presented, and then some improvement including hybrid routing and Cluster-based Routing are described. Our solution proposal, an adaptive routing system, is presented in Section 3, and in 4 in details. Section 5 describes an experiment result for evaluation, and Section 6 considers some comparisons. The last section contains some concluding remarks.

2 2.1

Routing in Ad-Hoc Networks Basic Protocols

In basic ad-hoc networks, each node must obtain necessary routing information by itself. Consequently, various routing protocols have been developed, which are primarily categorized as proactive routing protocols (OLSR [1], TBRPF [2], etc.) and reactive routing protocols (AODV [3], DSR [4], etc.) As is well known, each of the proactive and reactive protocols performs well only in a limited situation regarding operational conditions and network configurations that should be covered by ad-hoc networks. Fig. 1 shows the design space of ad-hoc networks with node mobility and call rate as the two dimensions, and the approximate regions where each of these two protocols performs well [5]. If the node mobility is higher, the possibility that the route expires immediately is also higher. Therefore, the reactive protocols which builds routes only when needed are more effective than the proactive ones. On the other hand, if call rate is higher, the proactive protocols are more effective than the reactive ones in which a node must look for a route whenever it calls another. The white region in the center of Fig. 1 corresponds to network situations that neither of two basic protocols performs well.

Adaptive Router Promotion in Ad-Hoc Networks

3

R K

L

Q

G H

J

D

M

C S

N

A

F I

B E

P

O

Fig. 2. Zone Routing with 2-hops-radius Zone

2.2

Hybrid Routing

As described above, each basic protocol is suited for a different region of the adhoc network design space. In hybrid routing, each node uses different protocols by combining them into a single framework. One of the most famous hybrid routing is “Zone Routing” [6]. In Zone Routing, a proactive protocol operates within a local area which we refer to as a routing zone (intra-zone routing), and a reactive protocol (interzone routing) operates outside of that. A proactive routing protocol provides a detailed and fresh view of each node’s surrounding local topology, and finds a route to distant nodes reactively to reduce the overhead of route maintenance. Fig. 2 illustrates the routing zone concept with a 2-hops-radius routing zone. The routing zone described by a dashed circle belongs to node S, and nodes from A to H are members of S’s routing zone. Note that each node maintains its own routing zone, and the zones of neighbor nodes overlap. 2.3

Cluster-Based Routing

Cluster-based Routing, or Clustering, is the technique of dividing the nodes in the network into clusters according to a certain distributed manner [7,8]. A cluster head is elected for each cluster to maintain cluster membership information and member routing information. Cluster member nodes do not have routing information, and ask the cluster head whenever needed. Inter-cluster routes are discovered dynamically using the cluster membership information kept at each cluster head (Fig. 3).

3

Adaptive Routing

The previous section describes some protocols aiming at covering the situation that neither a pure reactive nor proactive type can work well. All the nodes keep routing information in the proactive protocols, while no node keeps routing information in the reactive ones. In this respect, These two types of the protocols stay at the opposite extremes. This fact is shown also in the above-mentioned

4

K. Tanaka, N. Matsumoto, and N. Yoshida

Cluster Head Gateway Node

Fig. 3. Cluster-based Routing

Fig. 1 that the regions which these two categories cover two extremes of the ad-hoc network space. Therefore, it can be said that a protocol which performs well in the region between two extremes in an adaptive manner is desired for efficient maintenance of routing information. Our protocol uses some (but not all) nodes to maintain routing information as shown in Fig. 4. These nodes should be placed where they are the most effective and when they are required. Namely, each node starts in the same manner as in reactive protocols where no node has routing information, and accumulate routing information when transferring routing packets. When the amount of routing information grows, it implies that the node is at a “crossroad” or a “hot spot” in the network, and neighboring nodes get benefits (from routing standpoint of view) from the node. Therefore, it should be better to make the node as “coordinator” or “router”, and make its neighbors into its cluster, so as to prevent flooding of route request packets. In this manner, this network system transforms its way of routing from reactive to pseudo cluster-based dynamically and adaptively as shown in Fig. 5. In this system, the number of the router-nodes and their locations in the network are determined adaptively according to the network traffic in a fully decentralized manner, and clusters emerge dynamically, unlike the above mentioned

reactive

proposal

proactive Node

Router-Node

* The depth of color shows the amount of routing information

Fig. 4. Axis of Routing Protocols

Adaptive Router Promotion in Ad-Hoc Networks

5

Node S search routing information to Node D D

D

Node

Router -Node S

generation of Router-Node

S

Route that Router-Node knows

Fig. 5. Emergence of Router-Node

original cluster-based routing in which clusters are pre-defined and fixed in a static manner.

4 4.1

Design Details The Initial State

The system performs routing using the reactive AODV protocol in the initial state. Each node sends HELLO packets periodically to confirm connectivity with neighbor nodes. RREQ (Route Request) packets are flooded to find routing information, and if the destination node or an intermediate node which caches routing information to the destination receives RREQ packet, it answers RREP (Route Reply) packet, and the route is built between two nodes. 4.2

Cache of Routing Information

Each node caches routing information. If communication frequency goes up, and many routes are used within a short period, the amount of these caches also increases. Each node approximates the network traffic by this amount of its cache, and if this exceeds a certain pre-defined threshold, this fact implies that the node is at a place with high call rate, or a “hot spot.” Then the node promotes itself to a router-node. Note that every node has an option whether it can be promoted or not, according to its connectivity and capacity for example. 4.3

Promotion to Router-Node

Fig. 6 illustrates the process how the node promotes itself to a router-node, and how neighbor nodes are made to ask routing information to the router-node directly so as to prevent the “flooding” cost of finding routing information. Suppose that the node C promotes itself to a router-node. C notifies the fact to its neighbor nodes using the “router notification” packet. Then, C collects routing information from its neighbor nodes. A neighbor node E has routing

6

K. Tanaka, N. Matsumoto, and N. Yoshida D B A

E (1)

dest nesthop D B 2

C

D B A

E (2)

C (3) A B C D

connection B(1),C(1) A(1),D(1),E(1) A(1),E(1) B(1)

D B

(6)

A

(5)[A,B,D]

(4) Req[D]

E

C A B C D

connection B(1),C(1) A(1),D(1),E(1) A(1),E(1) B(1)

(1) send "router notification" packet to neighbor nodes (Router-node) (2) make "topology information" packet from information on the routing table etc. and send it to router-node (Neighbor nodes) (3) make topology table from information on the recived "topology information" packet (Router-node) (4) ask the routing information with sending "shortest route request" packet (Neighbor nodes) (5) send "shortest route reply" packet in which the route (sorce route) created from the topology table is stored (Router-node) (6) send data packet with sorce route (Neighbor nodes)

Fig. 6. Promotion to Router-node

information such as “to node D, next hop is B, and hop count is 2”. Therefore, E composes this information into a “topology information” packet, and sends it to the router-node C. C also receives a similar packet from the node A. The routernode constructs a network topology table from the collected routing information which is specific to each original node. When a route request arrives to the router-node C, it composes routing information dynamically from this topology table using Dijkstra’s shortest-path algorithm. For example, when node A asks C a route to the node D, C replies the shortest route from A to D as [A, B, D]. 4.4

Search for Routing Information

Each node tries to get routing information in the following order: (1) check whether it has routing information, (2) ask to a known router-node, or (3) flood RREQ packet. The router-node does (1), and then (3); a “plain” node (who does not know any router-node) does (1), and then (3); and a neighbor of the routernode does (1), and then (2). Note that when receiving a RREQ packet from another node, each node does not carry out flooding immediately, but follows the above steps. A neighbor node which receives a RREQ from a plain node notifies the existence of the router-node to the plain node along with a reply. The plain node

Adaptive Router Promotion in Ad-Hoc Networks

7

becomes a new “neighbor” node, and the router information is propagated in this manner. 4.5

Sending and Forwarding

In AODV, routing is done in a “hop-by-hop” manner. Each intermediate node has its own routing information from itself to any known destinations. On the other hand, in router-based routing, routing information is provided from the router-node. This is a “source route” that indicates an entire route from the source to the destination. Therefore, our system implements a switching mechanism between the two types of routing. A packet header contains a special flag, and nodes perform appropriate routing based on this flag. This is an application of Active Networks [9]. 4.6

Update of Routing Information

The routing information in the router-node does not expire unless it is reported obsolete. If the router-node itself or any of its neighbors finds a change in network connectivity, the routing information is updated. Any new routes will possibly be reported to the router-node as well. 4.7

Demotion of Router-Nodes

A router-node monitors accesses to itself, and when the access rate decreases under a certain threshold, it demotes itself to a plain node. It still keeps all the routing information, and replies when asked just like the (volatile) cache in a plain node. Its neighbors stop asking routing information to it directly, and go back to use the reactive protocol. The threshold for demotion is set much lower compared to the promotion threshold so as to prevent racing (or thrashing).

5

Simulation and Experiments

We have implemented a simulator of our protocol system for design verification and preliminary performance evaluation. It is implemented in Java. The schematic outline of the node implementation is shown in Fig. 7. Each node has two modes of operations: “Normal Agent” and “Routing Agent.” The former implements protocols for the plain node operations, and the latter for the router-node operations. Due to the limit of the space, here we present just one result out of experiments performed on the simulator. Some parameters for the experiment are: the number of nodes is 50, the number of node connection is between 1 to 4 randomly, and the threshold of the cache amount for promoting to a router-node is 15. The simulator generates request packets from a randomly-chosen source to a randomly-chosen destination. Fig. 8 shows transition of the total amount of packets in the network. The solid line is of our system, while the dotted line is of a typical reactive protocol

8

K. Tanaka, N. Matsumoto, and N. Yoshida

Node Port Classifier

Normal Agent data packet

addressed to itself Routing Agent is attached to port 255

Node Entry Addr Classifier

Routing Agent (AdaptiveAgent)

Router-Node Flag addressed to anyone else

false

true

Node Operatoin Protocol Router-Node Operation Protocol

transmit the packet through wireless connection

LinkLayer

Mac Layer Channel

Fig. 7. Outline of Node Implementation

"adaptive" "AODV"

1000

Packet

800 600 400 200 0 0-10 10-20 20-30 30-40 40-50 50-60 60-70 70-80 80-90 90-100 Time[min]

Fig. 8. Experiment Result

AODV. The amount of packets, or network traffic, in our system drastically reduces from the moment of “20-30 (virtual) minute”, while the traffic in AODV stays high. Some router-nodes emerge at the same moment as “20-30 minute,” so the reduction of traffic is considered brought by the router-nodes. We also observed that the number of emerging route nodes is 2 to 4, which is sufficiently fewer than the number of all nodes (50).

6

Considerations

Our system is considered to have some advantages. First, we compare it with the two basic protocols (reactive and proactive ones). In our system, routing information is managed only on router-nodes. This reduces managing overhead compared to the proactive protocols. On the other hand, neighbor nodes of a

Adaptive Router Promotion in Ad-Hoc Networks

9

router-node ask routing information only to the router-node directly instead of flooding RREQ packets. This reduces network traffic significantly compared to the reactive protocols. These mean that, from the route maintenance and network traffic standpoints of view, our systems is positioned somewhere between the proactive protocols and the reactive ones, and expected to work efficiently in such network situations as neither of the two basic protocols works well. Next comes some comparisons with hybrid routing and Cluster-based Routing. Hybrid routing is another integration of the two basic protocols. Its manner of integration is static and fixed, therefore hybrid routing cannot be adaptive to dynamic network situation. Moreover, Hybrid routing has overlaps of proactive routing zones, and causes more managing overhead of routing information than our system. In Cluster-based Routing, subordinate nodes and cluster-heads work using different routing protocols, and only the cluster-heads have routing information of its clusters. In this sense, our system is similar to the clusterbased routing. However, clusters and their heads must be defined beforehand, it makes network design difficult, and cluster-based routing cannot be adaptive to dynamic network situation. For example, if a cluster-head disappears, a new one must be selected by hand, and the clusters must be re-organized. In our system, if a router-node disappears, its surrounding nodes go back to employ the reactive protocol. Moreover, in the cluster-based routing, every routing must pass through cluster heads, whereas in our system, once the shortest path is found, routing need not pass through any router-node. We are now at the starting point of this research on adaptive dynamic protocols, and one of the most important issues to address next is collaboration of several router-nodes. We are now investigating, and the below show an outline of the design idea. To collaborate, each router-node must first know other routernodes. Any node who gets to know more than one router-nodes during its routing notifies all the router-nodes. The router nodes get to know the others, and also routes to them in this manner. When a router receives a RREQ packet to an unknown node, It forwards the packet to other routers for inter-cluster routing. We may consider emergence of any super-router-node among router-nodes, similar to IXs in the Internet routing.

7

Concluding Remarks

In this research, we designed an adaptive routing in ad-hoc networks. This system can cover the situation where neither of two basic protocols (reactive and proactive ones) work well by maintaining routing information efficiently. It can adapt to the network situation dynamically by changing its routing manner. We implemented a simulator of our design, and showed that it works efficiently. Further studies include function enhancement. Among them, we are investigating applying the zone concept to our system. In the current design, routing information of the whole network might be accumulated at each router-node in an extreme situation. This unwanted phenomena will be prevented if a routernode has a zone (or a scope) so that it only maintains routes within its zone.

10

K. Tanaka, N. Matsumoto, and N. Yoshida

Acknowledgments This research was supported in part by JSPS in Japan under Grants-in-Aid for Scientific Research (B) 17300012, and by MEXT in Japan under Grants-in-Aid for Exploratory Research 17650011.

References 1. 2. 3. 4.

5.

6.

7.

8.

9.

http://www.ietf.org/rfc/rfc3626.txt http://www.ietf.org/rfc/rfc3684.txt http://www.ietf.org/rfc/rfc3561.txt Johnson, D., Maltz, D., Hu, Y., Jetcheva, J.: The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks. IETF MANET Internet Draft, draft-ietf-manet-dsr09.txt (2001) Samar, P., Pearlman, M. R., Hass, Z. J.: Hybrid Routing: The Pursuit of an Adaptable and Scalable Routing Framework for Ad Hoc Networks. in Ad Hoc Wireless Networking (Cheng, X. et al. eds.) Kluwer (2003) 529–560 Hass, J. Z., Pearlman, M. R., Sammar, P.: The Zone Routing Protocol (ZRP) for Ad Hoc Networks. IETF MANET Internet Draft, draft-ietf-manet-zone-zrp-03.txt (2002) Jiang, M., Li, J., Tay, Y. C.: Cluster Based Routing Protocol (CBRP) Functional Specification. IETF MANET Internet Draft, draft-ietf-manet-cbrp-spec00.txt (1998). Niegverg, T., Dulman, S., Havinga, P., Hoesel, L. v., Wu, J.: Collaborative Algorithms for Communication in Wireless Sensor Networks. in Ambient Intelligence: Impact on Embedded System Design (Baston, T., et al. eds.) Kluwer (2003) 271–294 Wetherall, D.: Active Network Vision and Reality. Proc. 17th ACM Symp. on Operating System Principles (1999)

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks* Jiujun Cheng1,2, Yuhong Li2, Weiwei Jiao2, and Jian MA3 1

College of Electronics & Infromation Engineering, TongJi University, No. 4800 Cao An Road, 201804, Shanghai, China 2 State Key Laboratory of Networking & Switching Beijing University of Posts & Telecommunications, 100876, Beijing, China 3 NOKIA Research Center, 100013, Beijing, China [email protected]

Abstract. In P2P network, there are a considerable proportion of free riders, which contribute nothing or little to the P2P system but obtain resources from the system. In order to address this problem, we present a utility-based auction cooperation incentive mechanism in the P2P network. Our approach is that before communicating with destination peer, the source peer first demands peers to auction their utilities, and then select the maximum utility as its destination peer, and gives some benefit to it, at the same time, gives some punishment to the liars. By using this mechanism, the more the peers contribute to the system, the more utility the peers can obtain, and therefore, the more benefits the peers can gain from the system. The experiment results show that the incentive mechanism assures the justice of gaining benefits for different kinds of peers in the system, and hence, controls the free riders effectively, and improves the whole performance of the P2P network. Keywords: P2P, Free riders, BitTorrent, Auction, Incentive mechanism .

1 Introduction In most P2P network, the incentive mechanism is lacked for promoting the peers to contribute more resources to the system. It results in more and more peers in the P2P system do nothing for the system but gain more benefits from the system. This kind of peers is called free riders[1]. The so called free riders are those peers who themselves do not supply any resources to the system but can obtain resources from the P2P system. The data in [2] shows that, in Napster system, about 40 - 60% of the peers share only 5 - 20% of the shared files, and 20-40% of peers share little or no files. In Gnutella system, as high as 25% of the peers do not share any files. Furthermore, about 75% of the clients share 100 files or less, whereas only 7% of the clients share * Supported by

the Projects "QoS Guarantee in Hetergeneous Wireless Networks ", funded by the Chinese Ministry of Education for Returnee of Studying Abroad; NOKIA-BUPT The National Basic Research Program of China (No. Cooperated Project (2004-2006); 2003CB314806).

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 11 – 21, 2006. © IFIP International Federation for Information Processing 2006

12

J. Cheng et al.

more than 1000 files. The fact illustrates that in spite of claim that every peers is both a server and a client in the P2P system, a large percentage of peers rely on a small percentage of servers. Free riders can possibly obtain 20% of the maximum downloading rate in the BitTorrent [3] system. [4] proposes a rank-based peer-selection mechanism for Peer-to-Peer media streaming systems. The mechanism provided the incentives for the cooperation through service differentiation. The free riders are given limited options in the peer selection. If a free rider gets any chance for downloading, it can only receive a few pieces of the media with low quality. [5] adopts ideas from Game Theory to study the interaction of strategic and rational peers, and proposes a differential service-based incentive scheme to improve the system’s performance. [6] describe a simple Selfish Link-based Incentive(SLIC) mechanism for the unstructured P2P file sharing systems. It creates an incentive model for exchanging service better. In this model, the peers can encouraged to share more data, and give more capabilities to handle other peers’ queries, as well as establish more connections to improve the P2P overlay network. In this paper, we present a new and challengeable incentive mechanism based on utility, which is different from the mechanisms involved above. By using the mechanism, the more the peers contribute to the system, the more utility the peers can get, and consequently have more chance to win in the system and obtain more benefits. At the same time, it can promote more peers to do their best to contribute to the system, and control the free riders effectively. The remainder of the paper is organized as follows. In section 2, the free riders of the BitTorrent system are analyzed. In section 3, a utility-based auction cooperation incentive mechanism in P2P network is presented. The performance analysis and simulation results are depicted in section 4. Finally, conclusion are made in section 5.

2 Free Riders in BitTorrent The idea of optimistic unchokingin BitTorrent’s choking algorithm[7,8] shows that, at all times, a BitTorrent peer has a single ‘optimistic unchoke’, which is unchoked regardless of the current download rate from it. According to this, free riders can get an opportunity not uploading but downloading. Therefore, “optimistic unchoking” algorithm is unfair for the modem-like peers, the reason is that though this kind of peers do their best to contribute to P2P system, each peer keeps connection with the peers providing maximum uploading, thus, they obtain benefits from the system through optimistic unchoking for a period of time, and the chance for obtaining the benefits is the same as free riders. If free riders are the ADSL-like peers, the benefits they obtained is n times the size of that of modem-like peers, where n ≥ 7 . In BitTorrent system, there are three kinds of peers we discuss, they are respectively ADSL-like, modem-like, and free riders (assume that they are ADSL-like peers). According to the different number of peers and the different proportion of three kinds of peers in P2P system, we discuss respectively the download process of three kinds of peers. Here, assume that the uploading velocity and downloading velocity of three kinds of peers are respectively as follows, for free riders, the former is 0KB/s, and the latter is 64KB/s; for modem-like peers, both of them are 7KB/s; and for ADSL-like peers, they are both 64KB/s. In addition, assume that the size of files downloaded by all peers in P2P system is 10MB.

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks

13

During the downloading, peers leave the system with a probability of Normal distri bution N ( μ , σ 2 ) [9], where, μ is the positional parameter in Normal distribution, and σ describes the degree of dispersion of data distribution in Normal distribution. Two different kinds of experiment scenarios, including 10 (free riders)-20 (Modem)-20 (ADSL), and 80 (free riders)-100(Modem)-100(ADSL) are selected respectively to describe the download process. Where, the abscissa (X axis) indicates the downloading time, the unit is second, and respectively get value of three different kinds of peers at intervals of 200 seconds. The ordinate (Y axis) denotes the total data downloaded by different types of peers, and its unit is KB. 2.1 Experiment 1

In this experiment, assume that the total number of peers is 50. Among them, the number of free riders is 10, and the number of ADSL-like peers and Modem-like peers are both 20. According to the idea of optimistic unchoking in BitTorrent system, the download process of three different kinds of peers can be seen from figure 1. Here, all of the peers start to download at the same time and the initial values are zero. In figure 1, it can be seen that before free riders have finished downloading, the total data downloaded by free riders is always several times as much as that of modem-like peers at the same moment. Obviously, it is unfair for the modem-like peers trying their best to contribute to the system.

Fig. 1. The download process of three kinds of peers in the system with 50 peers

2.2 Experiment 2

Assume that the total number of peers is 280. Among them, the number of free riders is 80, and the number of ADSL-like peers and Modem-like peers are both 100. According to the idea of optimistic unchoking in BitTorrent system, the download process of different kinds of peers is shown as figure 2. The time that ADSL-like

14

J. Cheng et al.

peers have finished downloading is 10,600s, and the total data downloaded is 1.024E6 KB; the time needed by free riders is 10,400s, and the total data downloaded is 819,200 KB; the time needed by modem-like is 16,600s, and the total data downloaded is 990,208 KB.

Fig. 2. The download process of three kinds of peers in the system with 280 peers

In this experiment, the ADSL-like peers and the modem-like peers would leave the system with the probability of N ( μ , σ 2 ) Normal distribution, and this leads to the total data downloaded less than 100x10 MB when they have finished downloading. Similarly, from figure 2, it can been that before free riders have finished downloading, the total data downloaded by free riders is several times as much as that of modem-like peers at the same moment. Obviously, it is unfair for the modem-like peers trying their best to contribute to the system. 2.2 Experiment 3

Assume that the number of peers is 280 in the two different P2P systems. In one system, there are 80 free riders, 100 ADSL-like peers, and 100 modem-like peers; and in the other system, there are 180 ADSL-like peers, and 100 modem-like peers. The difference between system 1 and system 2 is that system 1 has more 80 ADSL-like peers providing uploading than system 2 has. Figure 3 describes the throughput of the two different systems. During the initial 1000 seconds, the throughput in system 2 is far more than that in system 1. Next, the throughput in the two systems is more nearer, it shows that some peers in system 2 would only provide uploading after they have finished downloading. When the downloading time reaches 11,700s, the throughput in system 2 closes to zero, at the moment, system 2 has finished downloading. However, the download process in system 1 has to persist 16,600s. The end of download process in system 1

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks

15

Fig. 3. The throughput of the two different systems

has later 4,900s than that in system 2, the reason is that what free riders only do is downloading but not uploading, it obviously affects the whole performance of P2P network.

3 Utility-Based Auction Cooperation Incentive Mechanism In this section, we discuss a utility-based auction cooperation incentive mechanism in P2P network to resolve the questions described above. The purpose of this incentive mechanism is that the more peers contribute to the system, the more utility the peers can get, and this makes them win in the competition, and consequently obtain more benefits, at the same time, those peers who are cheating during auctioning will be punished. Assume that all peers in P2P system share the same file, namely, the homogenous P2P network (here, the homogenous P2P network means that all peers which share the same file compose of a P2P network). Assume that there are N peers in P2P network, they are respectively P1 , P2 ,  , PN ,

Pi which downloads different pieces from other peers, and B (i, j ) denotes the cost paid by peer Pi downloaded pieces from peer Pj , if

and B(i) is the total cost paid by peer

peer

Pi takes no interests in peer Pj , then B(i, j ) is 0 , in the same way, for all peers

Pi , B (i, i) is 0 . Therefore, the total cost B(i ) paid by peer Pi is given by B (i ) =

N

N

j =1

j =1

¦ B (i , j ) = ¦ d ( j ) D ( j )

(1)

Where, d ( j ) is the cost paid by a peer for uploading or downloading a piece;

D ( j ) denotes the size of resource that peer Pi contributes to peer Pj .

16

J. Cheng et al.

Likewise, when a peer supplies resource to many peers in the system, the benefit that the peer obtains is assumed as C(i) , where, C (i, j ) denotes the income obtained by peer

Pi which supplies resource to peer Pj , if peer Pi isn’t interested in peer Pj ,

then C (i, j ) is 0 , in the same way, for all peers income C (i ) obtained by peer

Pi , C (i, i ) is 0 . Thus, the total

Pi is given by

C (i ) =

N

N

j =1

j =1

(2)

¦ C (i , j ) = ¦ d ( j ) M ( j )

Where, M ( j ) denotes the size of resource that peer Assume that U (i) is the utility of peer

Pi contributes to peer

Pj .

Pi participating in the competition,

R(i) denotes the rewards of peer Pi after it supplied resource to the system, then the utility U (i ) of peer

Pi is as follows: U (i ) = − B (i ) + C (i ) + R(i )

(3)

Initially, all peers’ utilities U (i )(1 ≤ i ≤ N ) are zero, namely, peers not only upload nothing, but also download nothing. In P2P network, the communication between peers is classified as two kinds, one is the direct communication between peers, such as the communication after searching through Gnutella protocol; the other is the communication between peers through a few intermediate transmitting peers, such as in Ad Hoc network. We analyze respectively the incentive mechanism between peers for the two situations involved. 3.1 The Incentive Mechanism on the Direct Communication Between Peers Definition 1. In the homogenous P2P network, if peer A and peer B can communicate directly with each other without any intermediate transmitting peers, then we call that 0

peer A and peer B form a 0-related adjacent grouped pair, and mark it as A ~ B . A source peer downloads directly data from many destination peers is the same as many source peers download directly data from a destination peer. Here, we consider only the former. Before communicating with destination peers, the source peer firstly demands destination peers to mark their utilities when they participate in this competition, they are respectively U(1),U(2),,U(k) , which is used to win in the competition and finally communicates with the source peer. Initially, U (i )(1 ≤ i ≤ N ) are all zero, and the source peer decides to select the superior destination peer to communicate with it according to the uploading velocity which the destination peers provide. In order to promote more peers to contribute to the P2P system, it needs to give rewards for the peer supplying the sharing resource, and it is assumed as R(i) , where,

R(i) is the difference value between the maximum utility U max and the hypo' , that is: maximum utility U max

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks ' R(i ) = U max − U max

At the moment, the utility

17

(4)

U ' (i ) of destination peer is given by U ' (i ) = U (i ) + R (i )

(5)

According to the formula (5), if U ' (i) < U (i) , that is R(i ) < 0 , it shows that the peer wins in the competition is an dishonest one. In order to win the competition, the peer deliberately bids up its utility U (i ) , and consequently makes its utility be higher than the actual maximum utility U max among the destination peers. According to (4), the actual rewards it obtained is minus, thus, the source peer won’t communicate with it, and gives it corresponding punishment, namely, subtracts the utility U (i ) of peer from R(i ) , thus, the utility U ' (i ) of the dishonest peer is given by

U ' (i) = U (i) − R (i)

(6)

if U ' (i ) > U (i ) , that is R(i ) > 0 , it shows that the peer wins in the competition is an honest one, thus, the source peer will communicate with it, and the utility U ' (i ) of the destination peer can be given by

U ' (i) = U (i ) + C (i ) + R(i )

(7)

In addition, the utility U ' ' (i) of source peer is given by

U ' ' (i ) = U (i ) − B(i )

(8)

When the source peer and the destination peers all have new utilities, they begin to enter into next competition. 3.2 The Incentive Mechanism on the Communication Between Peers Through Intermediate Transmitting Peers Definition 2. In the homogenous P2P network, if the communicate between peer A and peer B need intermediate transmitting peers, and the relations among them are: 0

0

0

0

A~I1, I1 ~I2,, I j ~I j+1,, Ik ~B, then we call that peer A and peer B form a kk

related adjacent grouped pair, and mark it as A ~ B . In wireless network, the communication between two peers maybe need one or more intermediate transmitting peers, in order to promote more peers contribute to the P2P system, the utility auction are used to select the optimal path during the router selection. We adopt the P2P searching protocol to find all destination peers, and form a network topology. Here, we consider the source peer downloading from destination peers, and the router selection process starts from destination peers, the concrete algorithm describes as follows: (1) At first, the destination peer demands its adjacent peers to mark their utilities when they participate in this competition, they are respectively U(1),U(2),,U(k) ,

18

J. Cheng et al.

which is used to win in the competition and finally communicates with the destination peer, and the process of competition is described in section 3.1. Assume that the winner of this competition is Pj , and it is also used as the source peer in the next competition. Because the intermediate transmitting peers upload data, and at the same time they download data, therefore, the costs of both of them are '

counteracted. The utility of Pj is U ( j ) :

U ' ( j ) = U ( j ) + R( j )

(9)

where, U ( j ) denotes the utility of Pj participating in this competition, R( j ) is the rewards of peer Pj . Here, it also assures that the intermediate transmitting peers with the honest deed participate in the competition. The winner peer Pj and the destination peer B are placed into the optimal router set V, and the set V is {Pj , B} ; (2) The process of the peer Pj selecting the next optimal peer is the same as (1), that is to say, peer Pj selects the maximum utility peer as transmitting peer from its adjacent peers, and the peer will obtain some rewards as a return, and then place it to the optimal router set V; (3) Repeat the process (2), and place all the peers which are up to the mustard into the optimal set V, until the source peer is reached; (4) The set V is the optimal path from the source peer to the destination peers.

4 Performance Analysis and Experiment Results In this section, to those different scenarios described in section 2, we analyze the differences in each scenario before and after the incentive mechanism is applied. Where, we only consider the direct communication among peers. The download processes of different types of peers are shown in figure 4 and figure 5. In figure 4, the download processes of 50 peers (among them, 10 are free riders, 20 are modem, and 20 are ADSL) are described before and after the incentive mechanism is applied. After the incentive mechanism is applied (denoted by 0-20-20 in figure 4), the free riders have not obtained any utility during the competition, since they have not made any contribution to the system. Therefore, during the whole downloading, the data quantity received by the download processes of ADSL-like peers and modem-like peers have changed greatly. For the ADSL-like peers, the download time decreases from 1400s to 1000s after the utility-based incentive mechanism is adopted. And for the modem-like peers, the data quantity used the incentive mechanism is always more than that without using the incentive mechanism. The reason for such phenomena is that only ADSL-like peers and modem-like peers participate in the competition during the downloading after the incentive mechanism is applied. Because the upload rate of ADSL-like peers is n( n ≥ 7) times as much as that of modem-like peers, ADSL-like peers obtain

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks

19

Fig. 4. The download processes of three types of peers in the system with 50 peers before and after the incentive mechanism is applied

greater utility value than that of other peers and have more chance to win in the competition. Hence, the time used for downloading is shorter. At the beginning, only when modem-like peers do not compete with ADSL-like peers for the same data, they have the chance to win. When ADSL-like peers have finished downloading completely, only modem-like peers alone exist in P2P system. Thus, compared with before the incentive mechanism is applied, the total data downloaded by the modem-like peers has increased evidently, and during the downloading, the leaving probability of modem-like peers decreases obviously. When

Fig. 5. The download processes of three types of peers in the system with 280 peers before and after the incentive mechanism is applied

20

J. Cheng et al.

the system download process finished, the total data downloaded by modem-like peers is nearly up to 200MB. In figure 5, the download processes of 280 peers (among them, 80 are free riders, 100 are modem, and 100 are ADSL-like peers) are described before and after the incentive mechanism is applied. After the incentive mechanism is applied (denoted by 0-100-100 in figure 5), the total data downloaded by the free riders always keeps zero during the whole downloading. Before the incentive mechanism is adopted, the time that ADSL-like peers have finished downloading is 10,600s. However, after the incentive mechanism is applied, the time decreased to 3,400s, which is less than one third than that before. And for the modem-like peer, before the incentive mechanism is applied, the time needed to finish downloading is 16,600s and the total data downloaded is 990,208KB; after the incentive mechanism is applied, the time needed is 9,200s and the total data downloaded is 1,024,000KB. From figure 5, it can be seen that during the initial period of download, the total data downloaded by ADSL-like peers occupies a high percentage, while in the same processes, the data downloaded by modem-like peers occupies a lower percentage. When all the ADSL-like peers finish downloading, the number of the seeds in the P2P system increases accordingly. Meanwhile, only modem-like peers alone participate in the competition in the system, thus, the total data downloaded by modem-like peers rises sharply. When all the modem-like peers have finish downloading, the total data downloaded is nearly up to 100x10MB.

5 Conclusion According to the idea of optimistic unchoking of BitTorrent, the free riders in the P2P system have the same chance for obtaining the benefits as other modem-like peers, it is unfair for the modem-like peers who do their best to provide maximum uploading velocity for the system. In this paper, we first discussed the two scenarios on the download process of three different kinds of peers, and the simulation results show that the free riders affect not only the downloading time but also the total data downloaded for other peers. Based on the discussion, a utility-based auction cooperation incentive mechanism in P2P network is then proposed. By using this mechanism, the more the peers contribute to the system, the more utility the peers can get, and consequently they have more chance to win in the system, and obtain more benefits. This mechanism can control the free riders effectively, and avoid the peers’ vicious deed. The simulation results demonstrate that the performance of ADSL-like and modem-like peers is improved obviously after adopting the proposed incentive mechanism, which assures the justice of different kinds of peers. And this mechanism can promote more peers to do their best to contribute to the system, and act as servers, and it can improve the whole performance of P2P network.

References 1. E.Adar and B. Huberman. Free riding on gnutella. First Monday, 5 (10), October 2000. 2. Stefan Saroiu, P.Krishna Gummadi, Steven D. Gribble. A Measurement Study of Peer-toPeer File Sharing Systems. Multimedia Computing and Networking 2002 (MMCN’ 02).

A Utility-Based Auction Cooperation Incentive Mechanism in Peer-to-Peer Networks

21

3. Dongyu Qiu and R.Srikant. Modeling and Performance Analysis of BitTorrent-Like Peer-toPeer Networks. ACM SIGCOMM, Aug.30-Sept.3, 2004. 4. Ahsan Habib and John Chuang. Incentive Mechanism for Peer-to-Peer Media Streaming. 2004. IEEE. 5. Chiranjeeb Buragohain, Dibyakant Agrawal and Subhash Suri. A Game Theoretic Framework for Incentives in P2P System. Proceedings of the Third International Conference on Peer-to-Peer Comptuting (P2P’03). 2003. IEEE. 6. Qixiang Sun, Hector Garcia-Molina. SLIC: A Selfish Link-based Incentive Mechanism for Unstructured Peer-to-Peer Networks. Proceeding of the 24th International Conference on Distributed Computing Systems (ICDCS’04). 2004. IEEE. 7. http://bittorrent.com/. 8. B ram Cohen, Incentives Build Robustness in BitTorrent. Bitconjurer.org/BitTorrent, May 22, 2003. 9. Weizongshu, Probability Theory & Mathematical Statistics [C], China Higher education press, 1997.

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices MinHwan Ok1, Daegeun Kim2, and Myong-soon Park1,* 1

Dept. of Computer Science and Engineering / Korea University Seoul, 136-701, Korea 2 Network division, Mobile Communications / LG Electronics Gyeonggi, 431-749, Korea [email protected], *[email protected]

Abstract. Mobile devices have difficulty in sustaining various services as in a wired environment, due to the storage shortage of the mobile device. The research[8] which provides remote storage service for mobile appliances using iSCSI has been conducted to overcome the storage shortage in mobile appliances. In research the proposed cache server performed well with relatively small files of sizes, however, did not perform well with large files such as database files, multimedia files, etc. The reason was the mobile device could not grasp the file as a whole and thus the cache server encountered frequent cache miss in spite of its huge buffer. In this paper we propose a proxy server that accommodates large files for mobile devices thus attains very high hit ratio.

1 Introduction Mobile appliances are going to widen their region as years go. Many Efforts are performed to apply wire network environment services, which need large amount of storage space, such as multimedia and databases, to mobile appliances in wireless network environment. However, mobile appliances should be small and light to support mobility, so they use a small flash memory instead of a hard-disk of large data space. In the case of PDAs, these are usually equipped with RAM in size of 64~128MB. Cell-phones or smart phones permit smaller memory space. Therefore, there is difficulty preserving multimedia data such as mpg, mp3, etc. and installing large software such as database engines or using database. For mobile appliances limited storage space has been a barrier in applying various services of the wired environment. As a result, the shortage has driven development of remote storage services for mobile appliances, which can store large amounts of data, or provide various application services [5,8]. The bandwidth of wireless networks, which mobile devices use, is usually lower than those of wire networks. If the purpose of the remote storage service is to extend *

Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 22 – 31, 2006. © IFIP International Federation for Information Processing 2006

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices

23

individual storage space for mobile appliances without data sharing, block-level I/O service is more suitable. iSCSI is a standard protocol that transports SCSI command. This is a representative block I/O through TCP/IP network. However, iSCSI has a problem that I/O performance drops sharply if network latency increases between iSCSI initiator and target. For the environment iSCSI-based remote storage service is applied to mobile appliances, we have achieved a breakthrough against the problem of iSCSI performance falling rapidly accordingly the mobile client recedes from the storage server and network latency increases[8]. The proposed cache server performed well with relatively small files, however, did not perform well with large files such as database files[1], multimedia files, etc. The reason was the mobile device could not grasp the file as a whole and thus the cache server encountered frequent cache miss in spite of its huge buffer. In this paper we propose a proxy server that accommodates large files for mobile devices thus attains very high hit ratio. In Sec. 2, we discuss the iSCSI basic operations to explain the reason why iSCSI performance drops down when distance between iSCSI initiator and target gets long. In Sec. 3, we propose ways to heighten hit ratio of iSCSI blocks through the proxy server, and present system architecture and a block management algorithm. We show and analyze simulation results with NS2 in Sec. 4. We conclude and describe the contribution in Sec. 5.

2 Background 2.1 iSCSI The iSCSI (Internet Small Computer System Interface) is an emerging standard storage protocol that can transfer a SCSI command over IP network [5]. Since the iSCSI protocol can make clients access the SCSI I/O devices of a server host over IP Network, a client can use the storage of another host transparently without the need to pass through a server host's file system[6]. In iSCSI layer, which is on top of TCP layer, common SCSI commands and data are encapsulated in the form of iSCSI PDU (Protocol Data Unit). The iSCSI PDU is sent to the TCP layer for the IP network transport. Through this procedure, a client who wants to use a storage of the remote host, can use, because the encapsulation and the decapsulation of SCSI I/O commands over TCP/IP enable the client to access a storage device of the remote host directly [3]. Likewise, if we build a remote storage subsystem for mobile appliances based on iSCSI protocol, mobile clients can use the storage of a server host directly, like their own local storage. It enables mobile appliances to overcome the limitation of storage capacity, as well as the ability to adapt various application services of wired environment in need of mass scale data. Differently from the traditional remote storage subsystem, in file-level I/O service, iSCSI protocol provides block-level I/O. Thus it can make more efficient transmission throughput than the traditional remote storage subsystems, like CIFS and NFS. Fig. 1 shows the exchange sequences of control and data packets in the read and write operation of iSCSI protocol [9, 10]. iSCSI exchanges the control packets (SCSI Command, Ready to Transmit, SCSI Response) and data packet (SCSI Data) to process one R/W operation.

24

M. Ok, D. Kim, and M.-s. Park Initiator Write Command

Protocol Data Unit

SCSI Write Cpmmand Ready to Transmit

Target Queue Command Prepare Buffers Send R2T

SCSI Data

Write Command Complete

SCSI Response

Status and Sense

Read Command

SCSI Read Command

Send Data

SCSI Data Read Command Complete

SCSI Response

Status and Sense

Fig. 1. iSCSI Basic Operation

Three control packets and one data packet are used in a write operation and spend 2 x RTT(Round-Trip Time). It takes 2 control packets and 1 x RTT for a read operation. Because the control packet, including header information, is no more than 48 bytes, bandwidth waste becomes big when the initiator recedes a little from the target. Therefore, the distance between iSCSI initiator and target, and the network latency influence iSCSI I/O performance. 2.2 Previous Works Access from mobile devices to remote storage should be provided by a specific server. A storage server equipped with a vast capacity of storage devices has been developed[5] and it serves its storage volume to mobile devices on block-level I/O. Block service[2] provides necessary blocks of an opened file to the mobile device and updates corresponding blocks when modification occur. In developing the system we found that when iSCSI was applied to mobile appliances, iSCSI I/O performance fell rapidly if a iSCSI client had moved from the server to a far away location. One way to alleviate this problem is to reduce the communication count between the mobile device and the storage server. iCache[4] is a research to improve iSCSI performance with local cache installed in the client system. Initiator’s system has specific cache space for iSCSI data, and iSCSI block data are cached to minimize network block I/O. Therefore, iSCSI does not send I/O requests through the network every time the disk I/O happens. Instead it reads cached blocks or send blocks cached in LogDisk at once to the server for improving iSCSI performance. However it is difficult to apply iCache to mobile devices which lack memory, because iCache needs additional cache memory and hard-disk space to embody the local cache, NonVolatile RAM and LogDisk, respectively. The other way is to intervene between remote storage and mobile devices without adding internal storage into mobile devices. A cache server is introduced to shorten latency between the mobile device and the storage server[8], by prefetching next blocks and acknowledging block-recording early.

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices

Initiator

Target Comman

Intermediate Target

Initiator Comma

d ‘Write’

25

Target

nd Writ e

Response Time

DATA e Respons

Comman

Response Time

Ready

Ready

DATA Response Comman

d Read

DATA d Read

DATA

L

Fig. 2. Direct Communication between iSCSI Initiator and Target

A

B

Fig. 3. Reduced Response Time by Intermediate Target

Fig. 2 and Fig. 3 show that response delay times are different when the iSCSI Initiator and Target communicate directly with each other, and when put with an iSCSI cache server. Three control packets should be exchanged to process a write command and two control packets for a read command. If the distance between initiator and target could be shorten, iSCSI I/O response time would be reduced. If the end nodes’ processing delay of an iSCSI packet is ignored, response delay time is reduced by A/L when introducing an Intermediate Target as shown in Fig. 3. The cache server is proposed to eliminate communication delay over wired links. Aggregating each next block and accessing on only block-level has a profit of small space requirement in the cache server, however it loses high hit ratio for mobile devices when an open file is so large that the application does not load the file as a whole. Database is a good example. In this paper we propose a relay system that is proxy for the storage server toward high hit ratio.

3 Ubiquitous Storage Proxy In our previous work[8], we introduced a cache server which acts as an intermediate target for mobile devices. In this work, a strategy of the block management algorithm, caching next blocks, is amended to cache a whole file which bears requested blocks. We assume the following three factors to simplify the problem. − Supposing a distributed storage server environment, iSCSI cache server spread over wide areas. A mobile client is connected with the nearest iSCSI cache through an iSNS(Internet Storage Name Server)[3]. − As transmission distance increases, propagation delay of physical media, and the sum of the queuing delay of intermediate routers increases. − iSCSI latency includes propagation delay by distance, queuing delay and transmission delay by bandwidth, and ignores processing delay of end nodes.

26

M. Ok, D. Kim, and M.-s. Park

3.1 iSCSI Proxy Server In an iSCSI based remote storage service for mobile nodes, when a mobile node changes its service cell the distance between iSCSI initiator and target may be prolonged and packet transfer time can increase. In section 2, we showed that the SCSI command is processed sequentially in SAM-3 [7] and iSCSI basic operations need an exchange of several control packets to process one command. Because small control packets of the iSCSI protocol influence iSCSI response time, if the distance between the server and the client is long, the link utilization drops sharply and iSCSI performance becomes low. A proxy server intervenes between the storage server and a mobile device to reduce the packet transfer delay time and to heighten practical utilization of the network bandwidth. The nearest proxy server from mobile client is selected by iSNS and then the mobile device accesses remote storage via the proxy server, which also has an iSCSI connection with a remote storage server. The proxy server prefetches a whole file to be used by the mobile device for iSCSI read operations and gives immediate responses for iSCSI write operations. Therefore, response delay time of an I/O request shortens because the client has an iSCSI connection with a nearby proxy server, instead of a long-distant storage.

Fig. 4. The mobile device edits a file via the proxy server

The strategy in caching is to prefetch the file as a whole that bears requested block. Fig. 4 illustrates read operations in the strategy. When a mobile device has requested a block opening a file A, the Storage Proxy, the iSCSI proxy server, relay the request to the Storage Server, where the files actually resides, and relay delivered requested block to PDA, the mobile device. We call this explicit block delivery as ‘Foreground Block Stream’. As soon as the requested block delivered the Storage Server initiate loading the file of requested block into its local disk through its iSCSI buffer. The Storage Proxy has a size limit in initiating loading according to its capacity of storage devices attached. We call this implicit block delivery as ‘Background Block Stream’, and this stream uses idle resource of Storage Proxy’s network interface. In the Fig. 4, file A is loaded as a whole thus the PDA requests any block in the loaded file, while some blocks of file B is delivered from the Storage Server as file B is still being loaded.

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices

27

Fig. 5 illustrates write operations in the strategy. When a mobile device has requested recording a block, the Storage Proxy sends response to PDA then relay the request to the Storage Server. If the file should be flushed, closing a file A for example, the block is added to ‘Background_List’ and the blocks in the list are delivered by Background Block Stream. The Storage Proxy periodically delivers blocks in the list and the Storage Server records the blocks delivered by Background Block Stream. If handover occurs, the mobile device wait until block recordings are completed by file closing to open the same file via another Storage Proxy. In this special case, the blocks are delivered by Foreground Block Stream.

Fig. 5. The proxy server updates a file modified by the mobile device

3.2 Proxy Architecture Fig. 6 shows a module diagram of UbiqStor service. A proxy server consists of iSCSI initiator, target, and block management module. The proxy server has two iSCSI connections. One is a connection between the proxy server and a mobile device and the other is a connection with the storage server. The target module has an iSCSI session with a mobile device's iSCSI initiator and the initiator module has one with the iSCSI target module of the storage server. Two modules perform the same role, such as general iSCSI Target/Initiator module. However, the first iSCSI connection between mobile client and the proxy server is used for I/O requests of the client, and the latter is used in prefetching files from the storage server or in updating blocks at the storage server. The target/initiator module of the proxy server is controlled by block management module. iSCSI Buffer is managed as FIFO in the way to leave blocks used most recently.

Fig. 6. UbiqStor Subsystem

28

M. Ok, D. Kim, and M.-s. Park

Fig. 7 shows block management algorithm of the proxy server. In the case of a read operation, the block management module searches requested blocks in the iSCSI buffer then the local disk to service the requested block. If the search fails, the initiator module of the proxy server sends the client’s request to the storage server and receives the block to send to the client. In the case of write operation, the proxy server When Intermediate Target Receives an I/O Request { If(Block Read) {//Client's I/O Request is Read Operation If( i exists in iSCSI Buffer ) { Send i and Response to Initiator } Else { Send Read Request of i to Target Send i and Response to Initiator If( Background_Retrieving is not under progress ) { If( File_Size < THRESHOLD ) { Initiate Background_Retrieving(BOF) } } } } Else {//Client's I/O Request is Write Operation Send Response to Initiator If( the Request is not ‘Flush’ ) { Send Write Request of i to Target } Else { Add i at Tail of Background_List } } }//End of When Sub Background_Retrieving { If( iSCSI Buffer is full or End-of-File ) { Finish This Background_Retrieving } Else { Send Read Request of Next_pointer to Target } //Prefetch next block from Storage Server } Sub Background_Preserving { If( Background_List is not empty ) { Send Write Request of Next_Pointer to Target Remove Next_Pointer at Head of Background_List } }

Fig. 7. Block Management Algorithm

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices

29

immediately sends a response message to the client and sends the blocks in appropriate time. Therefore the proxy server behaves nearly the storage server. According to the algorithm under the strategy, the hit ratio of requested blocks is 100% once the whole file is loaded into the proxy server. During file loading a requested block may be hit or not, and this is concerned with the size of a file being loaded. The number of files that are concurrently loaded is another factor since loading time gets longer as more files are being loaded together. We suppose the proxy server has two network interfaces, one for the storage server and the other for the mobile device. Therefore file loadings are not impacted by the communication between the proxy server and the mobile device.

4 Simulation 4.1 Simulation Configuration Fig. 8 depicts the network of an iSCSI target of the storage server, intermediate target of the proxy server, and an initiator of the mobile device, which is simulated with Network Simulator 2.27 (NS2). The bandwidth of the wireless link between the mobile device and the proxy server is limited by 1Mbps (CDMA2000 1x EV-DO). The wired links between the proxy server and the storage server has a bandwidth of 2Mbps. Hit ratio of blocks is measured along the number of files concurrently being loaded. The distance from the mobile device to storage server, via the proxy server, is 200km and delay ratio of A and B is 7:3. Data size is 512 bytes which is SCSI block size used in PDAs under Windows CE, and which is one of the representatives in mobile appliances.

Fig. 8. Simulation Configuration within NS2

4.2 Hit Ratios by Data Types in Read operations In the simulation with NS2, iSCSI throughput is influenced by a propagation delay, which depends on physical media, and transmission delay that depends on data size and bandwidth. In cases where iSCSI has a short delay, when the distance of iSCSI initiator from target is short, transmission delay is much longer than the difference of propagation delay by introducing the proxy server. Thus it has little influence on iSCSI performance. However, when the iSCSI initiator is distant from the target, the difference of propagation delay is much longer than transmission delay. Therefore the proxy server greatly improves the iSCSI throughput. Moreover the proxy server aims at the hit ratio of 100% by accommodating a whole file. However it takes long time to

30

M. Ok, D. Kim, and M.-s. Park 1.150

1.050 1.000

1.000 0.950 0.850

Hit Ratio

Hit Ratio

0.900 0.850

0.700

0.800 0.550 0.750 0.400 0.700 0.650

0.250 0

64

128

192

256

0

320

128

256

Time(sec)

CLF=1

CLF=2

384

512

640

Time(sec)

CLF=3

CLF=4

CLF=5

CLF=1

(a) Application File of 16Mbytes

CLF=2

CLF=3

CLF=4

CLF=5

(d) Application File of 32Mbytes 1.150

1.050 1.000

1.000 0.950 0.850

Hit Ratio

Hit Ratio

0.900 0.850

0.700

0.800 0.550 0.750 0.400 0.700 0.650

0.250 0

64

128

192

256

320

0

128

256

Time(sec)

CLF=1

CLF=2

384

512

640

Time(sec)

CLF=3

CLF=4

CLF=5

CLF=1

(b) Document File of 16Mbytes

CLF=2

CLF=3

CLF=4

CLF=5

(e) Document File of 32Mbytes 1.150

1.050 1.000

1.000 0.950 0.850

Hit Ratio

Hit Ratio

0.900 0.850

0.700

0.800 0.550 0.750 0.400 0.700 0.650

0.250 0

64

128

192

256

320

0

128

256

Time(sec)

CLF=1

CLF=2

CLF=3

384

512

640

Time(sec)

CLF=4

CLF=5

(c) Multimedia File of 16Mbytes

CLF=1

CLF=2

CLF=3

CLF=4

CLF=5

(f) Multimedia File of 32Mbytes

Fig. 9. Hit Ratios in Loading Files

load large files in sizes of 16MB, 32MB, and so on. The simulation focuses on the hit ratio of blocks in reading from those files until they are completely loaded. We used three file types, Application file, Document file, and Multimedia file. Application file is constituted by randomly accessing requests, i.e., database file. Multimedia file is constituted by sequentially accessing requests, i.e., MPEG file. Document file is constituted by mixes of random and sequential accessing requests. Files of 16MB are being loaded as shown in Fig. 9. When the proxy server is loading only one file, it takes 64sec to the 100% hit ratio for one Application file. Since blocks are requested randomly, hit ratio has reached 100% at the time the file is completely loaded. File loadings take longer time proportional to the number of files concurrently loaded, CLF in the figure. For Document file, however, the same CLFs take less time to reach the hit ratio of 100%. File loadings take the same time as in the case of Application File. Document files have partially sequential access patterns and they has not requested a file as a whole when editing from the mobile device. Timely necessary blocks are requested at random, but as a series of blocks. Although file loadings take the same time as in the case of Application File, Multimedia files reache the hit ratio of 100% even earlier than those in the case of Document File. The reason is their sequential access patterns. For each case of file types, it takes about 64 seconds in

UbiqStor: Server and Proxy for Remote Storage of Mobile Devices

31

loading only one file and 1MB of a file is loaded in just 4 seconds. That loaded front part of 1MB suffices ordinary use tendency since a user usually does not request every block of 16MB in several seconds, in all cases including the case of Application File. This is why the hit ratios are high from the starts. Larger files take proportionally longer loading times, and hit ratios follow similar aspect by the data type, in loading files of 32MB.

5 Conclusion In our previous work[8], we described efficient ways introducing iSCSI cache server, to achieve a breakthrough against the problem of iSCSI performance falling when applying iSCSI-based remote storage services for mobile appliances. In this work we developed the cache server into a proxy server to improve iSCSI buffer management to heighten block hit rate. Throughout the simulations the hit ratio has greatly grown in the cases of large files. Although not presented in this paper, file loadings need not take longer time proportional to its size. The proxy server has dozens of 2MB bandwidth the on wire network, while the mobile device has only limited bandwidth up to 1Mbps over the wireless network. Thus file loading can be completed much earlier on the wire network, and hit ratio can reach 100% earlier. Preserving files in some server and retrieving them out of any server is necessary requirement for ubiquitous computing. We developed remote storage server and proxy server that supply ubiquitous storage, UbiqStor. The system has shown its effectiveness by simulation and much of mobile appliances should be forwarded to ubiquitous computing by UbiqStor service.

References 1. Shepard SJ. Embedded Databases Can Power Emerging World of Information to Go. IEEE Distributed Systems Online. 2. Block Device Driver Architecture, http://msdn.microsoft.com/library/en-us/wceddk40/ html/_wceddk_system_architecture_for_block_devices.asp 3. Clark T. IP SANs: A Guide to iSCSI, iFCP, and FCIP Protocols for Storage Area Networks. Addison-Wesley, 2002 4. He X, Yang Q, Zhang M. A Caching Strategy to Improve iSCSI Performance. Local Computer Networks 2002: 278-285. 5. Park S, Moon B, Park M. Design, Implementation, and Performance Analysis of the Remote Storage System in Mobile Environment. Information Technology & Applications 2004. 6. Lu Y, Du DHC. Performance Study of iSCSI-Based Storage Subsystems. IEEE Communication Magazine; 41(8): 76-82. 7. SAM-3 : Information Technology - SCSI Architecture Model 3. Working Draft. T10 Project 1561-D. Revision 7, 2003. 8. Ok MH, Kim D, Park M. UbiqStor: A Remote Storage Service for Mobile Devices. Parallel and Distributed Computing: Applications and Technologies 2004: 685-688. 9. Meth KZ, Satran J. Design of the iSCSI Protocol. Mass Storage Systems and Technologies 2003, 116-122. 10. Satran J. iSCSI Draft20, http://www.ietf.org/internet-draft/draft-ietf-ips-iscsi-20.txt

Packet Length Adaptation for Energy-Proportional Routing in Clustered Sensor Networks Chao-Lieh Chen1, Chia-Yu Yu2, Chien-Chung Su2, Mong-Fong Horng3, and Yau-Hwang Kuo2 1 Department of Electronics Engineering Kun-Shan University, Yung-Kang, Tainan County, Taiwan, R.O.C. [email protected] 2 Department of Computer Science and Information Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. {kuoyh, yujy, sujz}@cad.csie.ncku.edu.tw 3 Department of Computer Science and Information Engineering, Shu-Te University, Kao-Hsiung, Taiwan, R.O.C. [email protected]

Abstract. We study the maximization of throughput and energy utilization in noisy wireless channels by adjusting packet length adaptively to network instant statistics. The optimal packet length adaptation (PLA) for throughput and energy utilization in wireless networks with and without re-transmission is respectively derived and developed. As more noises introducing more energy consumptions, the noises are equivalently regarded as lengthening of transmission distances. Therefore, an equivalent distance model of noisy channels is developed for more accurate estimation of the dissipated proportion in the residual energy such that further improvement of energy utilization and throughput is obtained. We integrate the PLA with the energy-proportional routing (EPR) algorithm for best balance of energy load. Therefore, performance metrics such as lifetime extension, throughput, and energy utilization are maximized even the distribution of channel noise is so un-predictable. Since the equivalent distance is dynamic, we believe that it is useful for network topology re-organization and will be useful in the future work of mobile ad-hoc networks.

1 Introduction Wireless channels’ inherently error-prone and their time-varying characteristics make it difficult to consistently obtain good performance. Due to limited bandwidth and limited energy, many researches focus on how to increase throughput and utilize energy effectively. However, many of the researches, such as [1-6], do not consider channel noises’ accomplice of throughput reduction and energy wasting. In real world’s wireless networks, significant packet losses are due to channel noises. In this paper, we study how to effectively increase throughput and energy utilization in noisy X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 32 – 42, 2006. © IFIP International Federation for Information Processing 2006

PLA for EPR in Clustered Sensor Networks

33

wireless sensor networks by adjusting packet lengths adaptively to the network statistics. We assume that each packet consists data and header portions. The length of the header in a packet is constant for specific protocols while the length of the data is variable. In addition, the header is an overhead in the wireless networks and we must decrease its relative energy dissipation and at the same time increase throughput of network. To do so, we develop the adaptation method of the data length of packets according to different network instant condition, that is, the bit error rate (BER). As higher noises, which also mean higher BER, introducing more energy consumptions, the noises are equivalently regarded as lengthening of transmission distances. We derive the equivalent distance for a noisy channel and use it for more accurate estimation of energy consumption. With the adaptation mechanism, it is attractive to apply it in sensor networks. Cooperated with adequate energy-aware routing method, the adaptation mechanism will exploit its advantages of energy utilization and throughput maximization through an extended lifetime of the sensor network. Therefore, we propose the cooperation with energy-proportional routing (EPR) algorithm for noisy clustering-based sensor networks. The EPR was originally proposed that proportionally balances energy loads of nodes and clusters when data amounts and packet lengths of wireless links vary [11, 12]. For inter-cluster communications, the EPR makes all clusters dissipate the same proportion of its remaining energy when transmitting data to the base station. Even though the clusters have quite different data amounts and distances to the base station, with EPR, data loads are shared evenly and no cluster nodes die early due to having been busy transmitting data for a long time. For intra-cluster communication, the EPR also successfully balances the energy load. Due the energy-proportional balance, both the throughput is increased and lifetime is extended. Many energy aware routing schemes [1-6] use constant packet length for transmissions and assume constant data amount each round. The EPR works well no matter how the data amount and the packet length vary with time. Therefore, the cooperation of the PLA and EPR effectively provides very good energy and throughput performances even if the noises in the network are dynamic and so unpredictable. Some other load-balance routing protocols for clustering-based sensor networks can be found in [2-6]. However, the proposed EPR routing algorithm outperforms in balancing the loads especially in the noisy environments. The rest of the paper is organized as follows. Section 2 introduces the radio energy model in wireless networks and describes the noise models, which are used in the wireless sensor networks. With the noise models we can formulate the problem suffered by wireless communication ignoring noise effects. Section 3 provides the analyses of throughput, energy utilization and equivalent distance for noisy channels. With the analyses, we derive the optimal packet length for the PLA algorithm. Section 4 introduces the EPR routing with the PLA for clustering-based wireless sensor networks. In Section 5, we present the simulations and compare the performance of the proposed adaptation to the ones of using constant packet lengths and adopting error-free routing protocols. In Section 6, we conclude our idea and propose future works.

34

C.-L. Chen et al.

2 Problem Formulation The energy dissipated for data transmission and receiving in the air has direct effect on the lifetime in wireless sensor networks. To utilize energy consumption, there has been a significant amount of research in the area of low-energy radios. In this paper we adopt the widely accepted energy model [1-6, 11, 12] for energy consumption estimation. The energy model was proposed where the transmitter dissipates energy to run the radio electronics and the power amplifier as well as the receiver dissipates energy to run the electronics. The power attenuation is dependent on the distance d between the transmitter and receiver. The propagation loss can be modeled as inversely proportional to d2. To transmit L-bit message over a distance d, the radio expends:

ETx ( L, d ) = LEelec + Lε amp d 2

(1)

while for receiving this message, the radio expends ERx ( L) = LEelec

(2)

The electronics energy, Eelec depends on factors such as the digital coding, modulation and filtering of the signal before it is sent to the transmitting amplifier. According to (1), the total energy ETx(L, d) dissipated by a node for data transmission is a function of the topological parameter d and data amount L. On the other hand, the energy ERx(L) used for receiving data from other clusters or nodes accounts for only data amount L. The dissipated energy is related to packet length and the distance between transmitter and receiver. In addition, when we consider transmission in noisy networks, the packet error rate (PER) is related to packet length. For a given BER, the longer the packet length is, the larger packet error rate is. In contrast to noiseless cases, the throughput will be worse adopting longer packet length for transmission. When we transmit packets over noiseless channel, no packets will be lost in this channel. Therefore, energy is not wasted in transmitting incorrect packets. However, when transmitting packets over noisy channel, packets are influenced by noise and corrupted packets are dropped if error correction mechanism such as ECC cannot recover the error bits. When packets are dropped, energy is wasted. Therefore, if packet length is too long in noisy wireless networks, this will result in large PER and waste much energy in lost packets. Although short packet length causes smaller PER, the transmission energy used by packet header is relatively larger. On the other hand, the throughput is also downgraded if the data proportion is small in a packet. In this paper, we derive the optimal packet length with respect to wireless network noise condition. The optimal packet length will result in larger throughput and utilizing energy effectively. To reveal the effect of the packet length to throughput and energy consumption, we consider the noise model as follows. The common noisy models in wireless networks are divided into Gaussian channel [13], Ricean channel [9], and Rayleigh channel [8]. Since Gaussian channel is the most commonly used model in noisy wireless networks, we primarily consider the Gaussian channel in this paper. We express PER (packet error rate) in terms of the packet length L and bit error rate in a packet. Let P(m, L) be

PLA for EPR in Clustered Sensor Networks

35

defined as the probability that a packet of length L bits contains m erroneous bits. For a general channel, if MAC FEC is employed at the data link layer, we assume that t channel bits errors will be corrected. Therefore, we can get the following formula: PER =

L

t

¦

m = t +1

P ( m, L ) = 1 − ¦ P ( m, L ) m=0

(3)!

If MAC FEC is not employed (i.e., in (3), t=0), we can reduce PER to the following formula:

PER = 1 − P(0, L)

(4)!

Since Gaussian Channel can be converted to binary symmetric channel [13], we have the following expression for PER in terms of packet length and BER pb: L

PER = Pe = ¦ pbi (1 − pb )

L −i

= 1 − (1 − pb ) L ≈ Lpb .

(5)

i =1

The PER represents that packets will be dropped whenever any one bit is incorrect in this packet. As we can see from (5), the PER is about proportional to the packet length L. When packet drops, throughput and energy utilization degrade. In Section 3, we will derive the optimal packet length in terms the bit error rate and header length when using Gaussian channel model so that we can adapt the packet length to optimally improve throughput and energy utilization.

3 Optimal PLA and Equivalent Distance First, we consider that the packet must be retransmitted after the packet is lost. The probability that packet must be transmitted n times is (1 − pe ) peN −1 . The expected number of required transmissions until the packet is received correctly is: N

N = ¦ n(1 − pe ) pen −1 = n =1

1 ≈ (1 − pb ) − L 1 − pe

(6)

We approximate the throughput and energy dissipation in terms of this expectation number. 3.1 Throughput

In case that retransmission is required, from (6), the average of required transmission time for every packet is as follows. T =N

L L (1 − pb ) − L = R R

(7)

36

C.-L. Chen et al.

where R is the bandwidth. Assume that the header length h is constant and the data length is variable. Therefore, the respective throughput with and without retransmission are Th =

L − h ( L − h) R (1 − pb ) L = T L

Th =

( L − h) L

R(1 − Lpb )

(8)

(9)

For sufficiently long packet, equations (8) and (9) are close. 3.2 Energy Utilization

In this paper, the distance of a sensor node pair is constant since sensors have fixed position after they are deployed. The energy consumed per bit data transmission between any two nodes is regarded as a constant E. We use the metric of energy utilization to decide the optimal packet length. The energy utilization is defined as the total useful data sent by unit amount of energy [7]. According to this definition, to obtain the energy utilization, we need to calculate the ratio of the effective data amount transmitted to the total energy consumed by a node for this transmission. We also consider the energy utilization in two cases – requirement of retransmission or not. The respective expected energy utilizations with and without retransmission are

Eut =

L − h ( L − h ) (1 − pb ) = LNE LE

Eut =

L − h ( L − h ) (1 − Lpb ) = LNE LE

L

(10)

(11)

Summarizing (8) to (11), the optimal packet length maximizing the throughput and best utilizing energy is the one making the derivative of (10) or (11) zero. The respective optimal packet lengths with and without retransmission are

Lopt =

h h2 h + − 2 4 ln(1 − pb ) Lopt =

h . pb

(12)

(13)

3.3 Equivalent Distance

As more noises introducing more energy consumptions, the noises are equivalently regarded as lengthening of transmission distances. Because lost packets will waste

PLA for EPR in Clustered Sensor Networks

37

energy and energy is the function of communication distance, we assume that the wasted energy is added to the communication distance such that packets are received correctly as in perfect channel. Therefore, the equivalent distance model of a noisy channel is derived for more accurate PLA such that further improvement of energy utilization and throughput is performed. Because bit error rate is time-variant, the equivalent distance will also be time-variant. When perform energy-aware routing such as EPR, the equivalent distance will be very useful in balancing the energy load. The relationship between energy and equivalent distance is as follows (we only consider that retransmission of lost packets will not required). From section 2, we know that the energy model is as equation (1) and in this section we also have energy utilization expressed as (11) Combining (1) and (11), we can get the following equation. Eut =

( L − h)(1 − Lpb ) LEelec + Lε amp d 2

(14)

Let the equivalent distance be d eq in perfect channel. Therefore, we can get the following equation:

LEelec

( L − h ) (1 − Lpb ) L−h = 2 LEelec + Lε amp d 2 + Lε amp d eq

(15)

Finally, we the equivalent distance is derived as follows. d eq =

ε amp d 2 + Lpb Eelec ε amp − Lpbε amp

(16)

In Section 4, we perform EPR routing by using the equivalent topology constituted by the equivalent distances among sensor nodes.

4 Energy-Proportional Routing with Optimal PLA In each round, as shown in Fig. 1, each sensor node statistically calculates the packet error rate pe by number of its transmitted packets and the received packets. This statistic can be done in several ways. In this paper we assume that the destination sensor acknowledges the total number of received packets to its source at the end of a round. Dividing the accumulated number of successfully sent packets by total number of sent packets, we have the PER. In the setup phase of the coming round, with the PER, each sensor node inversely calculates the BER pb according to (5) (lines 2-3 in Fig. 1) and then calculates the optimal packet length according to equations (12) to (13)(line 5 in Fig. 1). Consequently, each sensor node will transmit data by using the optimal packet length and the equivalent distances (Eq. (16) and line 6) in the communication phase. In [11, 12], an effective energy-proportional routing (EPR) algorithm for lifetime extension was proposed. In the EPR algorithm, to optimally utilize energy, light-load

38

C.-L. Chen et al.

sensor nodes that conserve energy are ideal candidates as intermediate nodes for forwarding data from others. To balance the load, first, the EPR algorithm predicts energy consumption of each node in each round. Then the algorithm controls the energy consumption of each node (cluster) as close as possible to the mean value of energy utilizations among nodes (clusters). Finally, the algorithm checks satisfaction of the energy constraints in terms of distances and predicted data amounts. The algorithm performs routing by determining whether a node or a cluster head should either undertake forwarding tasks or transmit data to intermediate hops. In this way, energy dissipation is evenly distributed and the lifetime of the whole wireless sensor network is ultimately extended. When a source node transmits the gathered data to the base station via intermediate nodes, the intermediate nodes can evenly share the responsibility of the load in a round. The concept is called energy-proportional balance. The EPR effectively extends lifetime and increases throughput in both intra- and inter-cluster communications. Unlike many state-of-the-art routing schemes [1-6] that assume constant data amount and packet length in each round, the EPR works well no matter how dynamics of the data amount and packet length are. Therefore, considering integration of the packet PLA with routing schemes, the EPR is the best candidate. In this paper, we perform the optimal PLA for both intra- and inter-cluster communications that use EPR. For inter-cluster communications, the operation steps of the EPR algorithm in the setup phase are as follows. First, sensor nodes are formed into clusters by replacing geometrical distances with the equivalent distances in conventional algorithms such as those in many state-of-art clustering algorithms for sensor networks. Second, every Algorithm. Packet Length Adaptation Inputs: R: routing table of the previous round dij: the distance from node i to node j in the previous round. kij: total transmitted packets from node i to j in the previous round. kij’: total received packets from node i to j in the previous round. Lij: packet length of previous round. Outputs: dEQ,ij: noise equivalent distances from node i to node j. Lij: packet length after adaptation. Procedure PLA(r: round) Variables for PLA PERij: Packet Error Rate; BERij: Bit Error Rate; Begin 1 for each link ij in R with nonzero kij in round r-1 { PERij = (kij - kij’)/kij; 2 BERij = 0.98*PERij/Lij +0.02*BERij;//Eq.(5)&moving average 3 4 if (BERij > 0){ Lij = updatePacketLen(Lij, BERij); //Eq. (12)-(13) 5 dEQ,ij= CalculateEquivalentDistance(Lij, BERij, dij); //Eq. (16) 6 7 else //the first round and Prob(BER=0)Æ0 Lij = Lij; //do not update packet length 8 dEQ,ij = dij; 9 10 } //end if 11} //end for End

Fig. 1. The pseudo code of the PLA

PLA for EPR in Clustered Sensor Networks

39

cluster head predicts the amount of data to be transmitted according to the Markov model. The prediction and the PER statistics are useful in calculating local energy utilization for each cluster head. Finally, for those cluster heads having higher energy dissipation than the energy mean value ωth, we adopt EPR routing algorithm to direct their data to those clusters having been less active for an extended period and having much more remaining energy. We refer the readers to [11, 12] for more details about the EPR. The packet transmission in the communication phase uses the optimal packet length calculated by (12) and (13) in the setup phase. In this way, while the total energy dissipation of the sensor network is kept evenly distributed, simultaneously the noise impacts on energy wasting and throughput reduction are eased.

5 Experiments and Simulations In this section, we simulate the proposed model by using NS2 network simulator. We compare the performance with other protocols by using some factors including collected data, throughput and energy utilization in the base station. For these experiments, we randomly distribute 100 nodes in an area 100×100 m2. The base station is located at location (X=0, Y=0). The bandwidth of the channel was set to 1 Mbps. The radio electronic energy was set to 50 nJ/bit and the radio transmission energy was set to 10 pJ/bit/m2. These parameters are the same as in the LEACH protocol [1]. 5.1 The Effects of Noise

When packet length is 500 bytes, the distribution of the number of erroneous bits in packets is obtained by statistical accumulation in the NS2 simulator. Fig. 2(a) and Fig. 2(b) respectively show the effect on throughput and energy utilization under different bit error rates. These two figures also validate equations (8)-(11). From Fig. 2(a) and Fig. 2(b), we need to use different optimal packet lengths under different BER status. 30

165

155

Energy Utilization

Throughput

160 25

20

145

1e-5 2e-5 3e-5 4e-5 5e-5

300 400 500 600 700 Packet Length in bytes

3e-5 2e-5

140 135 130

15200

1e-5

150

BER

800

(a)

125 200

BER:1e-5 ~ 5e-5

5e-5 4e-5 800

300 400 500 600 700 Packet Length in bytes

(b)

Fig. 2. The effect of BER: (a) the throughput of network under different bit error rates, and (b) the energy utilization under different bit error rates

40

C.-L. Chen et al.

5.2 Simulations of the Whole Sensor Network

The initial packet length for each link is 500 bytes and after that the PLA algorithm adapts the packet length. The header length of packets is 25 bytes and lost packets are not retransmitted. We present simulation results of total data received by the base station in lifetime, throughput, and energy utilization. The results of these three metrics are respectively shown in Fig. 3(a), (b), and (c). From the results, we know that adjusting the packet length dynamically by PLA in noisy wireless sensor network increases throughput and energy utilization. Moreover, cooperating with EPR, we gain further benefits. The legends of the results are “Proposed” -- the proposed EPR routing with PLA, “LEACH(Adaptive Length)” -- the LEACH-c routing with PLA, “LEACH(Length=500)” -- the LEACH-c algorithm with constant packet length 500 bytes, “LEACH(No Error)” -- original LEACH-c algorithm with constant packet length 500 bytes and zero BER, and “Length=aaa, EPR” -- EPR routing with constant packet length aaa ∈ {300, 400, 500, 600, 700}. 70

12

8

Proposed LEACH(Adaptive Length) LEACH(Length=500) N LEACH(No Error) 3 Length=300,EPR

6 4

(a)

2 00

50

(c)

60

N 54 6 3 7

4 Length=400,EPR 5 Length=500,EPR 6 Length=600,EPR 7 Length=700,EPR 100 150 200 250 300 350 Time (sec)

Throughput (KB/s)

Total Data (MB)

10

(b)

50

N

40

54 6 7 3

30

N

20

6 54 7 3

10

0

50

100

150 200 Time(sec)

250

300

350

Fig. 3. Simulation results of the whole sensor network: (a) Total data received by base station, (b) the throughput of network, and (c) the energy utilization of network.

5.3 Equivalent Distance

Communication distance is an important factor in estimating energy consumption in wireless networks. In the previous subsection, when calculating the dissipated energy proportion in the residual energy, the EPR uses real geometrical distance in the energy model. Here we adopt the noise equivalent distances rather geometrical ones to more accurately estimate the energy proportion caused by noises including geographical issues such as obstacles. With BER and packet length obtained in PLA, we use equation (16) to compute the equivalent distance. With the equivalent distances, clusters are organized and routing table is generated in each round. The comparisons of using and not using the equivalent distance are as Fig. 4. The performance of EPR with PLA is further improved if using equivalent distance in energy consumption estimation. We compare the proposed method with other protocols, such as PEGASIS [2, 3], BCDCP [6], and LEACH-c [1] to see how the noise impacts network performances. We use the normalized performance ratio to show the comparison results. The following normalized performance ratios are acquired by comparing with LEACH protocol. According to

PLA for EPR in Clustered Sensor Networks

6 4

(a)

2 0

50

100 150 200 250 300 350 400 Time (sec)

Throughput (KB/s)

Total Data (MB)

8

80

equivalent distance var

70 60

(b)

50 40 30 20

Energy Utilization (KB/joule)

equivalent distance var

10

0

500

90

12

41

450

350

50

100 150 200 250 300 350 400 Time (sec)

(c)

300 250 200 150 100

0

equivalent distance var

400

0

50

100 150 200 250 300 350 40 Time (sec)

Fig. 4. The simulation results for equivalent distance: (a) total data received by the base station, (b) throughput, and (c) the energy utilization of the sensor network. Legend “var” represents EPR with PLA but without equivalent distance for energy consumption estimation.

[10], using perfect channels, the normalized performance ratio of PEGASIS [2, 3], BCDCP [6], and LEACH-c are 1.5, 1.67, and 1.167 respectively. From Fig. 4, the performance of the proposed method is 1.76 even under noisy environment. These ratios reveal that the channel noise obviously affects the energy balance.

6 Conclusion and Future Works In this paper, we propose the packet length adaptation (PLA) scheme according to the derivation of optimal packet length in the noisy channels. The packet length adaptation successfully increases throughput and energy utilization of clustered sensor networks. Among state-of-the-art routing schemes for sensor networks, the energy-proportional routing (EPR) is superior especially when the packet length and the data amount are randomly distributed in a round. Therefore, we gain further improvement in throughput and energy utilization when the packet length adaptation is cooperated with the energy-proportional routing. With the optimal packet length for each instant network situation, the noise-equivalent distance is obtained and is useful for estimation of dissipated energy proportion in the residual energy. Therefore, the EPR routing optimally balance the energy load among sensor nodes and clusters. As BER is time-variant, the equivalent distance is also time-variant. In the future, we will apply the proposed method in mobile ad-hoc networks where distances among nodes are time-variant. Furthermore, mathematical analyses based on various noise models and different MAC sub-layers will be continued.

References 1. W. Heinzelman, A. Chandrakasan, and H. Balakrishnan, “An Application-Specific Protocol Architecture for Wireless Microsensor Networks”, IEEE Transactions on Wireless Communications, 1(4) (2002) 660-670. 2. S. Lindsey, C. Raghavendra, and K. M. Sivalingam, “Data Gathering Algorithms in Sensor Networks Using Energy Metrics,” IEEE Transactions on Parallel and Distributed Systems, 13(9) (2002) 924-935.

42

C.-L. Chen et al.

3. S. Lindsey, C. Raghavendra, “PEGASIS: Power-Efficient Gathering in Sensor Information Systems,” IEEE Aerospace Conference Proceedings, 3 (2002) 1125-1130. 4. O. Younis and S. Fahmy, “Distributed Clustering in Ad-hoc Sensor Networks: A Hybrid, Energy-Efficient Approach,” IEEE Transactions on Mobile Computing, 3(4) (2004) 366-379. 5. O. Younis and S. Fahmy, “Distributed Clustering in Ad-Hoc Sensor Networks: A Hybrid, Energy-Efficient Approach,” Proceedings of IEEE INFOCOM, (2004). 6. S. D. Muruganathan, D. C. F. MA, R. I. Bhasin, and A. O. Fapojuwo, “A Centralized Energy-Efficient Routing Protocol for Wireless Sensor Networks,” IEEE Radio Communications, 43(3) (2005) S8–S13. 7. X. Wang, J. Yin and D. P. Agrawal, “Effects of Contention Window and Packet Size on the Energy Efficiency of Wireless Local Area Network”, Proceedings of 2005 IEEE Wireless Communications and Networking Conference, 1 (2005) 94 – 99. 8. H. Bischl and E. Lutz, “Packet error rate in the non-interleaved Rayleigh channel,” IEEE Transactions on Communications, 43 (1995) 1375-1382. 9. Ruggero Reggiannini, “A lower performance bound for phase estimation over slowly-fading Ricean channels”, Global Telecommunications Conference, 3 (1995) 2012-2016. 10. Siva D. Muruganathan, Daniel C. F. Ma, Rolly I. Bhasin and Abraham O. Fapojuwo, “A Centralized Energy-Efficient Routing Protocol for Wireless Sensor Networks”, IEEE Radio Communications, (2005) S8-13. 11. Chao-Lieh Chen and Kuan-Rong Lee, et al., “An Energy-proportional Routing Algorithm for Lifetime Extension of Clustering-based Wireless Sensor Networks,” Workshop on Wireless, Ad Hoc, and Sensor Networks, http://acnlab.csie.ncu.edu.tw/WASN, (2005), Taiwan. 12. Chao-Lieh Chen and Kuan-Rong Lee, et al., “An Energy-proportional Routing Algorithm for Lifetime Extension of Clustering-based Wireless Sensor Networks”, Journal of Pervasive Computing and Communications, to appear in 2 (2006). 13. Thomas M. Cover and Joy A. Thomas, Elements of Information Theory, 1991.

A New Context Script Language for Developing Context-Aware Application Systems in Ubiquitous Computing* Jae-Woo Chang and Yong-Ki Kim Dept. of Computer Engineering Chonbuk National University, Chonju, Chonbuk 561-756, South Korea [email protected], [email protected]

Abstract. In order to develop a variety of context-aware application systems, we require a context script language to describe both various decisions on context-awareness and appropriate procedures according to the decision. In this paper, we propose a new context script language which can represent a variety of contexts as a standard syntax. The proposed context script language is a general purpose one to provide users with functions to define a given context in a clear and precise manner. To show the usefulness of the proposed context script language, we develop a context-aware application system using it, which can provide users with a music playing service in ubiquitous computing environment.

1 Introduction Ubiquitous computing is embedded in the users’ physical environments and integrates seamlessly with their everyday tasks [1, 2]. An effective software infrastructure for running ubiquitous computing applications must be capable of finding, adapting, and delivering the appropriate applications to the user’s computing environment based on the user’s context. Thus, context-aware application systems determine which user tasks are most relevant to a user in a particular context, and they may be determined based on history, preferences, or other knowledge of the user’s behavior, as well as the environmental conditions. In order to develop a variety of context-aware application systems in an effective manner, we require a context script language to describe both various decisions on context-awareness and appropriate procedures according to the decision. In this paper, we propose a new context script language which can represent a variety of contexts as a standard syntax. The proposed context script language is a general purpose one to provide users with functions to define a given context in a clear and precise manner. To show the usefulness of the proposed script language, we develop a contextaware application system using it, which can provide users with a music playing service in ubiquitous computing environment. The remainder of this paper is *

This work is financially supported by the Ministry of Education and Human Resources Development(MOE), the Ministry of Commerce, Industry and Energy(MOCIE) and the Ministry of Labor(MOLAB) though the fostering project of the Lab of Excellency.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 43 – 52, 2006. © IFIP International Federation for Information Processing 2006

44

J.-W. Chang and Y.-K. Kim

organized as follows. The next section discusses related work. In section 3, we describe the design of our context script language. In section 4, we present the development of our context-aware application system. Finally, we draw our conclusions in section 5.

2 Related Work In this section, we introduce some related work on context description languages. First, Arizona State Univ. [3] presented a context definition language called CA-IDL (Context-enabled Interface Definition Language). That is, context tuples for defining context can be represented as Context tuple : < a1, ... , an, tm>. Here, n means the number of unique context data, ai means the value of the i-th context data, and tm means the time for tuple creation. For example, if the context tuple consists of location, direction, and velocity, it can be represented as when its context object is moving toward north. Secondly, INRIA in France [4] proposed a general infrastructure based on contextual objects to design adaptive distributed information systems in order to keep the level of the delivered service despite environmental variations. The contextual objects (COs) are mainly motivated by the inadequacy of current paradigms for context-aware systems. The use of COs does not complicate a lot of development of an application, which may be developed as a collection of COs. The COs are defined as CO(id) : . For example, two contextual Web documents can be defined as and . The Web documents can be browsed by selecting its appropriate variant according to users’ location, users’ language, and browser type.

3 Context Script Language for Context-awareness In this section, we will propose a new context script language to represent contexts precisely and describe a grammar specification for it. 3.1 Components of Context Script Language A context object is any logical concept that can be used to characterize the situation of any entity [5]. An entity is a person, place, or object that is considered relevant to the interaction between a user and an application, including the user and applications themselves. In order to develop a variety of application software for contextawareness in an effective manner, a context script language is required to describe both various decisions on context-awareness and appropriate procedures according to the decision. Even though the CA-IDL was proposed as a context script language, it is not a general purpose one because of being dependant on a specific system. Thus, we propose a new context script language which can represent a variety of contexts as a standard syntax. The context script language is a general purpose one to provide users with functions to describe a given contexts in a clear and precise manner. Our context script language has such components as context object definition, context creation & destroy, context instance insertion & deletion, and context instance activation & deactivation.

A New Context Script Language for Developing Context-Aware Application Systems

45

3.1.1 Context Object Definition A context object is a logical concept that can be used to represent any entity or device around application software for context-awareness. Some attribute values for a context can be updated by hardware devices, which can be used in a conditional clause to be mentioned in the next. The definition clause of the context objects is shown as follows. Here object_name and element_name never begin with a numeric or special letter, and they have less than 256 in length. In addition, data_type consists of two types; string data type (i.e., string) and numeric data type (i.e., int, float, long, double, time, date). ContextObject object_name ( data_type element_name1, data_type element_name2, data_type element_name3 : )

3.1.2 Context Creation and Destroy A context creation makes a rule to execute an action when a context satisfies a given condition. It consists of a conditional expression and an action being executed. The context creation defines the template of context table and the values of context table are actually inserted in case of inserting a context instance. The clause of the context creation is shown as follows, where context_name being less than 256 in length cannot begins with a numeric or special letter. Here a condition clause is used to represent a given condition while action and parameter clauses are used to indicate both a function and its parameters being called when satisfying the condition. ContextCreate context_name Condition (condition_expression) [during time_value] Action function_name [before/when/after time_value] or [from time_value to time_value] Param (param1, param2, ... )

First, the conditional expression (i.e., condition_expression) can be composed of N conditional clauses and N-1 logical operators (i.e., AND, OR, NOT). The conditional clause has two operands and one relative operator (i.e., =, >, RN : The node updates its sending data transmission rate to a value in the warning message. – RO = RN : The node discards a warning message. R1 5.5Mbps

2Mbps

2Mbps 5.5Mbps

S

A

R3 C

5.5Mbps

5.5Mbps 5.5Mbps 5.5Mbps 11Mbps 5.5Mbps11Mbps B 11Mbps

11Mbps

5.5Mbps

D 5.5Mbps 11Mbps5.5Mbps 11Mbps 5.5Mbps R2

Fig. 3. Maintenance of a multicast mesh structure

An Efficient Multicast Routing Protocol

99

Figure 3 shows an example of changing the data transmission rate. In Figure 3, the link between A and R2 is changed from 5.5Mbps to 11Mbps. In this case, R2 sends a warning message to A and A compares its sending data rate with 11Mbps included in the warning message, and A discards the warning message since A has a neighbor with the data rate of 5.5Mbps (R1). If the link between R2 and D is changed from 11Mbps to 5.5Mbps, node D sends warning messages to R2, and R2 should update its sending rate from 11Mbps to 5.5Mbps.

5 5.1

Performance Evaluation Simulation Environment

We perform simulations using the NS2 network simulator [13]. The radio model is based on the IEEE 802.11 supporting multi-rate scheme, which provides a various data transmission rates of 2Mbps, 5.5Mbps, and 11Mbps and a nominal transmission range of 250m. We randomly placed 50 mobile nodes in a 1500m × 300m network area and let them move freely at a given maximum speed of 20 m/s during simulation time of 300 seconds. The nodes in our simulations move according to the Random Waypoint model [15]. For each maximum node movement speed, we run a simulation with 5 different pause times of 0, 30, 60, 120, and 300 seconds. A pause time of 0 represents a network in which all nodes move continuously, while a pause time of 300 represents a stationary network. For each of these pause times and maximum node movement speeds, we randomly generate 5 different scenarios, and we present here the average over those 5 scenarios. We generate a constant bit rate (CBR) traffic in the application layer with 5 and 20 packets per second packet generation rates of 128 and 1024 bytes packet size. There is one source, one multicast group, and 15 multicast receivers. The multicast source starts sending data and multicast receivers join a group at uniformly randomly generated times between 0 and 60 seconds. We evaluate the performance of the proposed protocol and compare it to that of the ODMRP using the following metrics; Packet delivery ratio - average number of data packets actually received by multicast receivers over the number of data packets originated by multicast source. End-to-end delay - average time elapsed between when a multicast data packet is originated by a source and when it is successfully received by a multicast receiver. Normalized control overhead total number of data and control packets transmitted by any node in the network, divided by the total number of data packets received by all multicast receivers. 5.2

Simulation Results

The packet delivery ratio as a function of the pause time is shown in Figure 4. As shown in the figure, we can see that the delivery ratio is decreased as the pause time is decreases. When the pause time is small, node mobility may be increased. Therefore, the route between source and receiver can be easily broken. This means that more packets are dropped during the route reconstruction when

100

K.-J. Bae et al.

Packet delivery ratio (%)

100

95

90 ODMRP (5 128 bytes) Proposed (5 128 bytes) ODMRP (20 1024 bytes) Proposed (20 1024 bytes)

85

80 0

50

100

150

200

250

300

Pause time (s)

Fig. 4. Packet delivery ratio

End-to-end delay (ms)

200 ODMRP (5 128 bytes) Proposed (5 128 bytes) ODMRP (20 1024 bytes) Proposed (20 1024 bytes)

150 100 30

10 0 0

50

100

150

200

250

300

Pause time (s)

Fig. 5. End-to-end delay

the pause time is small. As shown in the figures, the proposed protocol shows better performance in packet delivery ratio than the ODMRP. This is because there is less number of dropped packets in the proposed protocol by using higher transmission rates than the ODMRP. This phenomenon is more dominant in the case of heavy network load, i.e., the packet generation rate is 20 packets per second and the packet size is 1024 bytes. Figure 5 shows the end-to-end delay as a function of the pause time. The proposed protocol shows lower end-to-end transmission delay than the ODMRP because the proposed protocol selects better routes which can use higher data transmission rates. The proposed protocol show much better performance than ODMRP when the traffic load is high (when the packet generation rate is 20 packets per second and the packet size is 1024 bytes). It is due to the fact that the proposed protocol experiences less queuing delay by using higher data transmission rate than ODMRP, and thus the proposed protocol spends less

An Efficient Multicast Routing Protocol

101

Control overhead

10 ODMRP (5 128 bytes) Proposed (5 128 bytes) ODMRP (20 1024 bytes) Proposed (20 1024 bytes)

8

6

4

2 0

50

100

150

200

250

300

Pause time (s)

Fig. 6. Normalized control overhead

time to transmit multicast data packets. Therefore, the end-to-end delay of the proposed protocol is less than that of ODMRP. Figure 6 shows the normalized control overhead as a function of the pause time. In the figure, we can see that the normalized control overhead is constant regardless of the pause time, because control packets such as JOIN QUERY and JOIN TABLE are transmitted periodically in both of the protocols. And the reason that the proposed protocol has more control overhead than the ODMRP is as follows. In the proposed protocol, JOIN TABLEs are broadcast in response of every JOIN QUERY because JOIN QUERY that arrives later can have better route, i.e. route at higher data transmission rate. However, in the ODMRP, the multicast member only broadcasts JOIN TABLEs in response to the JOIN QUERY arriving at first. Also, in the proposed protocol, nodes send a warning message when the data transmission rate of a link is changed. Therefore the normalized control overhead of the proposed protocol is slightly higher than that of the ODMRP.

6

Conclusion

In wireless ad hoc networks, many multicast routing protocols are proposed such as ODMRP, MAODV, etc. In general, multicast data packets are transmitted at the basic transmission rate which is 2Mbps at the IEEE 802.11 or 802.11b. This is because a multicast packet delivery is not guaranteed by the RTS/CTS exchange and there can be many neighbors with different transmission rates. However, if the multicast packet can be transmitted at higher transmission rates than 2Mbps in a multi-rate WLAN such as IEEE 802.11b, we can achieve higher throughput gain and lower transmission delay than those at 2Mbps transmission rate. In this paper, we propose a new multicast routing protocol in multi-rate wireless ad hoc networks. In the proposed protocol, we design a multicast mesh creation method considering multiple transmission rates between any two nodes

102

K.-J. Bae et al.

in the ad hoc networks. We also design a multicast mesh maintenance scheme when the transmission rate between two nodes comprising a multicast mesh is changed because of node mobility. According to our simulation results, the proposed protocol shows higher packet delivery ratio and lower end-to-end delay compared with ODMRP, while shows increased control overhead. The proposed protocol can be good for a real time traffic which needs a high packet delivery ratio and short end-to-end delay, especially in the network which has heavy load.

References 1. IEEE 802.11b, Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: High-Speed Physical Layer Extension in the 2.4GHz Band, supplement to IEEE 802.11 Standard, Sept. 1999. 2. IEEE 802.11, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Standard, IEEE, Aug. 1999. 3. IEEE 802.11a, Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: High-Speed Physical Layer in the 5GHz Band, supplement to IEEE 802.11 Standard, Sept. 1999. 4. A. Kamerman and L. Monteban, ”WaveLAN 11: A highperformance wireless LAN for unlicensed band,” Bell Labs Technical Journal, 1997. 5. IEEE 802.11g, Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Further Higher Data Rate Extension in the 2.4GHz Band, amendment to IEEE 802.11 Standard, Jun. 2003. 6. G. Holland, N. Vaidya and P. Bahl, ”A rate-adaptive MAC prctocol for multi-hop wireless networks,” ACM MOBICOM, 2001. 7. IEEE 802.11b, ”Part 11:Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: High-Speed Physical Layer Extension in the 2.4GHz Band,” Standard, IEEE, 1999. 8. J. J. Garcia-Luna-Aceves and E. L. Madruga, ”The core-assisted mesh protocol Garcia-Luna-Aceves,” IEEE JSAC, 1999. 9. Yongho Seok, Jaewoo Park and Yanghee Choi, ”Multi-rate Aware Routing Protocol for Mobile Ad Hoc Networks,” IEEE VTC Spring, 2003. 10. E. Bommaiah, M. Liu, A. McAuley and R. Talpade, ”AMRoute: Ad hoc multicast routing protocol,” Internet draft, draft-talpade-manet-amroute-00.txt, IETF, 1998. 11. H. Zhu and G. Cao, ”On improving the performance of IEEE 802.11 with multihop concepts,” IEEE ICCCN, 2003. 12. C. W. Wu and Y. C. Tay, ”ARMRIS: A multicast protocol for ad hoc wireless networks,” IEEE MILCOM, 1999. 13. K. Fall and K. Varadhan, The ns Manual, available from http://www.isi.edu/ nsnam/ns, 2003 14. S. J. Lee, W. Su and M. Gerla, ”On-demand multicast routing protocol (ODMRP) for ad hoc networks,” Internet draft, draft-ietf-manet-odmrp-02.txt, IETF, 2000. 15. C. Bettstetter, H. Hartenstein, and X. Perez-Costa., ”Stochastic properties of the random waypoint mobility model,” ACM/Kluwer Wireless Networks, 2004.

WPAN Platform Design in Handset Integrating Cellular Network and Its Application to Mobile Games In-Hwan Kim1, Hoo-Jong Kim1, and Gu-Min Jeong2 1

Mobile Device Development Team 1, Mobile Device & Access Network R&D Office, SK Telecom, Korea {ihkim, hjkim2}@sktelecom.com 2 Corresponding Author, School of Electrical Engineering, Kookmin University, Korea [email protected]

Abstract. Various network technologies have been developed towards ubiquitous computing. Actually, the specific network technology has its own protocol layer, characteristics and objectives. Due to these limitations, though cellular network and WPAN are being used in handset together, the services using both networks are not so popular until now. This paper presents a platform design integrating cellular network and WPAN and its application to the mobile game service. To develop services and applications which utilize cellular network and WPAN, we discuss the WPAN platform for handset. Various aspects are considered on the connection, which can expand the area of mobile services and applications. An illustrative application of this platform is introduced as a mobile game service. In the proposed game service, downloading games or game items, managing players, etc. are provided using cellular network. The actual game traffic between players utilizes WPAN. As shown in the proposed game service design, various applications are being expected through the WPAN platform.

1 Introduction Portability and mobility are the main characteristics of mobile handset. With these characteristics and the development of technologies, various applications and services are being provided in handset [1][2]. Nowadays, the trend of mobile handset can be summarized into two keywords, ‘Convergence’ and ‘Connection’. With the rising trend of convergence, recent handsets have the functions of digital camera, MP3 player, game device and other digital devices. Also, the world is connected to the handset. Using handset, home networking, telematics and health care, etc. can be provided for the user. WPAN technologies [3-10] have been applied to the handset, which enable the handset to connect to the digital d4evices, home networking appliances, telematics devices and so on. Recently, the Bluetooth is integrated into the mobile modem chip [8] and the home networking using ZigBee [2][4] is being developed in handset. In the near future, the WPAN will create new service area of handset. However, until now, the usage of WPAN in handset is very limited [6][9]. Handsfree functions, the wireless connection to the PC and the connection to other devices X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 103 – 111, 2006. © IFIP International Federation for Information Processing 2006

104

I.-H. Kim, H.-J. Kim, and G.-M. Jeong

are the main usages of Bluetooth in handset. As shown in these usages, though cellular network and WPAN are being used in handset together, the services using both networks are not so popular. It is mainly because these networks have different characteristics and business areas. Although each network technology has its own characteristics, service environments and business model, various applications can be provided to the user if there is a certain platform integrating cellular network and WPAN. Also, if there are some abstract layers which support both cellular networks, the developers can make the applications more easily. Considering these characteristics, in this paper, we present WPAN platform design for handset and the illustrative game design with the proposed platform. Various aspects of integration are considered. The WPAN platform in handset provides the application developer with the API’s including both networks. There are interworking methods for heterogeneous networks such as 3G/WLAN interworking [11] and Ambient Networks [12]. Different from those, the cellular network and WPAN can be provided simultaneously using the proposed WPAN platform. Illustrative application of this platform is introduced as a mobile game service. Service scenario, terminal platform and server infrastructure are also discussed. In the proposed game service, downloading games or items, management of the players, etc., are provided using cellular network. The actual game traffic between players utilizes WPAN. Aside from the Bluetooth games in GSM environment, the proposed game design considers full connection between two networks. As shown in the proposed game service design, various applications are being expected through the presented WPAN platform. The remainder of this paper is organized as follows. In Section 2, the background and the motivation of this work are briefly introduced. In Section 3, the design of WPAN platform is discussed. In Section 4, implementation of mobile game using WPAN platform is presented and the conclusion follows in Section 5.

2 Background and Motivation Among the telecommunication devices and appliances, handset is the terminal to the user. Users can connect to internet or another person using handset, though there must be several parts in the background. The major trend of handset can be summarized as follows : • Convergence - Recent handset supports the functions of other digital devices such as digital camera, MP3 player, game device, etc. - Handset supports various network technologies such as DMB, WLAN, WiBro, WPAN and RFID. • Connection - Home networking, telematics and health care are being provided to the user by the handset. - Digital devices and appliances are connected to the handset

WPAN Platform Design in Handset Integrating Cellular Network

105

WPAN such as Bluetooth, ZigBee and UWB is one of the key technologies for the connection and convergence. Though, up to now, only Bluetooth is commercialized in handset, ZigBee will be adopted to the handset in the near future and also UWB will be used.

Fig. 1. Connection to other devices using handset

The main objective of WPAN technologies is the connection between digital devices. But the usage of WPAN is very restrictive in some sense. Though the WPAN is used for the connection between devices, there is not big interest on the telecommunication services. For example, Bluetooth game is provided in GSM environment. However, there is not much consideration on the connection between cellular network and Bluetooth. In this paper, we introduce WPAN platform for the convergence mobile game service by adopting Bluetooth among WPAN technologies. The scalability is considered for other WPAN technologies on mobile handset.

3 WPAN Platform Architecture in Handset and Server 3.1 Overview of the Platform Design To provide the WPAN API’s and connect them to the cellular network API’s, the WPAN platform should be developed. The earlier concept of WPAN platform has been introduced in [7]. In terms of the design in handset, the following characteristics of WPAN platform must be considered. First, we should be able to develop applications independent of WPAN technologies. In addition, the applications should be operated separately from

106

I.-H. Kim, H.-J. Kim, and G.-M. Jeong

WPAN technologies in mobile handset. Second, application developer should be able to implement their WPAN application without detailed knowledge on WPAN technologies. Third, WPAN application should work well on the entire manufacturer’s mobile handset. Fourth, we should provide the user with the convenient connection methods. Considering these points, the architecture of the mobile handset will be composed as Fig. 2.

WPAN App.

WPAN App. Manager

WPAN Application (Game Application)

Bluetooth Applications WPAN App. Manager

WPAN API

WPAN Core Core Bluetooth API

WPAN Core

Core Bluetooth Profile

Bluetooth Profiles Platform

Bluetooth Stack

PAL (PAN Adaptation Layer)

Other APIs in Existing Platform

Basic Bluetooth APIs

Basic ZigBee APIs

Basic UWB APIs

PAL PAN Agent

Fig. 2. The overall architecture of WPAN platform in handset

We have implemented WPAN platform using Bluetooth and will extend it to the various WPAN technologies. The shaded parts in the Fig.2 indicate the implemented WPAN platform of the existing entire platform for the handset. 3.2 Structure of WPAN Platform The WPAN platform is designed based on the layer structure. PAL(PAN Adaptation Layer) is the hardware adaptation layer related to WPAN technologies and implemented by manufacturer. There must be standardization on PAL. As each manufacturer has its own API set, the same API set must be provided. In the Platform Layer, the basic API’s are implemented from PAL API’s for device connection and data transfer. Besides API’s related to WPAN, the Platform Layer already has the various API set for UI, memory, process and so on. WPAN Core Layer has the application level API sets for each WPAN technologies. In this paper, we have implemented API sets related to Bluetooth service based on GOEP(General Object Exchange Profile), FTP(File Transfer Profile), OPP(Object Push Profile). WPAN App. Manager is a kind of application managing WPAN applications. These can be developed using the Platform Layer and WPAN Core Layer API sets. Finally, PAN Agent is background process like a daemon which receives WPAN event in the sleep state of the handset, invokes WPAN App. Manager and delivers that event. Fig. 3 shows an event flow for WPAN game setup between two devices.

WPAN Platform Design in Handset Integrating Cellular Network whuG h——“Šˆ›–•G tˆ•ˆŽŒ™Gh

kŒŠŒGh

hœ›– hœ›Œ•›Šˆ›–•

kŒŠŒGi

whuGhŽŒ•›Gi

107

whuG h——“Šˆ›–•G tˆ•ˆŽŒ™Gi

p•˜œ™  —•Š–‹Œ†™Œ˜†ŒŒ•›

p•—œ›G—•Š–‹Œ ၄ —•Š–‹Œ†™Œ˜†ŒŒ•›

wˆ™•Ž ၃ ‹Œˆœ“›†—•Š–‹Œ

၃ kŒŠŒGiGšGšŒ›G ›–G‘—•Š–‹Œ ˆœ›–”ˆ›ŠG”–‹Œ’

wˆ™Œ‹ nˆ”ŒGyŒ˜œŒš›

၄ kŒŠŒGiGšGšŒ›G ›–G‘—•Š–‹Œ ”ˆ•œˆ“G ”–‹Œ’

š——†Š–••ŒŠ› š——†Š–••ŒŠ›Œ‹†ŒŒ•› ၃ š——†Š–••ŒŠ›Œ‹†ŒŒ•› ၄ š——†‹šŠ–••ŒŠ›Œ‹ š——†‹ˆ›ˆ

၃ kŒŠŒGiGšGšŒ›G ›–G‘Žˆ”ŒGˆ‹”šš–•G ”–‹Œ’ ၄ kŒŠŒGiGšGšŒ›G ›–G‘Žˆ”ŒG‹Œ•ˆ“G ”–‹Œ’

Fig. 3. An event flow for WPAN game setup

3.3 Server Infrastructures Fig. 4 shows one example of server infrastructures and service flows for the mobile game. Because there are different kinds of mobile handset, ‘Handset Info Server’ determines whether a certain handset can support a specific game. ‘Payment Server’

Fig. 4. Server infrastructures and flow for mobile game service

108

I.-H. Kim, H.-J. Kim, and G.-M. Jeong

takes the charges when purchasing game, items and scenarios. ‘Contents Registration Server’, ‘Contents Server’ and ‘Game Portal Server’ make contents providers register their game contents and help users to download these game contents. After downloading game, users can enjoy game with nearby players using WPAN. The users of a WPAN group can play with users of the other WPAN groups through the game server using cellular network.

4 Mobile Game Design Using WPAN Platform 4.1 Overview In the conventional mobile game in handset, people used to play locally after downloading new game using cellular network (like CDMA or GSM). Otherwise, users could enjoy online games through cellular network. However, they cannot satisfy user’s expectation in a sense of rivalry. Online game through a cellular network cannot be widely used due to the loose response time and expensive service charge. Though Bluetooth game is provided in GSM environment, there is not much consideration of the connection between cellular network and Bluetooth. Aside from those game services described above, various aspects must be considered. For the first aspect, there is a certain competitor. In the case of local playing game, users should match computer (game software itself). In the case of online game they should compete with uncertain players. Meanwhile, WPAN based game service has benefit to enjoy the game with known players such as friends face to face. Second, users can enjoy realistic match. It is responded irregularly and immediately. Third, the game could be expanded by itself by downloading game scenarios, items, and characters through cellular network. Fourth, the game could be created and played among multi personal area network through cellular network. Under the convergence environment, we can provide various distinctive services with four factors described before. 4.2 Scenarios for the Game Service For the presented mobile game, the possible scenarios are as follows. z z

z

All game players have the same game in their mobile handset. Some of the game players have the same game in their mobile handset, which the others do not have. Nobody has the game in his/her mobile handset.

A user who has the game can ask new user or registered user to play game. A counterpart who receives the event for game request can choose acceptance or rejection. In case of acceptance, WPAN platform checks the existence of same game on the mobile handset, and if there is the same game, WPAN platform execute the game application with an argument which is the Bluetooth address of the opponent’s mobile handset. If there is no same game, WPAN platform invokes WAP (Wireless Applica tion Protocol) browser in order to download the game application on the mobile handset through cellular network. Fig. 5 shows a service scenario example of WPAN game.

WPAN Platform Design in Handset Integrating Cellular Network

109

1. Execute WPAN App. Manager

2. Select Game

3. Create Game Room

4. Connect to opponents

5. Approve opponents

6. Game Room State

7. In case the game doesn’t exist

8. Download the game automatically

Fig. 5. Game request and game start scenarios in wireless personal area network

• • • •

Fig. 6. The game play through the cellular network

In a convergence environment, we can provide various mobile game services by using cellular network. First, we can apply new items or characters to the existed game. It is possible to fill up the consumptive items with the connection of mobile

110

I.-H. Kim, H.-J. Kim, and G.-M. Jeong

payment service. In addition, one can download the scenarios of game itself. Second, it is possible to play game among WPAN game groups. This can be used in a big scale game like a role playing game. It is necessary to implement game server in order to support connection among groups of WPAN game. Considering these characteristics, various applications are being expected using the connection and convergence. Fig. 6 shows the concept of the game play between two WPAN groups through the cellular network.

5 Conclusion and Future Works In this paper, we have presented a WPAN platform for handset and a mobile game service design using the WPAN platform. The WPAN platform discussed in this paper integrates cellular network and WPAN in handset and provides API’s to the application developers. For the management of services and devices, server infra structure has also been considered. Also, a mobile game design is introduced using the WPAN platform. Different from the existing mobile games, various aspects are considered by the connection of cellular network and WPAN, which can expand the area of mobile game and can make new service areas. As shown the proposed game service design, various applications are being expected with the WPAN platform. With this WPAN Platform, we do not need to modify applications although mobile handset may adopt the other WPAN technology. Application developers are able to implement their WPAN application without detailed knowledge about WPAN technologies. WPAN applications work well on the entire manufacturer’s mobile handset as well. The presented WPAN platform and mobile game are about to be launched in Korea by SK Telecom. For the commercialization, seamless recovery algorithm and reconfiguration mechanism are necessary when one user in game group is dropped abnormally. These remain future work.

References 1. 2. 3. 4. 5. 6.

Nokia N-GAGE, http://www.n-gage.com SK Telecom, http://www.sktelecom.com Bluetooth SIG, www.bluetooth.org The Official Website of the ZigBee Alliance, http://www.zigbee.org The Official Website of the WiMedia Alliance, http://www.wimedia.org P. D. Garner, “Mobile Bluetooth networking: technical considerations and applications”, 4th International Conference on 3G Mobile Communication Technologies, pp. 274-276, 2003 7. S. W. Na, G. M. Jeong, and Y. S. Lee, “Design and Implementation of WPAN Middleware for Combination between CDMA and Bluetooth”, Journal of Korean Multimedia Society, vol.8, no. 6, pp 836-843, 2005

WPAN Platform Design in Handset Integrating Cellular Network

111

8. Butler, B.K, King-Chung Lai Saints, K. and Meagher, B “The MSM5100TM cdma2000 + AMPS + gpsOneTM + Bluetooth multimode ASIC for 3G handsets”, IEEE RFIC symposium, pp. 186_A - 186_F, 2002 9. Kanna, H. Wakabayashi, N., Kanazawa, R. and Ito, H, “Home appliance control system over Bluetooth with a cellular phone”, ICCE 2003, pp. 380 – 381, 2003 10. Sze-Toh, K.S. and Yow, K.C., “Usage of mobile agent in configuring WPANs, Control, Automation, Robotics and Vision”, ICARCV 2002, pp. 938 – 943, 2002 11. A. K. Salkintzis, “Interworking Techniques and Architecturees for WLAN/3G Integration toward 4G Mobile Data Networks,” IEEE Wireless Communications, vol. 11, no. 3, pp. 50-61, June 2004 12. Ambient Networks, http://www.ambient-networks.org

Reliable Transporting and Optimal Routing on Rate-Based for Ad Hoc Networks Ming-Hui Tsai1, Tzu-Chiang Chiang1,2, and Yueh-Min Huang1 2

1 Department of Engineering Science, National Cheng-Kung University, Taiwan, ROC Department of Information Management, Hisng-Kuo University of Management, Taiwan [email protected], [email protected], [email protected]

Abstract. Owing to the inflexibility of the structure, the conventional layered protocols suffer from the inability to distinguish between losses due to route failures and congestion. Recently, in efforts to overcome the challenges of dynamic environment in ad hoc networks, there have been increased interests in protocols that rely on interactions between different layers. In this paper, we propose a cross-layer architecture combining the three layers of data link, network, and transport in order to provide reliable transporting and optimal routing on rate-based, termed as RTOR. In accordance with the rate computed at MAC layer, a path with the optimal rate is selected at network layer. While the flow control and reliability is performed by the determination of transmission rate and SACKs at transport layer, respectively. The transport protocol herein is not a variant of TCP but a rehash. In flow control, the transmission rate is adjusted by rate feedback instead of AIMD congestion windows. In reliability, SACK blocks appended to feedback packet are used rather than implication of packet lost by duplicate ACKs. In addition, choosing a path with the optimal rate can balance the network load in an appropriate degree. The evaluation results clearly indicate the significant performance improvement that RTOR provides over default TCP, TCP-ELFN, and ATP.

1 Introduction An ad hoc network is a dynamic wireless network established by a group of mobile nodes on a shared wireless channel without any infrastructure. A communication session is achieved either through single-hop transmission if the recipient is within the transmission range of the source node, or by relaying through intermediate nodes otherwise. For this reason, ad hoc networks are also called multihop packet radio networks [12]. Those characteristics differentiate them from traditional computer networks including lack of infrastructures, mobility, shared channel, and limited bandwidth and, hence, the conventional layered OSI model applied in such circumstance suffers from varying channel and network conditions. Recently, in efforts to overcome this kind of challenges and further improve the performance of wireless mobile networks, there have been increased interests in protocols that rely on interactions between different layers [1, 2]. Such cross-layer approaches to network design seek to enhance the performance by jointly designing X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 112 – 121, 2006. © IFIP International Federation for Information Processing 2006

RTOR on Rate-Based for Ad Hoc Networks

113

multiple protocol layers. Certainly, on the other hand, protocol layers are excessively useful in allowing designing optimally a single protocol layer without the complexity and expertise associated with considering other layers. In [3], it shows that the conventional layered architecture is a reasonable way to operate wireless networks. Therefore, those are imperative to pay ripe deliberation between how to retain appropriately independency of separate layers and how to exploit the convenience from layers coordination. The key-influencing factor is the determination of parameters used as interacting information in the cross-layer architecture. In this paper, we propose a distinct and adaptive cross-layer architecture combining the three layers of data link, network, and transport in order to provide reliable transporting and optimal routing on rate-based. Since the TCP suffers from the varying network conditions in ad hoc networks, the rate-based flow control is adopted instead of the congestion window. Furthermore, the congestion control and reliability mechanisms are decoupled. Congestion control is performed using rate feedback from the network, while reliability is ensured through selective ACKs (SACKs) [13] from the receiver. As to the metric of underlying routing protocols, we use the min-max rate instead of usual hop counts to choose the route supporting the optimal transmission rate. The scheme can balance flows among the whole network and, hence each connection can gain the higher transmission rate and avoid the excessive channel contention at intermediate nodes. To this end, the key parameter exchanging among those three layers is transmission rate which is computed and adapted at MAC layer, used as the metric for choosing routing path at network layer, and fed back to the sender for congestion (flow) control at transport layer. Rate-based transmission assists mainly in improving performance in three ways: first, it can avoid the drawbacks due to the burstiness resulting from windows-based transmission [5] adopted by the popular TCP. Second, it can provide the possibility of preserving stable transmission rate rather than overraise the congestion window resulting in emergence of undesired congestion. Last, it can attain rapidly the suitable and available rate at a certain connection pair behind one single round-trip time (RTT), called as quick start which is superior than TCP’s slow start. The paper is organized as follows. In Section 2 we give a quite intensive overview of cross-layer literature. Section 3 presents our cross-layer design on rate-based including the dynamic rate measurement, optimal route determination, and congestion control and reliability achievement. In Section 4 we describe in details our simulation environment and we evaluate and comment on the performance of the protocols with respect to the selected metrics of interest. Finally, Section 5 concludes the paper.

2 Related Works Recently, a lots of researches indicate that the conventional reliable transporting, e.g. TCP, applied in ad hoc networks suffers from the inability to distinguish between losses due to route failures and network congestion [1], i.e., all losses are just regarded as channel congestion. As we know, the losses are possibly as a result of the frequent route failure in ad hoc networks. In reality, the MAC and routing layer perceive most of the losses as due to route failure. So TCP treats losses as an

114

M.-H. Tsai, T.-C. Chiang, and Y.-M. Huang

Fig. 1. Cross-layer design framework for distinguishing between losses due to route failures and network congestion

indication of congestion turns out to be inappropriate and, even merely slows down the sending rate by adjusting its congestion window resulting in severe performance degradation. There are many cross-layer researches [7, 8, 9, 10, and 11] proposed in recent years, hence, in order to defeat the inability and boost performance by exploiting the explicit notification from network layer, such as route failure notification (RFN) [7] or explicit link failure notification (ELFN) [8], as shown in figure 1. Moreover, TCP’s additive increase multiplicative decrease (AIMD) congestion window limits its ability to acquire spare bandwidth quickly, which is especially important under the varying conditions and often incur underutilization of network resource. In [6] Chen et al. propose an end-to-end rate-based flow control scheme (EXACT) which can react quickly and precisely to bandwidth variation and re-route events. But the end-to-end mechanism requires excessive computation and increases undesired complexity. Therefore, in [5] K. Sandaresan et al. propose a per-node basis scheme (ATP) instead of per-flow basis to compute the available transmission rate. It relies on intermediate nodes that a connection traverses to provide rate feedback information.

3 Cross-Layer Architecture of Reliable Transporting and Optimal Routing Exploiting the coordination among the three layers of data link, network, and transport, we try to provide reliable transporting and optimal routing on rate-based. The proposed cross-layer architecture is shown as figure 2. In each connection pair, there are three roles involved that are sender, receiver, and intermediate node. The different role at different layer presents the different behavior. The concept of our architecture is that the sender’s transmission rate is dependent on the rate feedback from receiver. As to the rate feedback information, the receiver attains it from the intermediate nodes traversed through by this connection pair. In this section, we first highlight the specific form of rate computation at data link layer. We then elaborate the route determination upon the rate from the network layer, i.e., route initiation and recovery and, finally, present the congestion control and reliability mechanisms.

RTOR on Rate-Based for Ad Hoc Networks

115

Fig. 2. Cross-layer design framework on rate-based for reliable transport and optimal route

3.1 Dynamic Bandwidth Measurement at MAC Layer As mentioned earlier, in consideration of varying channel condition and complexity of connection flows, we prefer per-node basis rate computation rather than per-flow basis. At the MAC layer, an exponential average of the queuing delay experienced by frames traversing and an exponential average of the transmission delay experienced by the head-of-line frames are computed at each node and denoted as Q and T, respectively. Q at a node is impacted by the contention between different flows traversing the node and, T is impacted by the contention between the different nodes in the vicinity of that node. Rate Affected by Delay at MAC Layer While a frame flows through the intermediate node, the MAC layer is required to calculate the queuing (Qsample) and transmission (Tsample) delays experienced. The Qsample and Tsample are the time spent by an outgoing frame from queued to dequeued and from dequeued to transmitted successfully, respectively. Both of the values are maintained using exponential averaging as follows:

Qt = Qt −1 * α + Q sample * (1 − α ) Tt = Tt −1 * α + Tsample * (1 − α ) where Qt and Tt are the exponential average after the outgoing packet transmitted successfully. Computation of Transmission Rate and Delivery The longer the delay at a node is, the smaller the transmission rate at a node can use. Each frame includes rate feedback field R (note that which will actually be an inverse of Q + T) that consists of the minimum 1/(Q + T) value at the upstream nodes that frame have traversed through. While the frame is dequeued for transmission, the intermediate node examine whether 1/(Q + T) value at that node is smaller than R or not. If positive, the intermediate node updates the R on the frame to the 1/(Q + T) value. Consequently, the rate is continuously processed along the downstream nodes until its receiver. The transmission rate R of a path is obtained as:

1 } Qi + Ti where p is one of the paths between the connection pair and i is an intermediate node along the path p. R p = min{ i∈ p

116

M.-H. Tsai, T.-C. Chiang, and Y.-M. Huang

A Special Case at an Idle Node To deserve to be mentioned, a special case that there is no other traffic around a node, 1/(Ș* (Q + T)) is used as the rate instead of the normal 1/(Q+T). When the channel around the node is idle, the Q + T values will be determined by the actual delay experienced by the probe frame, i.e., route initiation. However, when the actual data flow begins, frames belonging to the flow will contend with other frames belonging to the same flow at both upstream and downstream nodes. For CSMA/CA, the typical value for Ș is 3. It can be as high as 5 for a path of length 5 or more with a large number hops. 3.2 Min-Max Rate Path Determinations at Network Layer

During connection initiation, or when recovering from a time out, RTOR uses the same mechanism called quick-start as used by ATP to probe for the available bandwidth within a single round-trip time. The sender uses the probing packet (i.e., route discovery in DSR or route request in AODV [14]) along its available paths through intermediate nodes to the receiver. The intermediate nodes, when they forward the probing packet, stamp on the packet the rate feedback in the manner described in section 3.1. Which Path Is the Optimal One? Unlike the distinct layered routing protocols, which perform their forward path setup while receive the first route request (RREQ), in our system the receiver intuitively must wait for an interval to receive the probing packet with the same sequence number from all of the other routes. Of course, it is not essential that the first arrival of the probing packet is via either the shortest path (minimum hop counts) or the optimal path (maximum transmission rate). It only depends on the summation of queuing and transmission delay (L, latency) along its traversed path denoted as:

L p = ¦ (Qi + Ti ) i∈ p

To this regard, the smaller the L value of a path is, the earlier the probing packet is received via the path. The path with the optimal rate is indefinitely the same one with the minimum latency, but it is promised that the transmission rate along the path is definitely effective than others. In other words, there are more packets transmitted along the path during a certain period. In addition, the receiver prefers to the optimal rate path along that the intermediate nodes have born lower network load. The minmax rate path determination balances the network load in an appropriate degree. Refers to figure 3, it is obvious that the intermediate node of connection A is the key and influential node along the shorter path of connection B. The value aside node stands for its transmission rate (R). While the connection A is active, the sender B will choose the longer path as its routing path on our min-max scheme rather than the shorter one. Despite of the larger hop counts, the longer path can support better transmission rate. At the same time, the connection A is not affected by connection B and, hence sustains its better and available transmission rate.

RTOR on Rate-Based for Ad Hoc Networks

Fig. 3. Two possible paths of one connection

117

Fig. 4. Pseudo code for rate adjustment

Response to Link Failure Whenever an intermediate node experiences a link failure at its MAC layer, the network layer at the node is informed about this failure and sends a path failure notification message to the sender of the packet. Similarly, the message is sent back to the sender as TCP-F or ELFN does. RTOR then send the probing packet in order to obtain the optimal transmission rate along a new route to the receiver. The primary diversity is the mechanism of resuming transmitting after route reestablishment in which RTOR uses the probing packet to get the explicit rate feedback, while TCP-F or ELFN just come off the snooze state using the previously frozen congestion window. Hence, performing rate estimation on the new route allows the connection to operate at the true available rate instead of either overutilizing or underutilizing the resource available along the new route. 3.3 Rate Feedback and Reliability at Transport Layer

Unlike TCP, which perform respectively flow control and reliability depending on AIMD congestion windows and duplicate ACKs reception, RTOR performs flow control and reliability mechanisms relying on the periodic feedback from the receiver. In order to send the feedback periodically, the receiver runs an expiration timer (E). Note that the E value should be larger than the round-trip time of a connection, but at the same time must be small enough to track the dynamics of the path characteristics. Rate Feedback Influenced by Incoming Data Packets Before the timer expiry, the receiver performs an exponential averaging of the rate piggybacked on every incoming data packet belonging to a flow:

R flow = R flow *α + Rsample *(1 − α )

where Rsample is the rate piggybacked on the incoming packet and Į is exponential parameter between 0 and 1. As the timer expired, the Rflow value is piggybacked on the periodic feedback packet and fed back to the sender. Rate Feedback Reset by Probing Packets As to the probe packets of connection initiating or recovering from connection failure, those are sent out to elicit rate feedback from the receiver. While the receiver obtains all of the transmission rates through the possible routes, the route with the maximum

118

M.-H. Tsai, T.-C. Chiang, and Y.-M. Huang

rate value (Rprobe) is determined and, then the rate is piggybacked on the response packet (RREP) to the sender on behalf of the data transmission rate. At the same time, the receiver’s Rflow is set to Rprobe while the expiration timer E is reset. Note that Rflow at receiver is on per-flow basis that is different from the Rp on per-node basis at intermediate nodes. Adjustment of Sending Rate While the sender receives the Rflow from the receiver, it adjusts its sending rate according to its original rate (Rsend). To prevent undesired rate fluctuation, a threshold ș is applied to handle the adjustment. It is shown as the figure 4 how the rate is adjusted. If Rsend is larger than Rflow, it indicates that the original sending rate is over the sustainable rate at this connection. For avoiding the emergence of congestion, the sending rate should be adjusted down immediately. Oppositely, if Rsend is smaller than Rflow in excess of Rsend*ș, the sending rate should be adjusted up in an exponential averaging method. Specially, if the available rate Rflow lies within (Rsend, Rsend+Rsend*ș), the sender preserve its sending rate Rsend stably. It is of interest that RTOR operates in a state of poise under the stable network conditions. Reliability Owing to decouple of the flow control and reliability mechanisms, the reliability is achieved by providing SACKs from RTOR receiver to report back any holes observed in the data stream. Since the periodic feedback is not provided for every incoming data packet, but rather on a periodic basis, RTOR use a large number of SACK blocks which always identify the first sequence holes in the data stream. The number of SACK blocks is restricted within 20 while take account of the timer value and packet size as [5]. RTOR does not use a retransmission timeout at the sender and, hence, has to rely on the feedback from the receiver to perform correct error recovery. On timer expiry or receipt of probe packet, the receiver identifies all holes encountered and stamps SACK blocks on the feedback packet. While the sender receives the periodic feedback packet or response packet with SACK information, it updates its SACK scoreboard and identifies packets for retransmission. Of course, the packets marked for retransmission are sent preferentially.

4 Performance Evaluation We use the ns2 network simulator for all the simulations. There are 100 nodes initially placed randomly by ns2 scenarios generator (NSG) within a predefined 1000m x 1000m grid area. The mobility model is the random waypoint model. The 1 and 20 connection pairs (sender-receiver) are randomly chosen from the set of 100 nodes in consideration of the effect of load. In our simulation, the nodal speed is 1m/s, 10 m/s, and 20 m/s within the both of different load scenarios. The underlying

RTOR on Rate-Based for Ad Hoc Networks

119

routing protocol is AODV which has been modified to suit our optimal rate scheme. FTP is the application that is used over TCP for all the flows in the network, while the packets generated are of size 512 bytes. The expiration timer E at receiver is set to one second. The performance of RTOR is evaluated and compared against default TCP (NewReno), TCP-ELFN [8], and ATP [5] for typical network scenarios outlined above. In particular, we have considered the following metrics: 1) congestion window/rate progression 2) aggregate throughput 4.1 Congestion Window/Rate Progression

Snapshots of congestion window/rate progression results for default TCP, TCPELFN, ATP, and RTOR are presented for a single connection and a 20-connections scenario for a speed of 10 m/s in Figures 5 and 6, respectively. The focus here is to highlight the difference between the congestion window and rate adjustment. Obviously, both of default TCP and TCP-ELFN suffer from the congestion window mechanism (AIMD) and result in instantaneous throughput degradation, shown as figure 5(a) and 6(a). Oppositely, the both of rate-based ATP and RTOR can adapt their transmission rate to true available bandwidth on rate feedback, shown as figure 5(b) and 6(b). The reasons which make the difference are: 1) RTOR does not decrease its rate on route failures unless dictated by its rate adjustment mechanism to do so. 2) RTOR is always able to reach to the available transmission rate while route initiation or reestablishment from route failures. 3) RTOR can operate in a state of poise under the stable network conditions. In addition, the observation that RTOR outperforms than ATP is that the former selects its path with the optimal rate while the last disregards the effect of routing paths with different rates.

140

350

120

300

100

250

80

200

60

150

40

100

20

50

0

0

0

10

20

30

(a)

40

50

0

10

20

30

40

50

(b)

Fig. 5. Congestion window/rate progression (1 connection). (a)default TCP and TCP-ELFN (b) ATP and RTOR.

120

M.-H. Tsai, T.-C. Chiang, and Y.-M. Huang

200

140 120

150

100 80

100

60 40

50

20 0

0 0

10

20

30

(a)

40

50

0

10

20

30

40

50

(b)

Fig. 6. Congestion window/rate progression (20 connections). (a)default TCP and TCP-ELFN (b) ATP and RTOR.

4.2 Aggregate Throughput

In figure 7(a), we observe the aggregate throughput affected by different mobility for the single connection scenario. As the mobility increases, the throughput decreases no matter which protocol is used. In addition, it is obvious that the rate-based protocols have better performance due to its quick start and efficiency of network bandwidth utilization. For multiple (20) connections in figure 7(b), similarly, we find the same results in 7(a). It is worth mentioning that RTOR always has better performance than ATP in spite of mobility. Owing to the heavier connection load, RTOR appropriately balance flows among the whole network and, hence each connection can gain the higher transmission rate and avoid the excessive channel contention at intermediate nodes.

(a)

(b)

Fig. 7. Aggregate throughput under (a)1 connection (b)20 connection

5 Conclusion In this paper, we presented a cross-layer architecture combining the three of MAC, network, and transport layers for seeking a solution to the problem of performance

RTOR on Rate-Based for Ad Hoc Networks

121

degradation in mobile ad hoc networks. The frequent route failures and route reestablishments in these environments introduce a new challenge to the TCP congestion control, and lead us to adopt the rate-based flow control despite TCP unfriendness. The limited bandwidth under channel shared is another challenge to the common routing protocols, and induce us to select a path with the optimal rate from the consideration of equilibriums of connection load. Topics for further research include the investigation of TCP friendness on rate-based, furthermore, support of real-time video stream especially taking account of delivery latency.

References 1. A.A. Hanbali, E. Altman, and P. Nain, “A Survey of TCP over Ad Hoc Networks,” IEEE Comm. Surveys & Tutorials 3rd Quarter 2005, vol. 7, no. 3, pp. 22-36. 2. X. Chen, H. Zhai, J. Wang, and Y. Fang, “TCP Performance over Mobile Ad Hoc Networks,” Can. J. Elect. Comput. Eng., Vol. 29, No. 1/2, January/April 2004, pp. 129-134. 3. V. Kawadia and P.R. Kumar, “A Cautionary Perspective on Cross-Layer Design,” IEEE Wireless Comm. Feb 2005, pp. 3-11. 4. E. Setton, T. Yoo, X. Zhu, A. Goldsmith, and B. Girod, “Cross-Layer Design of Ad Hoc Networks for Real-Time Video Streaming,” IEEE Wireless Comm. Aug 2005, pp. 59-65. 5. K. Sundaresan, V. Anantharaman, H.-Y. Hsieh, and R. Sivakumar, “ATP: A Reliable Transport Protocol for Ad Hoc Networks,” IEEE Trans. on Mobile Computing, VOL. 4, NO. 6, NOV/DEC 2005, pp. 588-603. 6. K. Chen, K. Nahrstedt, and N. Vaidya, “The Utility of Explicit Rate-Based Flow Control in Mobile Ad Hoc Networks,” WCNC 2004 / IEEE Comm. Society, pp. 1921-1926. 7. K. Chandran, S. Raghunathan, S. Venkatesan, and R. Prakash, “A Feedback-Based Scheme for Improving TCP Performance in Ad Hoc Wireless Networks,” IEEE Personal Comm. Feb 2001, pp. 34-39. 8. G. Holland and N. Vaidya, “Analysis of TCP Performance over Mobile Ad Hoc Networks,” ACM Wireless Networks, vol. 8, no. 2, Mar 2002, pp. 472-479. 9. T.C. Chiang, M.H. Tsai, and Y.M. Huang, "Adaptive Clustering with Virtual Subnets Support in Ad Hoc Networks", Lecture Notes in Computer Science, Volume 3992 ,pp. 1008–1015, 5/2006. 10. D. Kim, C. Toh, and Y. Choi, “TCP-BuS: Improving TCP Performance in Wireless Ad Hoc Networks,” J.Comm and Net., vol. 3, no. 2, June 2001, pp. 175-186. 11. J. Liu and S. Singh, “ATCP: TCP for Mobile Ad Hoc Networks,” IEEE JSAC, vol. 19, no. 7, July 2001, pp. 1300-1315. 12. M.H. Tsai, T.C. Chiang and Y.M. Huang, "On Scalability and Mobility Management of Hierarchical Large-Scale Ad Hoc Networks", Lecture Notes in Computer Science, Volume 3823 ,pp714 - 723, Dec. 2005. 13. M. Allman, D. Glover, and L. Snachez, “Enhancing TCP over Satellite Channels using Standard Mechanisms,” RFC 2488, Jan.1999. 14. Charles. E. Perkins, AD HOC NETWORKING, Addison-Wesley, 2001. Chapter 5 and 6.

Automatic Extraction of Conversation Protocols from a Choreography Specification of Ubiquitous Web Services Jonghun Park1 and Byung-Hyun Ha2 1

2

Dept. of Industrial Eng., Seoul National University, Seoul, 151-742, Korea [email protected] Dept. of Industrial Eng., Pusan National University, Pusan, 609-735, Korea [email protected]

Abstract. While web service technology is becoming a de facto standard for integration of business applications, it is also rapidly emerging as an effective means for achieving inter-operability among the devices in network centric ubiquitous systems. When such a web service enabled device engages in a conversation with a service provider, it becomes necessary to define an interaction logic required between them. For this purpose, one can use a choreography language to specify the rules of engagement between the device and the web service provider. This paper presents a framework for automatically synthesizing conversation protocols from a choreography description defined in WS-CDL. The proposed framework adopts WSCL as a conversation protocol language, and defines a set of rules that can be used to effectively transform a WS-CDL specification into WSCL documents for collaborating peers. It is expected that the work presented in this paper can enhance the interoperability between web service-based processes in ubiquitous systems through automating the process of extracting conversation protocols from a choreography definition.

1

Introduction

Web services are increasingly embedded in ubiquitous systems not only within a business network [1]. By embedding the web services into virtually any computing devices, it becomes possible for a device to discover and interoperate with other devices and remote services, establishing pervasive network of computers of all form factors and wireless devices. Currently, several ongoing efforts recognize the need for embedding web service capability into devices to enhance interoperability among them as well as with external services. These include Microsoft’s invisible computing project [2], UPnP 2.0 [3], and OMA’s OWSER [4]. Furthermore, recently proposed web service standards, such as WS-Discovery [5] and WS-Eventing [6], are also accelerating the wide deployment of web service technology into ubiquitous computing networks. In this paper, we collectively refer to the web services embedded in the devices of ubiquitous networks as ubiquitous web services. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 122–132, 2006. c IFIP International Federation for Information Processing 2006 

Automatic Extraction of Conversation Protocols

123

Considering the importance of interoperability in realizing the ultimate vision of ubiquitous computing, we envision that making devices web service enabled appears to be a vital approach, and at the same time it necessitates several new breed of research problems to be addressed. In particular, when a device is web service enabled and engages in a conversation with a service provider, it becomes necessary to define an interaction logic required for them in order to coordinate the interactions during autonomous web services conversations. For this purpose, one can use a choreography language to specify the rules of engagement between the device and the web service provider. There are currently two major approaches to describing web services choreographies, namely the global view approach and the individual view approach, depending upon whether they describe either (i) the choreography of an entire system consisting of all potential participants, or (ii) the choreographies expected by each individual participant [7]. WS-CDL (Web Services Choreography Description Language) [8] is a language that takes the global view approach whereas WSCL (Web Services Conversation Language) [9] is one that bases on the individual view approach. Indeed the individual view represents the expected conversation behavior of a single collaborating party, and it describes public aspects of a web service, leaving private aspects such as business logic to specific implementations. For this reason, we call it conversation protocol to distinguish it from the global choreography specification. We identify two conversion problems associated with the approaches mentioned above: The first issue is how to obtain a global choreography specification from the conversation protocols of individual participants. The conversation protocols that specify the interactions among collaborating parties are usually developed independently with an expectation that they can function together, and the problem is to develop a method by which the independently defined conversation protocols can be composed together into a single global choreography. This approach requires the use of a global model that describes the desired flow of messages among the participants, and there have been several research results reported in the literature for this problem [10]. The second issue, which corresponds to the opposite case of the first issue, is to develop a framework that can generate a conversation protocol for each of the collaborating parties from a global choreography definition. The generated conversation protocol can then be used as an end point skeletal behavior description for building an executable process that will be used by a participant to seamlessly interact with the other collaborating processes. Yet, presently there is no concrete computational method available to address this problem. Motivated by this, this paper considers WS-CDL as a global choreography specification language, and proposes a new framework that can support automatic synthesis of conversation protocols described in WSCL from a WS-CDL specification. Our proposed framework for automatic extraction of conversation protocols is expected to not only enhance the interoperability of the web service based interactions but also increase the user acceptance of recently emerged proposals for web service choreography in the emerging ubiquitous service networks.

124

J. Park and B.-H. Ha

The rest of the paper is organized as follows: Section 2 reviews the basic concepts of WS-CDL and WSCL, and then introduces an example scenario that motivates the presented research. In Section 3 we present the proposed framework, and it is demonstrated through the example scenario in Section 4. Finally, Section 5 gives the conclusion and descriptions on the future work.

2

Languages for Web Service Choreography and Conversation Specification

WS-CDL is an XML-based language that describes peer-to-peer collaborations of web service participants through defining, from a global viewpoint, their common and complementary observable behavior, where ordered message exchanges result in accomplishing a common goal [8]. It introduces various components to effectively describe observable behavior of multiple participants within the context of a global model. In order to define a choreography of interactions, one must first define data components such as role types, relationship types, information types, token types, and channel types, and declare necessary variables. Subsequently, a choreography definition is completed by specifying interactions and control flows among them in terms of ordering structures and work units. On the other hand, WSCL allows the abstract interfaces of web services, i.e. the conversation protocols, to be defined. It specifies the XML documents being exchanged as well as the allowed sequencing of these document exchanges. The conversation proceeds from one interaction to another according to the legally defined transitions. The purpose of WSCL is to provide and define the minimal set of concepts necessary to specify conversations. Hence, WSCL describes the public processes in which the participants of a web service engage, and it focuses on the conversation behavior based on the individual participant’s view. Transformation of the data components of a WS-CDL document into the corresponding elements of WSCL for the participant in consideration can be carried out without difficulty if one uses an XML transformation language such as XSLT [11]. This transformation process can be considered as a projection into an individual view out of a global choreography. However, it is not straightforward to transform the control flows defined in a WS-CDL document into those available in WSCL. WS-CDL is rooted on pi-calculus and thus able to provide high-level control flow constructs such as parallel flows and loops whereas WSCL is based on automata formalism where only the finitely many states and transitions are allowed. Therefore, the proposed framework focuses on the problem of transforming the control flows of WS-CDL to those of WSCL, leaving out the other details such as the projection and transformation of XML elements. As a motivating example, we consider the following scenario: A presentation room is equipped with an audio system and a video system, each of which provides a web service for setting up the corresponding equipment. When a user with a mobile computing device such as PDA and smart phone enters the room, the device needs to go through several interactions with the software agent

Automatic Extraction of Conversation Protocols

125

...

...

...



...

...





Fig. 1. A WS-CDL specification for the example scenario

responsible for coordinating the equipment in the room in order to configure the audio and video system appropriately. More precisely, after the login interaction that certifies the mobile device, the setup processes for the audio and video systems are executed in parallel. We consider two available video systems, namely an LCD projector and a curved wall for setting up a virtual reality environment, from which the user can choose. As for the video system, the user is allowed to perform repeated trials for the equipment configuration. We further assume that the choreography requirement is defined by use of WS-CDL whereas the mobile device is configured to carry out conversation based on WSCL. Since WS-CDL itself is not an executable specification, the generation of a WSCL document is necessary for the mobile device and the software agent to interoperate with each other. Based on the above choreography descriptions, a WS-CDL specification can be defined as shown in Figure 1. For the sake of brevity, only the XML elements pertaining to the control flows are shown in Figure 1. The most outer flow control construct is sequence that contains one interaction element and one parallel element which further includes an interaction and workunit. The behavior of the loop is controlled by use of the variable vSetupDone that is initially set to ‘false’ and then changed to ‘true’ when the result of ProjectorSetup or CurvedWallSetup is successful.

3

Proposed Framework

Having introduced the basic notions of WS-CDL and WSCL, we proceed to introduce the proposed approach to automatically synthesizing a WSCL specification from a given WS-CDL document. For the framework descriptions, we only consider the conversations between two parties out of many possible conversations

126

J. Park and B.-H. Ha

defined for multi-parties in WS-CDL, since WSCL can only support peer to peer interactions. Such a transformation for the parties in consideration can be easily carried out by use of projections into specific participants and roles as mentioned in Section 2. We first define the notion of conversation module (CM) that represents a component to be composed. CM is a valid WSCL specification with the constraints that it has a single Interaction of type S and a single Interaction of type F where S and F respectively indicates the start and the finish of the module. The initial step of the proposed framework is to define the following WSCL elements for each exchange element of WS-CDL, Ei . ... ... ...

...

...

The above transformation introduces three WSCL Interactions, Ii , Si , Fi , which respectively represent the considered WS-CDL exchange element, and the start and finish of a WSCL Interaction. It also creates two WSCL Transitions among them. Furthermore, the WS-CDL’s interaction element which the exchange belongs to is also recorded as an additional element so that it can be referred to when traversing the Interaction elements of a WSCL specification during the parallel composition defined later in this section. Note that the transformation of each WS-CDL exchange element yields a valid CM. Once the transformation is carried out for all the exchange elements defined in the WS-CDL, the next step is to construct CMs for the interactions defined in the WS-CDL, which may have more than one exchange element. Two CMs, CMi and CMj , that correspond to the exchange elements contained in an interaction of WS-CDL, are composed into another CMk by using the following rule for sequential composition: 1) Remove the type F Interaction and its associated Transitions from CMi 2) Remove the type S Interaction and its associated Transitions from CMj 3) Introduce new Transitions from all the Interactions that are the sources of the Transitions removed in Step 1) to the Interactions that are the destinations of the Transitions removed in Step 2) Subsequently, the following set of rules are defined in order to effectively transform the WS-CDL control constructs to the corresponding flow logic of WSCL. First, the sequence composition of two CMs, namely CMi and CMj , is computed by use of the above sequential composition rule. Second, the following rules are used to carry out choice composition of two CMs, CMi and CMj . 1) Remove all the Interactions of type S and their associated Transitions from CMi and CMj

Automatic Extraction of Conversation Protocols

127

2) Remove all the Interactions of type F and their associated Transitions from CMi and CMj 3) Introduce a new Interaction of type S, Sk , and new Transitions which connect from Sk to all Interactions that are the destinations of the Transitions removed in Step 1) 4) Introduce a new Interaction of type F , Fk , and new Transitions which connect from all Interactions that are the sources of the Transitions removed in Step 2) to Fk Third, the CM of which the looping behavior is controlled by workunit is transformed into the corresponding WSCL elements by use of the following rules. We let Ts and Tf respectively be the set of Transitions of which the source is the Interaction of type S, and the set of Transitions of which the target is the Interaction of type F . 1) Introduce new Transitions that connect from all the Interactions that are the sources of Tf to all the Interactions that are the destinations of Ts 2) For each Transition introduced in Step 1), record the corresponding exchange element from the WS-CDL document from which Interaction is defined Lastly, for the parallel composition, we construct a shuffle of two CMs, which generates all the possible interleavings between two finite state machines represented by CMi and CMj . That is, while the shuffle obeys the interaction order specified within each CM, it combines two interaction sequences in all possible combinations. During the parallel composition, each Interaction is augmented with an execution history defined as follows in order to identify the next executable Interaction as well as the destinations of its Transitions for repetition. Definition 1 (Execution History). An execution history is a set of Interactions defined in CMs such that if two Interactions in the execution history, Ik and Il , belong to the same CM, then the following two properties hold: a) Ik and Il can be connected by using only the Transitions associated with the Interactions in the execution history b) There is no Interaction, Im , in the execution history such that both of Ik and Il are the destinations of outgoing Transitions of Im From an execution history, we can construct a companion set, named exchange history, in view of WS-CDL specification, which is defined as follows. Definition 2 (Exchange History). Given an execution history containing the set of Interactions that have been executed, the exchange history is defined as a set of exchanges (originally defined in WS-CDL) to which the Interactions of the execution history correspond. Given an execution history, the set of next executable Interactions is characterized by use of the notion of reachability, which is formally defined as follows.

128

J. Park and B.-H. Ha

Definition 3 (Reachability). Let τ be the set of Transitions associated with an execution history such that i) Transitions in τ are not defined for modeling repetitions, and ii) they are not associated with the Interactions of type F in the execution history. An Interaction, Ik , is said to be reachable from the execution history if the following three conditions are satisfied: a) Ik is not a member of the execution history b) Ik is connected from one of the type S Interactions via the Transitions in τ c) The set defined by adding Ik to the given execution history is also an execution history Based on the above definitions, the synthesis procedure for the parallel composition is described below in three phases: merging, repetition handling, and post-processing. The first phase that merges two CMs is formally defined as follows: 1) Introduce a new Interaction of type S, Sk , and annotate it with an empty execution history 2) For each I that is newly introduced from the previous step, perform Step 3) and go to Step 8) 3) For each Interaction, Ir , defined in the given CMs, perform Step 4) through Step 7), if Ir is reachable from the execution history of I 4) Introduce a new Interaction, In , for each Ir , and record the original exchange element corresponding to Ir in In 5) Annotate In with the execution history generated by adding Ir to I’s execution history 6) If there exists an Interaction, Ie , of which the original exchange element and the exchange history are identical to those of In , then replace In with Ie 7) Add a new Transition from I to In 8) If there is an Interaction that is newly introduced, go to Step 2) We remark that, in Step 4) of the above merge procedure, recording of the original exchange element defined in the WS-CDL document is necessary to relate an Interaction element of a WSCL specification with the exchange element it refers to. Next, the Transitions defined for handling the loops are taken care of by the following procedure. 1) For every Transition in the given CMs, Tr , that is defined for modeling a loop, carry out Step 2) with Er , the set of exchange elements recorded in Tr 2) For each Interaction, Is , whose original exchange is identical to that of Tr ’s source Interaction, carry out Step 3) and Step 4) 3) Add the Transitions from Is to each Interaction It where It is an Interaction such that the result of subtracting It ’s original exchange from It ’s exchange history is identical to that of subtracting Er from Is ’s exchange history 4) Record Er for all the Transitions added in Step 3)

Automatic Extraction of Conversation Protocols

129

Fig. 2. An example illustrating the synthesis procedure when the parallel composition is performed for the Interaction element with a loop

Finally, we define the following post-processing procedure to produce a valid WSCL document. 1) Introduce a new Interaction of type F , Fk 2) Introduce Transitions from every Interaction which has no outgoing Transition to Fk 3) Remove the CMs that are given as an input and clear the annotations from all Interactions The process of parallel composition becomes complex particularly when it is applied to the Interaction element that has a loop. In order to more clearly explain the procedures for the loop transformation in conjunction with parallel composition, we consider the example shown in Figure 2. Given a WS-CDL specification shown in Figure 2 (a), we obtain the partial result shown in Figure 2 (b) after applying the transformation procedure defined for workunit. In Figures 2 (b) and (c), each CM is depicted as a state transition diagram with two circles that respectively represent the Interactions of types S and F and with rectangles that represent the other Interactions. A Transition is depicted as an arrow while it is shown as a dotted arrow if it is defined for modeling a loop. Furthermore, an Interaction other than those of the types S and F is also associated with a label that denotes the name of the Interaction as well as the name of the original exchange element it corresponds to. We name the Interactions as I1 , I2 , and I3 , and their original corresponding exchanges in the WS-CDL document as E1 , E2 , and E3 , respectively. As shown in Figure 2 (b), the procedure for workunit transformation results in the Transition introduced to model the loop and the associated exchange elements recorded for it (i.e., {E1 , E2 }). We then apply the first phase of the parallel composition, and obtain the intermediate result that can be constructed by removing the dotted arrows and the Interaction of type F and its incoming transitions from Figure 2 (c). The execution histories computed during the first

130

J. Park and B.-H. Ha

phase are recorded as an annotation in the Interaction. For instance, I7 in Figure 2 (c) has the execution history of {I1 , I3 } associated with it. As an example to discuss Steps 3) through Step 7) defined in the first phase of the parallel composition, consider I10 created from I7 (with the execution history {I1 , I3 }) for the first time, due to the fact that I2 of Figure 2 (b) is reachable from the execution history {I1 , I3 }. The original exchange element of I10 becomes E2 since the I2 ’s original exchange is E2 and the execution history of I10 is computed by adding I2 to the execution history of I7 . Hence, the exchange history of I10 then becomes {E1 , E2 , E3 }. Continuing with I8 , we find that a newly introduced Interaction has the same set of original exchange elements and the exchange history as I10 . Consequently, this new interaction is removed, and the transition between I8 and I10 is added instead. That is, this example signifies the fact that, when the exchange histories and the corresponding exchange elements are same for two Interactions in WSCL, they can be modeled as a single Interaction. Step 3) of the second phase of the parallel composition is essentially to invalidate the exchange elements that have already been executed, through identifying the exchange elements that can be re-executed when a repetition occurs. For instance, I10 is a state in which each of exchanges, E1 , E2 , and E3 have been carried out at least once, and the Transition from I10 to I8 represents that, the E1 and E2 are required to be performed again once the repetition occurs. Note also that, the execution of E3 is prohibited after E3 has been executed once. The resulting WSCL after applying all three phases of the parallel composition is shown in Figure 2 (c). Given a WS-CDL document that is tree-structured, the proposed synthesis procedure starts from the leaf elements of the document, and then recursively applies the procedures mentioned above to each parent node in the document according to the type of the composition in consideration. We remark that the traversal order by which the procedures are applied does not change the final result.

4

An Example Application

In this section, we demonstrate the effectiveness of the proposed approach through an example. We apply the proposed synthesis procedure to the example WS-CDL shown in Figure 1, and obtain the WSCL specification with 10 Interactions (two being the Interactions of type S and F ) and 17 Transitions after removing the interactions of type S and F from the resulting CM. The detailed steps as well as the intermediate results for generating a WSCL specification out of a WS-CDL document are illustrated in Figure 3. First, Figure 3 (a) shows the given WS-CDL from which the initial CMs are derived as illustrated in Figure 3 (b). For the sake of simplicity, we rename the original exchange elements of the WS-CDL as follows: E1 for the ‘sendId’ exchange element of ‘Login’ Interaction of Figure 1, and E2 for the ‘exchangeAudioInfo’ exchange element of ‘Audio Setup’ Interaction of Figure 1, and so on.

Automatic Extraction of Conversation Protocols

131

Fig. 3. Illustration of steps for automatically generating a WSCL specification

For each CM, the Interactions of type S and F are represented as circles while the other Interactions are represented as rectangles with a label denoting the name of the Interaction and the name of the original exchange element it corresponds to. For instance, I9 (E4 ) of the step (e) indicates that the name of Interaction is I9 and the original exchange element in WS-CDL it refers to is E4 (i.e., ‘exchangeCurvedWallInfo’ element in Figure 1). Furthermore, Transition elements of WSCL are represented as arrows except those Transitions introduced to model the loop, which are represented as dotted arrows. Figure 3 (c) shows the intermediate result after applying the rules defined for the choice composition, and Figure 3 (d) shows the result of transforming the workunit control structure. Finally, Figures 3 (e) and (f) respectively show the results obtained after the parallel and sequence compositions are performed.

5

Conclusion

The recently emerged web services choreography languages such as WS-CDL and WSCL represent significant steps towards building platform-independent, distributed, flexible web service applications. In this paper, we addressed the problem of automatically generating a conversation protocol that represents the

132

J. Park and B.-H. Ha

individual participant’s view on a given global choreography definition. The conversation protocol specification obtained by the proposed framework describes the public behavior of the considered endpoint, and therefore can serve as a skeleton for building executable process, supporting seamless interoperability between the participants of interacting web services in ubiquitous networks. Future work will aim at implementing the proposed framework by use of XSLT patterns that effectively model the synthesis rules presented in the paper. Another future work will be to apply the proposed approach to other classes of conversation protocol languages. Acknowledgments. This work was supported by the Korea Research Foundation Grant funded by the Korean Government(MOEHRD) (KRF-2005-041-D00917).

References 1. Sashima, A., Izumi, N., Kurumatani, K.: Location-mediated coordination of web services in ubiquitous computing. In: Proceedings of the IEEE Intl Conf. Web Services (ICWS04). (2004) 2. Microsoft: The microsoft invisible computing project. Web site, Microsoft (2006) http://research.microsoft.com/invisible/. 3. UPnP: The UPnP forum. Web site, UPnP (2006) http://www.upnp.org. 4. OMA: OMA web services enabler (owser): Overview. Document, OMA (2004) http://www.openmobilealliance.org/. 5. Beatty, J., et al.: Web services dynamic discovery (ws-discovery). Specification, Microsoft (2005) http://msdn.microsoft.com/library/en-us/dnglobspec/html/WSDiscovery.pdf. 6. Bank, D., et al.: Web services eventing (ws-eventing). Specification, BEA (2004) http://ftpna2.bea.com/pub/downloads/WS-Eventing.pdf. 7. Brogi, A., Canal, C., Pimentel, E., Vallecillo, A.: Formalizing web service choreographies. In: Proceedings of the First International Workshop on Web Services and Formal Methods. (2004) 8. Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0. W3C candidate recommendation, World Wide Web Consortium (2005) http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109/. 9. Banerji, A., Bartolini, C., Beringer, D., Chopella, V., Govindarajan, K., Karp, A., Kuno, H., Lemon, M., Pogossiants, G., Sharma, S., Williams, S.: Web Services Conversation Language (WSCL) 1.0. W3C note, World Wide Web Consortium (2002) http://www.w3.org/TR/2002/NOTE-wscl10-20020314/. 10. Milanovic, N., Malek, M.: Current solutions for web service composition. IEEE Internet Computing 8(6) (2004) 51–59 11. Clark, J.: XSL Transformations (XSLT) Version 1.0. W3C recommendation, World Wide Web Consortium (1999) http://www.w3.org/TR/xslt.

Inter-sector Interference Mitigation Method in Triple-Sectored OFDMA Systems JungRyun Lee, Keunyoung Kim, and YongHoon Lim R&D Center, LG-Nortel Co., Anyang, South Korea {jylee11, kykim12, yhlim0}@lg-nortel.com Abstract. In this paper, a network-centric subcarrier allocation method is proposed for triple-sectored Orthogonal Frequency Division Multiple Access (OFDMA) systems. The proposed method is based on a networkcentric algorithm that is located in a base station (BS) and coordinates the subchannel allocation of each sector. This method controls the resources (subchannels) allocated to each sector, not to waste available bandwidth and avoid inter-sector interference as much as possible. Two methods are suggested for the subchannel allocation method and the detailed algorithms for each method are provided. Simulation results show that the suggested method achieves better throughput than the distributed subchannel and adjacent subchannel configuration methods under a proportional fair algorithm.

1

Introduction

There has recently been a surge of interest in OFDMA for broadband, high datarate wireless communication. Achieving high transmission rates depends on the system’s providing efficient and flexible resource allocation. Recent studies [1][4] on resource allocation demonstrate that significant performance gains can be obtained if scheduling techniques, such as frequency hopping and adaptive modulation, are used in subcarrier allocation, assuming knowledge of the channel gain in the transmitter. At their most basic, each cell of a cellular system has three sectors, each with its own configuration. To maximize the spectral efficiency in OFDMA system with a triple-sectored cell structure, it is desirable to use an aggressive frequency reuse plan, e.g., the same and whole spectrum is used for multiple neighboring cells and each sector of a cell [5]. In this case, significant cochannel interference is present for sectored OFDMA systems, which results in severe performance degradation, especially at the cell boundaries. To mitigate the inter-cell/sector interference, many interference-tolerant methods have been proposed, such as the Adjacent Permutation Method (APM) and the Distributed Permutation Method (DPM). APM uses adjacent subcarriers to form subchannels. Due to the adjacency of subcarriers, it works well with Adaptive Modulation and Coding (AMC) and Adaptive Array Systems (AAS). DPM allows full-channel diversity by evenly distributing the subcarriers to subchannels. When APM is used, a subchannel is composed of a branch of adjacent subcarriers and these subcarriers are the same across the cells/sectors if the index X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 133–143, 2006. c IFIP International Federation for Information Processing 2006 

134

J. Lee, K. Kim, and Y. Lim

of the subchannel is the same. In this case, if two or more different cells/sectors allocate the same subchannel at the same time, the throughput performance of the system degrades due to inter-cell/sector interference. In the case of DPM, the number of subcarriers assigned across cells or sectors are proportional to the traffic load1 of neighboring cells or sectors since the subcarriers are evenly distributed across the subchannels. Thus, average interference in a cell increases as the traffic load of other cells/sectors increases.

a

b

g

a

b

g

Fig. 1. Blind and BS-centric scheduler concept

The scheduler in each cell or sector may be termed ‘blind’ in the sense that it does not know which subchannel is allocated in other cells/sectors. In the case of APM, this property may cause significant interference as the number of assigned subchannels across the cells/sectors increases. Fig. 1 a) shows the worst case with respect to intersector interference. Fig. 1 b) shows the ideal subchannel allocation with respect to the reduction of intersector interference. This figure illustrates the necessity of a network-centric method for allocating subchannels. It should be noticed that the proposed network-centric scheduler can be applied across neighboring cells, but, due to the bandwidth limitation of real-time signaling overhead in a multicell environment, we focus on the subchannel allocation strategy in one BS, as shown in Fig. 1.

2

CINR Calculation

By intelligently allocating subchannels to each user, we can improve the carrier to interference and noise ratio (CINR). As a result, we can also expect improvement in throughput. The CINR value will differ with different multiple access 1

The traffic load of each sector is defined as the ratio of the number of subchannels allocated to users to the number of whole subchannels in a sector or cell.

Inter-sector Interference Mitigation Method

135

schemes or with different subchannel permutation methods. We propose a CINR calculation model for each permutation method in OFDMA systems. It is assumed that power is assigned equally to the subchannels in use and the channel gain of each subchannel is represented by an average value of each subcarrier’s channel gain in a subchannel. The interference power in a subchannel from other cells/sectors will be linearly proportional to the number of subcarrier hits2 in a subchannel. Then, for a receiver belonging to sector j, the received m power3 in m-th subchannel from transmitter i, Pi,j , is given by m Pi,j =

1 Si gm · δm , Niused i,j N subca i,j

(1)

where Si is the transmitting power from transmitter i, Niused is the number m is the average channel gain of of allocated subchannels in transmitter i, gi,j m-th subchannel between transmitter i and receiver j, N subca is the number of m subcarriers in each subchannel, and δi,j is the number of subcarrier hits in m-th Si 1 m subchannel. In eqn (1), N used gi,j N subca is the received power of each subcarrier. i m The value of δi,j varies depending on the permutation methods. In DPM, it is assumed that each subchannel in a cell is composed of evenly distributed subcarriers. Thus, the number of subcarrier hits in each subchannel is the same m is given by for each subchannel, and δi,j m δi,j =

N subca · Njused , N subch

(2)

where N subch is the number of subchannels in each sector. In APM, δi,j is given by 

m δi,j = N subca , if m-th subchannel is allocated across the sectors, m δi,j = 0, otherwise.

(3)

For i = j which is the case that the receiver belongs to the same sector of m the transmitter, it is natural that δi,j = N subca . Finally, the CINR of m-th subchannel for the receiver i, γim is given by m Pi,i m j=i Pj,i + Gi

γim = 

(4)

where Gi is additive white Gaussian noise at the receiver i. 2 3

The case that the same subcarrier is assigned across sectors at the same time. It is assumed that if i = j, the receiver is located in a different sector of the transmitter, thus, the received power acts as interference power, and if i = j, the receiver is located in the same sector of the transmitter, thus, the received power acts as signal power.

136

3 3.1

J. Lee, K. Kim, and Y. Lim

Proposed Algorithm Subchannel Allocation Strategies

The subchannels are categorized into four classes according to the usage pattern in a triple-sectored cell. – – – –

Class Class Class Class

A: subchannel not assigned by any sector. B : subchannel assigned by only one sector. C : subchannel assigned by any two sectors. D: subchannel assigned by all three sectors.

a

B a

L

LA

LCa , b LBb

LD

LCg , b

LCa ,g LBg g

b

Fig. 2. Schematic representations of used parameters

Let the ΛA , ΛD be the ratio of subchannels included in Class A and Class D to all available subchannels, respectively. The ratio of subchannels included in sector i and the ratio of subchannels included in both sectors j and k to all C C available subchannels are defined as ΛB i and Λj,k , respectively. Clearly, Λj,k = C Λk,j . The ratio of subchannels included in Class B and Class C to all available B B C C C C subchannels is expressed as ΛB := ΛB α + Λβ + Λγ and Λ := Λα,β + Λβ,γ + Λγ,α , respectively. From the above definitions, the following equality is easily verified. (Refer to Fig. 2.) ΛA + ΛB + ΛC + ΛD = 1.

(5)

Let the ωα , ωβ and ωγ be the traffic load of α, β and γ sector, respectively. Our first strategy is to use as many subchannels as possible in a cell (not sectors) to reduce the number of subchannels assigned across sectors. This strategy entails the minimization of ΛA (Min Class A). When ωα + ωβ + ωγ ≤ 1, this strategy B B is easily implemented by setting ΛB α = ωα , Λβ = ωβ and Λγ = ωγ as shown C D in Fig. 1. b). In this case, Λ = Λ = 0 and ΛA = 1 − (ωα + ωβ + ωγ ) which is the minimum value. Notice that δi,j = 0 for all subchannels assigned to each

Inter-sector Interference Mitigation Method

137

sector, which means that there is no intersector interference. On the other hand, when ωα + ωβ + ωγ > 1, the minimum value of ΛA is 0 and there should be some subchannels included in Class C or Class D under the Min Class A strategy. To reduce intersector interference, it is desirable to minimize the value of ΛC and ΛD . Specifically, it is more desirable to reduce the value of ΛD than that of ΛC , since a Class D subchannel causes more severe intersector interference than a Class C subchannel. Proposition 1 shows the relationship between the value of Class C and that of Class D. Proposition 1. Under the assumption that Min Class A is satisfied and the sum of traffic load of each sector is larger than 1, the number of Class C subchannels is minimized (maximized) if and only if the number of Class D subchannels is maximized (minimized). Proof. From the definitions of used parameters, we derive the following three equations: C C D for {i, j, k} ∈ {α, β, γ} ωi = ΛB i + Λi,j + Λi,k + Λ

(6)

Summing up all equations results in the following equation. ωα + ωβ + ωγ = ΛB + 2ΛC + 3ΛD .

(7)

Eliminating the variable ΛB in (7) by applying (5) and ΛA = 0 results in the following equation. ΛC + 2ΛD = ωα + ωβ + ωγ − 1.

(8)

Notice that the right side of equation is a fixed value that leads to the conclusion. From Proposition 1, we can verify that it is not possible to reduce simultaneously all subchannels that induce intersector interference (Class C and Class D subchannels). There are, therefore, two options: to maximize ΛC or to maximize ΛD . Proposition 2 shows the relationship between ΛB and ΛC (ΛD ). Proposition 2. Under the same assumption as Proposition 1, the number of Class B subchannels is maximized (minimized) if and only if the number of Class C (Class D) subchannels is maximized. Proof. Eliminating the variable ΛC in (7) by applying (5) and ΛA = 0 yields the following equation: ΛB = 2 − (ωα + ωβ + ωγ ) + ΛD .

(9)

which leads to the conclusion combining with Proposition 1. In the Max Class C method, the less likely it is that users will be free from intersector interference (because there are fewer Class B subchannels) or experience severe intersector interference (because there are fewer Class D subchannels).

138

J. Lee, K. Kim, and Y. Lim

As a trade-off, the more likely it is that users will experience less intersector interference than users who are allocated Class D subchannels (because there are more Class C subchannels). By contrast, the Max Class D method ensures the greatest possible number of Class B subchannels. Since Class B subchannels are free from intersector interference, the number of subchannels causing intersector interference is reduced. As a trade-off, the users to whom Class D subchannels are allocated experience more severe intersector interference. The following two subsections describe how to determine the value of ΛYx for Max Class C and Max Class D, respectively. As discussed in the paragraph following Eqn. (6), when ωα + ωβ + ωγ ≤ 1, it is trivial to meet the Min Class A strategy. Since there is no Class C or Class D subchannel, the Max Class C and Max Class D strategies are meaningless. Thus, the following two subsections consider only the case of ωα + ωβ + ωγ > 1, thus, ΛA = 0 and the subchannel usage ratio4 becomes 1. 3.2

Subchannel Assignment Method of Max Class C

Consider the case of 1 < ωα + ωβ + ωγ ≤ 2. Suppose all of the subchannels are included in Class B. Then, the subchannel usage ratio becomes ωα + ωβ + ωγ , which is larger than 1. This means that there should be some Class C or Class D subchannels. However, in Max Class C, there is no need for Class D subchannels ω +ω +ω to exist since the subchannel usage ratio becomes α 2β γ < 1 with the assumption that all subchannels are included in Class C. Thus, in this case, all of the subchannels of each sector are included in Class B or Class C, and ΛD = 0. The number of subchannels included in Class C in the cell is expressed as ΛC =

B B ωα − ΛB α + ωβ − Λβ + ωγ − Λγ . 2

(10)

So, combining ΛA = ΛD = 0 with (5), B B ΛB α + Λβ + Λγ +

B B ωα − ΛB α + ωβ − Λβ + ωγ − Λγ = 1. 2

(11)

B B We set the proportions among ΛB α , Λβ and Λγ to ωα : ωβ : ωγ so that the proportion of Class B subchannels in each sector is the same as the proportion of the traffic load in each sector (aα : aβ : aγ = ωα : ωβ : ωγ ). Then, ΛB α is given by

ΛB α =

ωα (2 − (ωα + ωβ + ωγ )) . ωα + ωβ + ωγ

(12)

B B ΛB β and Λγ are derived in a similar way. On the other hand, ωα − Λα subchannels should be included in Class C subchannels. Here, we need to determine the 4

The subchannel usage ratio is defined as the number of subchannels that are allocated to at least one sector divided by the number of subchannels in a cell, namely, ΛB + ΛC + ΛD .

Inter-sector Interference Mitigation Method

LCa ,g = wa =

5 8

5 32

LBa =

7 32

LCa , b =

C b ,a

L 4 wb = 8 LCg ,a = wg =

3 8

5 32

Class A : 0

8 32

8 = 32

139

Class B : 16/32

5 C 3 L = L = 32 b ,g 32 B b

LCg , b =

3 B 4 Lg = 32 32

Class C : 16/32 Class D : 0

Fig. 3. Example of Max Class C method (ωα = 5/8, ωα = 4/8, and ωγ = 3/8.) C exact values of ΛC α,β and Λα,γ . From the following equations (13) and (14), we C can obtain the exact value of ΛC α,β and Λα,γ . B C ΛC α,γ + Λα + Λα,β = ωα .  B ωα + ωβ − ΛC α,β + Λγ = 1.

(13) (14)

The value of ΛC β,γ is derived in a similar way. Consider the case of 2 < ωα + ωβ + ωγ ≤ 3. If all subchannels belong to Class B or Class C, the subchannel usage ratio should be larger than 1, which is absurd. So, there should be Class D subchannels. Since ωα + ωβ + ωγ > 2, the number of Class B subchannels should be 0 in order to maximize the number of Class C subchannels. Thus, we can get the exact value of ΛD from the following equations: ωα − ΛD + ωβ − ΛD + ωγ − ΛD + ΛD = 1. 2

(15)

The value of ΛC i,j can be obtained based on a derivation procedure similar to that used when 1 ≤ ωα + ωβ + ωγ < 2. Fig. 3 shows an example of the Max Class C method when the total traffic load is 1.5. It guarantees the minimum possible number of Class B subchannels, and there are 0 Class D subchannels. Notice that the exact placement of each subchannel may differ, according to the scheduling policy. 3.3

Subchannel Assignment Method of Max Class D

We assume ωα ≥ ωβ ≥ ωγ without loss of generality. The maximum value of ΛD becomes ωγ . By combining ωγ ≥ ΛD and (8), the following inequality holds: ωα + ωβ − ωγ − 1 ≤ ΛC .

(16)

From Prop. 1, ΛC should be minimized under Max Class D. Suppose that ωα + ωβ ≤ ωγ + 1. Then, we can set ΛC = 0. In this case, all subchannels of each

140

J. Lee, K. Kim, and Y. Lim

LD = wa =

5 8

8 32

LBa =

12 32

Class A : 0

LBb = wb =

4 8

Class B : 24/32

8 32

Class C : 0

LBg = wg =

3 8

4 32

Class D : 8/32

Fig. 4. Example of Max Class D method (ωα = 5/8, ωα = 4/8, and ωγ = 3/8.)

sector are included in Class B or Class D. By the Min Class A strategy, we have the following equality: (ωα − ΛD ) + (ωβ − ΛD ) + (ωγ − ΛD ) + ΛD = 1.

(17)

ω +ω +ω −1

D From (17), ΛD = α β2 γ , and ΛB follows. k = ωk − Λ Consider the case of ωα + ωβ > ωγ + 1. In this case, we set ΛD = ωγ which is the maximum value of ΛD . From (8),

ΛC = ωα + ωβ + ωγ − 1 − 2ΛD = ωα + ωβ − ωγ − 1.

(18)

From (5), (18) and ΛA = 0, ΛB = 2 − ωα − ωβ . With the same assumption (aα : aβ : aγ = ωα : ωβ : ωγ ) used in subsection 3.2, ΛB α is given by ΛB α =

ωα (2 − (ωα + ωβ )) . ωα + ωβ + ωγ

(19)

B C ΛB β and Λγ are calculated by similar way. Also, Λi,j are derived from (13) and (14). Fig. 4 shows an example of the Max Class D method when the total traffic load is 1.5. It guarantees the maximum possible number of Class D subchannels, and there are 0 Class B subchannels since ωα + ωβ ≤ ωγ + 1. As with Max Class C, the exact placement of each subchannel may differ according to the scheduling policy.

4

Simulation Design

For simulation environment, 1024-FFT for 10 MHz bandwidth is assumed for an OFDMA channel configuration. The number of subchannels (N subca ) for APM and DPM are the same as 32. Simulation runs were based on the Monte Carlo method with 100, 000 trials. In each trial, 10 users were generated in the center cell and the locations of users were uniformly distributed in the cell. We assumed that each user always had traffic to be sent, which setup is usually called a full-buffered traffic model. The center cell was surrounded by 18

Inter-sector Interference Mitigation Method

141

Table 1. CINR - data rate mapping table Min CINR[dB] Data rate[kbps] Min CINR[dB] Data rate[kbps] -6.6 38.4 7.8 460.8 -4.1 57.6 12.3 691.2 -1.1 115.2 15.4 921.6 2 230.4 18.5 1152

cells which contribute intercell interference, and the radius of each cell was assumed to be 1 km. The antenna pattern in a triple-sectored cell is expressed as θ A(θ) = −min[12( 70 ), 20] where −180 ≤ θ ≤ 180 [6]. We assumed that intercell interference resulted from fully-loaded cell. That is, all subchannels and maximum power are used in other cells. The interference from other sectors in the center cell was calculated from the actually allocated subchannels according to Max Class C, Max Class D, APM and DPM, respectively. The traffic load in the center cell was averaged over α, β and γ sectors where ωα = (i + 1)/8, ωβ = i/8, and ωγ = (i − 1)/8 for 1 ≤ i ≤ 7. For the channel model, we considered only a path-loss model [7], which is given by L = 35.2 log10 D + 137.32 where D is the distance between a transmitter and a receiver. For scheduling policy, we used a proportional fair algorithm with window size 1000 that acknowledges feedback about the channel quality for each user. It chooses the user i that maximizes DRCi (t) where Ri (t) is an exponentially smoothed average of the service rate Ri (t) received by user i and DRCi (t) is the amount of data that can be transmitted to user i in time slot t [8]. The system performance of the proposed algorithm was evaluated by the average throughput of the target cell. Average throughput was derived from the CINR-throughput relationships which resulted from the link level simulation results combining with AMC operation. Table 1 shows the mapping table between CINR and achievable data rates.

5

Result

Fig. 5 shows the average throughput as a function of average traffic load of the target cell. The result shows that average throughput of Max Class C is better than that of APM, DPM and Max Class D. However, when the average traffic load is high, the gain from the proposed algorithms is less, since there is less opportunity for the proposed algorithm to select the subchannels included in Class B, and almost all subchannels belong to Class C or Class D. The difference in throughput gain between Max Class C and Max Class D increases as the offered traffic load increases, which indicates that Max Class C performs better than Max Class D. This result means that, with respect to mitigation of intersector interference, it is desirable to avoid the Max Class D method as traffic load is increasing, even though there are more Class B subchannels under Max Class D method. Furthermore, the throughput of Max Class D is worse than that of APM when the traffic load is high. However, when the average traffic load

142

J. Lee, K. Kim, and Y. Lim

Fig. 5. Throughput as a function of average traffic load

is less then 3/8, the throughput difference between Max Class C and Max Class D is negligible because almost all the subchannels of each sector are expected to be included in Class B. (Notice that when the sum of the traffic loads of each sector is less than 1, all subchannels are included in Class B subchannel by the Min Class A strategy.)

6

Conclusions

We proposed a BS-centric method for subchannel allocation, based on APM in a triple-sectored BS. When using this algorithm, signaling cost and required bandwidth are very small, due to the adjacency of each sector. We classified the subchannels into four categories according to the usage pattern in the BS. By minimizing the number of Class A subchannels, the whole spectrum of the base station is divided efficiently in the service of mitigating intersector interference. With the assumption of the Min Class A method, Max Class C and Max Class D methods are proposed and the detailed algorithms to realize the proposed two methods are suggested. Simulation results show that, with respect to average throughput of the target cell, the proposed Max Class C method performs better than APM, FPM and Max Class D under a proportional fair algorithm with window size 1000.

References 1. I. Koutsopoulos and L. Tassiulas, ”Channel state-adaptive techniques for throughput enhancement in wireless broadband networks”, INFOCOM 2001, vol. 2, pp. 757-766, 2001.

Inter-sector Interference Mitigation Method

143

2. C. Y. Wong, R. S. Cheng, K. B. Letaief, and R. D. Murch, ”Multiuser OFDM with adaptive subcarrier, bit, and power allocation”, IEEE J. Select. Areas Commun., vol. 17, no. 10, pp. 1747-1758, Oct. 1999. 3. Y. Zhang and K. B. Letaief, ”Multiuser subcarrier and bit allocation along with adaptive cell selection for OFDM transmission”, ICC 2002, vol. 2, pp. 861-865, 2002. 4. M. Ergen, S. Coleri and P. Varaiya, ”QoS aware adaptive resource allocation techniques for fair scheduling in OFDMA based broadband wireless access systems”, IEEE Trans. on Broadcasting, vol. 49, no. 4, pp. 362-370, Dec. 2003. 5. A. Ghosh et al, ”Broadband Wireless Access with WiMax/802.16: Current Performance Benchmarks and Future Potential”, Communications Magazine, IEEE, vol. 43, no. 2, pp.129-136, Feb. 2005. 6. 3GPP2 C.R1002-0, ”cdma2000 Evaluation Methodology”, Wireless Networks, Dec. 2004. 7. ITU-R, M.1225, ”GUIDELINES FOR EVALUATION OF RADIO TRANSMISSION TECHNOLOGIES FOR IMT-2000”, 1997. 8. D. M. Andrews, ”Instability of the proportional fair scheduling algorithm for HDR”, IEEE Trans. Wireless Commun., vol. 3, no. 5, pp. 1422-1426, Sep. 2004.

File Correspondences Dictionary Construction in Multilingual P2P File Sharing Systems Hongding Wang1,2, Shaohua Tan1,2, Shiwei Tang1,2, Dongqing Yang1, and Yunhai Tong1,2 1

School of Electronics Engineering and Computer Science, 2 National Laboratory on Machine Perception Peking University, 100871, China {hdwang, tsh, tsw, dqyang, yhtong}@pku.edu.cn

Abstract. Sharing files discovery is a fundamental problem in P2P networking. This paper presents a name-based approach for identifying sharing file correspondences in multilingual P2P systems. The problem is first analyzed through comparing the names of the sharing files in different nodes of a real P2P community, which name those files in different languages. Then based on the relationships of those files names, a computer-aided method is proposed to solve the problem. Furthermore, the framework and identifying procedure of this method have been discussed in the paper.

1 Introduction Nowadays, Peer-to-Peer (P2P) systems, which are distributed systems consisting of interconnected nodes able to self-organize into network topologies with the purpose of sharing resources such as content, CPU cycles, storage and bandwidth, are very popular in resource sharing field. They are capable of adapting to failures and accommodating transient populations of nodes while maintaining acceptable connectivity and performance without requiring the intermediation or support of a global centralized server or authority [1]. Due to such characteristics, users are free to join and leave at any time in P2P system [26]. Dynamic resource discovery in different nodes is a central problem in P2P environment, which means the capability of finding the existing resources in the network that best match the requirements of a given resource request [2][26]. Sharing files are one kind of the most important resources in P2P systems. So for file exchanges and retrieval with file name is a simple and convenient way in P2P systems, however, semantic heterogeneity often makes name-based query be difficult. Due to sharing files named in different languages, for instance, a node names them in English, while another in Chinese and one in Chinese Pinyin, one popular problem in P2P systems called naming conflicts arises. . In this paper, we propose a name-based approach for identifying sharing file correspondences in P2P networking. The rest of this paper is organized as follows. In Section 2, we review existing work in this field. In Section 3, we discuss the details of motivating examples in X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 144 – 152, 2006. © IFIP International Federation for Information Processing 2006

File Correspondences Dictionary Construction

145

multilingual P2P systems. Section 4 presents the method of identification of sharing file correspondences in multilingual P2P systems. Section 5 provides the experimental results. Finally, we conclude this paper in Section 6.

2 Related Work The P2P model is made popular by file-sharing applications, for these applications, such as Kazaa, Overnet, BitTorrent and Maze, provide improved scalability and performance [3-9,18]. Given task requirements and resource policies, the resources discovery problem arises in P2P and Grids [10, 11]. With heterogeneous ontology descriptions, paper [2] gave a semantic matching-based approach to cope with the dynamic resource discovery problem in distributed contexts. Furthermore, in order to simplify the systematic building of Grid applications, paper [10] suggested how to describe Grid resources with ontology. A matchmaker approach is presented for resource discovery in the Grid with a set of rules in [11] to improve the effectiveness of the matching process. The EDUTELLA project developed a P2P infrastructure for metadata sharing in RDF format [12]. Besides, a metadata model of RDF for encoding semantic information was introduced allowing peers to handle heterogeneous views on the domain of interest [13]. Based on epistemic logic, authors of [14] gave an approach to P2P data integration, which was more suitable than the commonly adopted semantics based on FOL. With P2P technology, Lu Yan et al provided a framework of global storage system- SkyMin, the name sever of the system manages the indexes of the peers’ resources, being used to find sharing resources [19]. In order to connect heterogeneous information providers and share those heterogeneous information resources, paper [20] proposed a super-peer topology for schema-based P2P networks and discussed how the schema information can be used for routing and clustering in such a network with existing information integration concepts of mediator-based information systems. Furthermore, paper [26] studied some problems of information retrieval in a P2P file sharing system, and paper [30] gave a survey of anonymous P2P file sharing. As is a fact, in many P2P file sharing systems, querying was usually performed by using file names [3,4,8,9,27], so file name correspondences identification is very useful, and researchers have studied the genomic resources table mapping problems in P2P systems [28]. As is well known, the dual problem of synonymy and homonym is a major topic addressed in information retrieval research [17]. The dual problem exists in monolingual situation, as well as in multilingual situation, so Cross-Language Information Retrieval (CLIR) attracts more and more interests of computer scientists [21-25]. As translating documents is very expensive, most researchers in this field opt to take the query translation approach [24]. Though resource discovery have been studied extensively in P2P systems, to our knowledge, we are not aware of any previous work that has considered sharing files discovery involving multiple languages in P2P systems. This paper intends to propose a name-based method to solve the problem of sharing file correspondences identification in multilingual P2P systems.

146

H. Wang et al.

3 Motivating Examples Here we first give a scenario of sharing files discovery in multilingual P2P systems, which comes from a real hybrid P2P system-Maze system [8,9,18]. Maze is one of the first large-scale deployments of an academic research project, with over 210,000 registered users and more than 10,000 users online at any time, sharing over 140 million files [8].

(a) files named in English

(b) files named in Chinese

(c) files named in Pinyin

Fig. 1. Examples in multilingual P2P systems

Figure 1 illustrates three working interfaces drawn from Maze community. We mainly discuss the sharing files at each node. Without name standards, the sharing files are named in different language by different nodes in Maze system. More often, in order to conveniently use, the files are usually classified in different categories, and put into different folders corresponding to those categories, but we take files and folders as sharing files. From Figure 1, we find that a node names its sharing files in English (as Figure 1-a shows, hereafter node a); the second names its sharing files in Chinese (as Figure 1-b shows, hereafter node b); and last one names its sharing files in Pinyin (as Figure 1-c shows, hereafter node c). Furthermore, even in a node, its sharing files may be named in different languages because it doesn’t rename those files’ names when the node replicates them from other nodes. In fact, the same category sharing resources are named in different languages, as Table 1 shows. Table 1. Sharing file names of different nodes in Figure 1

Resource learning videos music software picture

Node a learning Movie Music software

Node b

Node c xuexi dianying ruanjian tupian

From Table 1, we can see that the naming standards of files of the node a, node b and node c are different, i.e., for the same information resource, node a names it in English, while node b in Chinese, and node c in Pinyin, it is the relationship among the file names in those peers.

File Correspondences Dictionary Construction

147

Moreover, we have analyzed the amount of file names in different languages in Maze system with statistic technique during Jan of 2006. Each time, we searched the sharing files (focusing on four main categories resources) with randomly selecting keys in Chinese, English, and Pinyin respectively on three computers based on the existing terms in Maze system, and recorded the amount of returned results. Because of the high churn rate, the statistics are interrelated closely with the experimental period. We have got the approximate amount of the four kinds of resources named in different languages after many trials in Jan of 2006, as Table 2 shows. Table 2. Percent of file names in different languages in Maze system (Jan., 2006)

Resource Video Music Software Games

In Chinese 51.6% 42.9% 59.2% 55.8%

In English 43.5% 46.4% 36.5 41%

In Pinyin 4.9% 10.7% 4.3% 3.2%

Such phenomena prevail in P2P networking of China, because P2P paradigm dictates a fully distributed, cooperative network design, where nodes collectively form a system without any supervision [15]. Due to lack of standards and different naming manners, the problem of the files named in different languages in Maze system arises. Though different node names files in different languages, the file names are as much as descriptions of content [26]. In fact, in many file sharing systems, querying is accomplished by using simple value searches with file names [3,4,27]. Therefore, file names correspondences are very useful for file retrieval in P2P systems, and [28] have studied maintenance and management of the mapping tables in P2P systems, however without mentioning multilingual problems. Though comparing file names to identify correspondences has limitations, it is a convenient and effective method for finding file correspondences in P2P systems [28]. As far as we know, Maze system hasn’t resolved this problem, when searching a file, it merely returns the relevant files named in the same language the keys use.

4 Identification Method We first assume that files represented with synonyms in different nodes in a P2P community are the same sharing file. Therefore, if we find files named with synonyms in different nodes in a P2P community, they are file correspondences. 4.1 Preliminaries Definition 1. Synonyms in multilingual context are terms representing the same information resources, which are independent of the languages they use. For example, terms such as ‘movie’ and ‘ (dianying)’ are synonyms in multilingual context. Definition 2. Name-based file correspondences are those files if and only if their names are synonyms in multilingual context. So ‘movie’ and ‘ (dianying)’ are

148

H. Wang et al.

name-based file correspondences. Name-based file correspondences are denoted as ⇔ name in this paper, which have properties illustrated as following: a) Reflexivity: a ⇔ name a; b) Symmetry: if a ⇔ name b, then b ⇔ name a; c) Transitivity: if a ⇔ name b, b ⇔ name c, then a ⇔ name c. With the relationships of the file names, file correspondences can be identified in multilingual P2P systems. In the three nodes illustrated in Figure 1, the file correspondences are shown as following: (1)learing ⇔ name xuexi; (2)movie ⇔ name (3)software ⇔ name (4)

⇔ name dianying; ⇔ name ruanjian;

⇔ name tupian.

4.2 File Correspondences Identification Method With the relationships of those file names, we propose a computer-aided system to identify name-based file correspondences in multilingual P2P systems. Figure 2 shows the framework of the system, which consists of three components--ChineseEnglish translator, Pinyin translator and matching module. )LOH &RUUHVSRQGHQFHV Human intervention

file QDPH Matching module

file QDPH

node a file name based English

Chinese-English translator

node b file name based Chinese

)LOH1DPH LQ&KLQHVH

file QDPH

node c

Matching module

file name based Pinyin

Pinyin translator

Human intervention

Fig. 2. Framework of file correspondences identification system

As Figure 2 illustrates, given a file named in Chinese of node b (on behalf of peers naming files in Chinese), in order to find its corresponding file named in English in node a (on behalf of peers naming files in English), the Chinese-English translator translates the file name into English, which is a CLIR problem [21-25]. Usually, two ways are able to solve the problem, one way is by means of online bilingual dictionary (i.e., Chinese-English) or machine translation [16], which is a straightforward

File Correspondences Dictionary Construction

149

approach, but human interventions needs to be involved for word sense disambiguation, the other uses domain-dependent thesaurus [2]. In this paper, we adopt to use online bilingual dictionary, as well as domain-dependent thesaurus in the system. Here we neglect the routing path and DHT (distributed hash table) of P2P systems, merely study the problem of file correspondences. At the beginning of correspondence identification, the system makes use of online bilingual dictionary to accomplish Chinese-English translation with expert’s guidance and modification. For example, given a file which is named ‘ ’ (dianying) in node b, the online bilingual dictionary translates it into English, several choices may be given by the dictionary, such as ‘movie’, ‘film’, ‘cinema’, ‘cine’, and so on. Obviously, ‘movie’ and ‘film’ are related closely, so the terms such as ‘movie’ and ‘film’ are chosen, while others are deleted. At the same time, a specific, domain-dependent bilingual thesaurus is constructed with the results of online bilingual dictionary. Then the domain thesaurus grows with accumulated knowledge of both bilingual dictionary and domain experts. Along with the growth of the thesaurus, the system can make use of it to Chinese-English translation later. Based on what the Chinese-English translator having done, we retrieve files with those terms given by the Chinese-English translator respectively in node a. For one of the terms, if there are files returned from node a, it is a candidate correspondence of ‘ ’, otherwise, it is not. Hence we get the candidate correspondences of ‘ ’ in node a. For a candidate correspondence file name, the matching module begins to work with its returned files from node a. Two ways can accomplish the matching task the given file and the returned files. One way is by means of the structural characteristics (for example, using the extend name of a file, and so on), and the other is by means of contents of the files. Here we only make use of the structural characteristics to match the given file and the returned files. With one candidate name, if there are some of its returned files from node a having the same structural characteristics of the given file of node b, it is a name-based file correspondence of the given file of node b, therefore, name-based file correspondences are identified between node a and node b. At the same time, in order to find name-based file correspondences in node c (on behalf of peers naming files in Pinyin), the Pinyin translator gives the Pinyin of the given file name of node b with existing tools. Due to just one Pinyin name given by the Pinyin translator for a given file name of node b, human interventions are unnecessary here. The Pinyin name is a candidate file name in node c corresponding to the given file in node b. Then the matching module works as mentioned above, namebased file correspondences are identified between node c and node b. Due to terms are words or phrases in P2P file sharing systems, human modification is not as difficult as that of sentences translation in machine translation. Moreover, the mature domain-dependent thesaurus can be reused in the same domain in the future, so it is worth constructing such a domain-dependent thesaurus with human interventions. Finally, with the transitive property of name-based file correspondence, file correspondences among different nodes in multilingual P2P systems are identified. By means of those file names correspondences in multilingual P2P systems, the file correspondences dictionary can be constructed. Certainly, the domain experts need to modify the file correspondence dictionary manually at the end of the construction of such a dictionary, deleting the wrong ones and adding the ones that the system fails to

150

H. Wang et al.

report. For example, a term ‘video’ in node a obviously is a file correspondence of ‘ ’ in node b, so the domain experts have to insert it into the file correspondences dictionary.

5 Experimental Results With the method introduced in Section 4, we have constructed a preliminary domaindependent file correspondences dictionary. Of course, as mentioned above, during the procedure of the dictionary construction, domain experts’ intervention is necessary. Furthermore, a prototype has been implemented to evaluate the merit of the file correspondences dictionary in multilingual P2P systems. We have downloaded randomly about 10,000 files from Maze system. Due to many duplicate names in those files, so we add prefix as new identifiers to each name when it is saved in the prototype. For example, we rename a file named ‘music.wma’ to ‘00001_music.wma’. With the similar name matching mechanism as file search engine of Maze system, we retrieve those files with its original names, not taking care of its prefix that we add when they are stored in the prototype. Two measures used in information retrieval field [29] are defined to evaluate the prototype in this paper. Precision is the ratio of the number of relevant file names retrieved to the total number of file names retrieved. Recall is the ratio of the number of relevant file names retrieved to the total number of relevant file names in the P2P systems. Figure 3 illustrated the experimental results. precision =

recall =

{relevant file names}  {retrieved file names} {retrieved file names}

{relevant file names}  {retrieved file names} {relevant file names}

SUHFLVLRQ      

 



UHFDOO 

 

 

&KQ

(QJ

3
1, k = 1,...,63

(4)

The diagram of the Markov chain for a given scenario is shown in Fig. 2. (1) p coll

1 (1 

(1) 1  p coll

( 2) p coll )

( 2) p coll

2 2

...

( 61) p coll

( 62) p coll

( 2) (1  p coll ) 2

63

62

(3) (62) (1  p coll ) 2 (1  p coll ) 2

( 62) (1  p coll ) 2

( 63) (1  p coll ) 2

( 63) (1  p coll ) 2

Fig. 2. The state transition diagram of the Markov chain for ACK/unicast scenario

3.2 Backlog Stationary Distribution

In order to find the saturation backlog, the steady-state vector, or the stationary distribution ʌ = [π k ] , k = 1,...,63 of the Markov chain has to be calculated. The stationary distribution ʌ is an eigenvector of the transition matrix P , associated with

208

M. MiĞkowicz

the eigenvalue equal to one. The vector ʌ = [π k ] includes the long-term probabilities

π k that the channel backlog will be at the stage k in the steady state, that is: π k = lim Pr{BL(l ) = k}

(5)

l →∞

Using the direct method of the steady-state vector ʌ computation, the following linear equation has to be solved: [G | e]T ʌ = b

(6)

where P ( n ) = [ pi(,nj) ] is a transition matrix 63 x 63; the elements pi(,nj) are given by (4), G = P ( n ) − I , I is an identity matrix 63 x 63; e = [ei ] is a vector, where ei = 1; i = 1,...,63 ; [G | e] is 63 x 64 matrix, where the last column of this matrix is a vector e ; b = [bi ] is a vector, where bi = 0, bi +1 = 1; i = 1,...,63 . 3.3 Probabilities of Successful and Unsuccessful Transmission

In order to find pi(,nj) we have to calculate pk( n ) , i.e. the probability that the transmission is in a collision if n nodes compete for the channel, and the current window consists of 16k , k = 1,...,63 time slots. To be precise, pk( n ) is the probability that more than one node selects the same time slot and all the other nodes choose later slots: (n) pk( n ) = 1 − pks (k )

(7)

(n) where pks (k ) is the probability of a successful transmission for the window

containing 16k time slots, i.e. the opposite event to collision occurrence. (n) The probability pks (k ) describes the drawing when there is a single winner of a

channel competition and is expressed as the sum (according to all the 1,...,16k slots and 1,..., n nodes) of the following: (i) the probability that a winner selects a certain slot s = 1,...,16k which equals 1 16k , (ii) the probability that all the other (n − 1) nodes draw one from (16k − s ) later slots, which equals ((16k − s ) 16k )n −1 . Finally: 16 k

(n) p ks (k ) = n

1 § 16k − s · ¨ ¸ 16 k © 16k ¹ s =1

¦

n −1

(8)

Basing on the distribution of the contention window ʌ = [π k ] , we can estimate the (n) saturation probability of collision pcoll as the following expectation: BLmax ( n) p coll = 1− n

¦ k =1

ª 16 k 1 § 16k − s · n −1 º ¨ ¸ » «¬ s =1 16k © 16k ¹ »¼

πk «

¦

(9)

Prediction Efficiency in Predictive p-CSMA/CD

209

(n ) Hence, psucc , the saturation probability of the successful transmission equals (n) (n ) p succ = 1 − pcoll .

4 Saturation Channel Backlog and Probabilities Using the analytical approach outlined in Sect. 3 we obtained the following results. (n )

80

80

60

60

40

40

Saturation collision probability Saturation channel backlog

20

0

20

0 0

500

1000

1500

2000

Saturation collision probability [%]

Saturation channel backlog

(n ) vs. the number of nodes n for a specified load The graphs presenting BL and pcoll scenario (ACK/unicast) are shown in Fig. 3. Each point on the saturation backlog graph is found as a solution of the linear system given by Eq. (6) for a particular (n ) is calculated according to (9). number of nodes and the expectation (Eq. (2)). pcoll

2500

Number of nodes

Fig. 3. The saturation backlog and the saturation collision probability for ACK/unicast scenario

At the lower range the saturation backlog increases almost linearly as the number of nodes grows and the slope of the curve is about 0.06 per node. In particular, this means that adding a new node to the existing network causes the increase of the saturation window by about 0.06 *16 ≅ 1 time slot of β 2 duration. For networks larger than about 700 nodes, the influence of the upper bound of the channel backlog prevents a further extension of the competition window. If a network contains more than 1000 nodes, then the saturation backlog is close to its maximum value 63, and the predictive protocol is reduced to the 0.0009-persistent CSMA. Summing up, the prediction is effective for the network sizes up to 700 nodes. (n ) (n ) As regards the saturation collision probability pcoll , the probability pcoll grows in proportion to the number of nodes for a network containing dozens of devices (Fig. 3). (n ) becomes steady at 33,3 % for the network sizes larger than 100 nodes. Thus, Next, pcoll (n ) psucc is kept at 66,7 %. This is an important result for the predictive CSMA performance. It shows that the protocol manages to control the size of a competition window in order to guarantee the sustained probability of successful transmission, which in the analyzed scenario equals 66,7%.

210

M. MiĞkowicz

The successful transmission sustained probability is the worst-case probability of successful transmission for the predictive CSMA if the prediction is effective, i.e. the current backlog is not limited by BLmax = 63 . Although, the effect of keeping the high throughput of the predictive CSMA has been known [2,3,7], there has been no explicit quantitative evaluation of sustained probability of successful/unsuccessful (n) (n) transmission. Note that sustained probabilities p succ = 66,7% and p coll = 33,3% are

established at the equilibrium point, when the probabilities of the backlog increase (n ) (n ) 2 ) and decrease ( pcoll ) are equal. Finally, for networks greater than 700 ( psucc nodes, the influence of the maximum size of a competition window appears, and the shape of both measures is close to that of 0.0009-persistent CSMA.

5 Validation of Analytical Approach In order to verify the analytical approach we have performed the simulations for a selected number of nodes in the network saturation status. The simulation starts when the channel is idle. Next, the transient zone appears, when the nodes permanently try to access the channel and the mean channel backlog grows, but does not reach the steady-state value. Since the simulation model belongs to non-terminating systems and the steady state theoretically is never reached, we detect it with a finite accuracy. The detection relies on the search of the constant value of the mean backlog rather than the constant value of the current backlog. Therefore, we used the moving averages defined on a window of observations (i.e. a certain number of packet cycles). Moving averages filter the higher frequency components in the mean backlog, arisen from the random behavior of the CSMA algorithm on the one hand, and remove also the influence of the transient zone on the estimation of the saturation backlog on the other. The saturation backlog is found under quasi steady-state conditions when the moving average of the channel backlog is kept inside of 5% wide confidence interval.

5.1 Validation of Transition Probabilities The transition probabilities in the Markov model have been derived basing on the equality of the probabilities of the successful transmission of a message and an acknowledgement (see Sect. 3.1). This assumption is true if the mean number of nodes having a message waiting for the transmission (i.e. message sources) equals the mean number of nodes that possesses an acknowledgement ready for sending (i.e. acknowledgement sources). Fig. 4 presents simulation results showing the mean relative number of message and acknowledgement sources in the network steady state. It is clear that both numbers are equal to 50% with finite simulation accuracy.

5.2 Simulation Versus Analytical Results The comparison of simulation and analytical results for the saturation backlog and the (n ) and its experimental equivalent (i.e. collision percentage probability of collision pcoll

Prediction Efficiency in Predictive p-CSMA/CD

211

and message sources [%]

Percentage of acknowledgement

Mean relative number of sources of acknowledgements and messages 60 50 40 30

Sources of messages Sources of acknowledgements

20 10 0

200

400

600

800

1000

Number of nodes

Fig. 4. Simulation results of the mean relative number of message and acknowledgement sources in the steady state ( n) p'coll ), is presented in Table 1. Since both results are very close to each other and the corresponding graphs overlap, they are not shown in figures together. The comparison shows a good conformity of simulation and the Markov-based analytical approach. The difference between both results stems from (i) the finite accuracy of the steady state detection in the simulation, (ii) the inaccuracy of the pseudorandom generators, (iii) the finite precision of analytical calculations.

Table 1. The comparison of analytical and simulation results for saturation backlog and saturation probability of collision for the ACK/unicast load scenario BL

(n )

BL

(n )

n

(Markov model)

(simulation)

2

1,128

1,124

6

1,390

1,387

10

1,663

1,661

(n ) pcoll

[%]

'( n ) p coll

[%]

(n ) psucc

[%]

'( n ) psucc

[%]

(simulation)

(Markov model)

(simulation)

5,56

5,77

94,44

94,23

13,12

13,68

86,88

86,32

17,49

17,98

82,51

82,02

(Markov model)

40

3,9476

4,028

28,48

28,96

71,52

71,04

100

8,8567

8,889

31,15

31,97

68,75

68,03

500

41,634

42,160

32,89

33,3

67,11

67,7

1000

61,194

61,428

42,53

42,72

57,47

57,28

6 Conclusions The paper presents the analytical study of the efficiency of network load prediction built in the predictive p-CSMA/CD that is used as a MAC protocol in LonWorks/EIA-709 sensor/control networking technology. The approach based on the Markov chains is applied. The procedure of performance analysis includes the definition of transition probabilities of the Markov chain for a specified load scenario, the calculation of stationary distribution of contention window, and the probabilities of successful/unsuccessful transmission. The analysis is exemplified on the load scenario

212

M. MiĞkowicz

where the acknowledged message service and unicast transactions are used. The presented results allow to recognize the predictability of the protocol behavior in heavy load conditions. In particular, it is shown that the predictive p-CSMA protocol manages to control the size of a competition window in order to guarantee the sustained probability of successful transmission. The simulative validation of analytical results is provided. Further research should generalize the performance analysis for general case load scenario.

References 1. LonTalk Protocol Specification, Version 3.0, Echelon Corporation (1995) 2. Enhanced Media Access Control with LonTalk Protocol, LON Eng. Bull. (1995) 3. MiĞkowicz, M., Sapor, M., Latawiec, W., Zych, M.: Performance analysis of predictive ppersistent CSMA protocol for control networks. Proceedings of IEEE International Workshop on Factory Communication Systems WFCS'2002 (2002) 249-56 4. MiĞkowicz, M.: Saturation performance of predictive p-CSMA without collision detection. Proceedings of IEEE International Conference on Emerging Technologies and Factory Automation ETFA'2005 (2005) 93-100 5. MiĞkowicz M.: Send-on-delta concept: an event-based data reporting strategy. Sensors, Special Issue: Wireless Sensor Networks and Platforms, Vol. 6 (2006) 49-63 6. Buchholz, P., Plönnigs, J.: Analytical analysis of access-schemes of the CSMA type. Proceedings of IEEE International Workshop on Factory Communication Systems WFCS'2004 (2004) 127- 136 7. Chen, X., Hong, G.-S.: A simulation study of the predictive p-persistent CSMA protocol. Proceedings of 35th Annual Simulation Symposium (2002) 345-51 8. Chen, X., Hong, G.-S.: Real-time performance analysis of a fieldbus-based network. Proceedings of Information, Decision and Control Conference (2002) 113-18 9. Kopetz, H.: Real-Time Systems. Design Principles for Distributed Embedded Applications. Kluwer Academic Publications (1997) 10. Kleinrock, L., Tobagi, F. A.: Packet switching in radio channels. I. Carrier sense multipleaccess modes and their throughput-delay characteristics, IEEE Transactions on Communications, Vol. COM-23, no. 12. (1975) 1400-1416 11. Layer 7 LonMark Interoperability Guidelines, Version 3.2, LonMark (2002) 12. Neuron C Reference Guide, Echelon Corporation (1995)

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments Heeseo Chae1, Do-Hoon Kim1, Dongwon Jeong2, and Hoh Peter In1,* 1 Department

of Computer Science & Engineering, Korea University, 1, 5-ka, Anam-dong, Sungbuk-ku, Seoul, 136-701, Korea {royalhs, karmy01, hoh_in}@korea.ac.kr 2 Dept. of Informatics & Statistics, Kunsan National University, San 68, Miryong-dong, Gunsan, Jeollabuk-do, 573-701, Korea [email protected]

Abstract. The mobile internet environment which is in the limelight as the important platform of the ubiquitous environment gets accomplished by the intimate relation with user. In order to realize the interaction between device and user, it is considered that resource of exterior/interior user information which can be collected by mobile device and the situation-aware (SA) personalization is suggested by applying the context set of collected current situation to the concept of situation-aware. Such a SA personalization is designed to offer advanced personalization using Link Retrieving Algorithm which is emphasized on prospecting. And the Markov Chain Model, prospecting matrix system, is used to support the SA personalization. Using SA personalization system, the custom service which is well-matched on the ubiquitous era and founded on user's current situation will be offered. Keywords: Situation Aware, Personalization, Prospecting service, Ubiquitous.

1 Introduction A purpose of ubiquitous environment is accessing to various user-centered information above times and places, and an interaction between diversity devices makes progress to construct the environment. A representative example among the diversity devices is a mobile device and it can build a wide scope computing platform that will become a base of ubiquitous environment through mutuality access and connection between mobile and internet by spread of wireless network. However, there are fundamental limitations inherent in the wireless Internet access using small handheld devices and wireless networks. Small handheld devices share limitations such as tiny display screens, limited input, less powerful processors, and smaller memories. In order to bring desktop web experience to mobile devices, several wireless web technologies have been developed. These technologies enable users to access desktop-based web contents of existing web sites (currently dominant in the Internet) and mobile web contents of emerging wireless web sites specialized for wireless access through handheld devices. The desktop-based web contents tend to be *

Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 213 – 223, 2006. © IFIP International Federation for Information Processing 2006

214

H. Chae et al.

too large to be displayed on a tiny screen. Thus, the contents are split into a small size of multiple pages, each of which is better suited for small displays [1]. In order to support the approach, a concept of situation-aware is imported into a web access process which is suitable for mobile environment. And then it is able to furnish the usercentered personalization service due to the collected data set of exterior situation or data set of user's profile is accepted as a form of sequence of context set. In this connection, prospecting solution of requirement site is provided by Markov Chain Model to be able to approach the necessary information among produced information.

2 The Context: Situation-Awareness and Personalization 2.1 Overview of Situation-Awareness The most promising issue of the existing research topics related to ubiquitous computing is Situation-Awareness. It plays a role to analyze and understand the relation between actions and multi-contexts in the user viewpoint [1]. In ubiquitous computing environments , where computing resources are available everywhere and a great amount of mobile devices play important roles, middleware serves as an essential infrastructure between networks and ubiquitous computing applications. It hides the heterogeneity of the network environments and provides necessary services to ubiquitous computing applications, such as communication, data access, resource control, and service discovery.

event event

...

Situation

Service Application (interface spec.): Situation-Action Pairs

Resouce Resouce Resouce

Object i. action

Event Analyzer

Object i. action

event Object i. action

Fig. 1. The Conceptual Model of Situation Awareness (revised)[4]

The conceptual model of situation awareness is depicted in Figure 1. The changes of situation create a set of “situation change” events. The events are captured by an event analyzer, which makes decision on how to react to these events. The event analyzer makes decisions based on an event analyzing plan that prepared beforehand, i.e., the specification of a set of “situation-action” pairs. Since each action requires certain resources, the event analyzer also checks the available resources to ensure that required resources are available before taking any action. Furthermore, the actions eventually taken are also regarded as elements that compromise new situations, and form new events. Situations are used widely in describing different configurations, computing resource availability, dynamic task requirements, environmental conditions, and application conditions [4].

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments

215

2.2 Personalization Personalization of services is to adapt services to fit the needs and preferences of a user or a group of users. Personalization is important in today’s service-oriented society, and has proven to be crucial for the acceptance of services provided by the Internet and mobile telecommunication networks [5]. In, taxonomy of resource for personalization is given, and two important categories of personalization are given: z

Exterior Resource Based Personalization The truly example of offering personalization using Exterior resource is a Local Based System(LBS) and this is a technology to measure the mobile device using mobile communication facilities or satellite signal and furnish various service related location which is measured [6].

z

Interior Resource Based Personalization The Interior resource for personalization service is mainly composed of user's static information using profiling. It contains capability of user's device, user preference and user's basic information. The common collection method of profile is a statistical analysis of user's utilization degree, requirement information analysis of transmission and user’s directly input [7].

Such divided personalization approaches can be regarded resource providers from a situation-aware view. Therefore two existing approaches for acquisition of user's situation information resource are unified by situation-aware and the concept of situation aware personalization is derived on the background of various resources. also collected resources of user's situation information by each approach will decide value of ρ, situation factor.

3 A Situation-Aware Personalization: The Proposed Model 3.1 Overview A feature of Situation-aware personalization is prospecting of user's requirement in order to furnish the better user-centered service using various resources. This concept means that providing a simple site in the view of handheld device user and representing a site on the prospected process. The entire operating model including system architecture of SA personalization explains the connection between mobile and internet through middleware interface such as gateway and controller. Also the interaction between some essential parts playing an important role and extractor is described below. The formation process of access pattern graph is described in the architecture which is composed of the connection the access analyzer and the controller, and wireless/internet gateway and storage. Also supporting a personalization by the calculation of parsed pattern, situation sequence and user context set is expressed. Finally prospecting the expected site of next stage by prospecting matrix using pattern log and node state is an entire operating model of SA personalization such as figure 2.

216

H. Chae et al.

Access Analyzer

Handheld Device Selected Link

Extractor User Context Set

Personalization Using SituationAware Situation Sequence

Controller

No Link information

Site Prospecting Using Markov Chain

Wireless/Internet Gateway

Storage

Calculated Pattern log

Fringe Node Access Frequency

Prospect Matrix

Data Base

Access Pattern graph

Fig. 2. Operating Model of SA Personalization

3.2 A Definition of Prospecting in Situation-Aware Personalization The Prospecting means that providing a user's next requirement in advance by grasping the pattern of web access data which is stored as time goes by. This web access pattern can be generalized the state diagram like figure3. Also there are various approaches for the prospecting but this paper suggests the algorithm to calculate a general pattern fitted for mobile environment using web access data and prospect the next state of the pattern using Markov chain model. The target is a URL of the intended web page that the user wants. The source is a web page containing the link to the target. When a user enters the target or selects from an initial page, NULL is recorded as the source. The initial page is displayed when the handheld device is connected to the wireless network of the service provider. It contains lists of links that the user frequently visits. S1 of Figure3 is initial state and S6 is a new state which can be prospected on the basis of pattern. On this approach, the recorded user pattern is offered prospecting service which is the final stage of SA personalization through Link Retrieving Algorithm (personalization algorithm) showed on chapter 4. Table 1. Example of Access Data Record Status State1 State2

Record description [phone number, embedded.korea.ac.kr, NULL, 10:00AM, Home] [phone number, embedded.korea.ac.kr / SituationAware, embedded.korea.ac.kr, 12:00AM, Home]

S3 S1

S2

S5 S4

S6

Fig. 3. General State Diagram for Prospecting

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments

217

3.3 The Prospecting Mode Based Situation-Aware Personalization The prospecting model can be made up using definition of prospecting as stated above. The records structuring unit is responsible for representing the access records stored for the predetermined period of time based on the time slot of a day and the physical location that the user made in his/her particular requests. The web access pattern of a particular user is represented as a connected and directed graph, where nodes represent URLs and each edge represents source and target relationships of web access between any two nodes Figure4 illustrates an exemplary access pattern graph, where each edge is annotated with a numeric edge value representing its usage factor. The usage factor represents frequency of access to the target node from the source node of a particular edge for the predetermined period of time. Each node represents a URL of a web page, but for the sake of simplicity, most of the nodes are not illustrated with full URL. It is assumed that the SA Personalization system keeps track of full URL The prospecting model is represented through transforming a state transition diagram described by definition of prospecting into a graph. Also the Link Retrieving Algorithm is suggested and the SA personalization based on the prospecting is depicted through this model. www.msn.com

2

www.korea.ac.kr

5

Uer

15

5 www.whether.com

embedded.korea.ac.kr 15

18 5

people.shtml

24

14

7 Chae

Re Sengineering 10 Embedded.korea.ac.kr /admission

Course-info

faculty 10

eku.korea.ac.kr 1

SituationAware

15

Hohin

www.yahoo.com 10

40

5

2 Jung

CSCE316

2 CSCE586

7 CSCE418

Fig. 4. Web Access Pattern Graph for Prospecting

4 Personalization Algorithm 4.1 Overview of Personalization Algorithm The procedure of core algorithm, Link Retrieving Algorithm, to reflect the situation information into user's access pattern and prospect the user requirement can be summarized as follows: Step 1: Determine a set of neighbor nodes, each of which has an edge incoming from the requested node and its edge value is greater than or equal to a threshold. Step 2: Present states by set of determined neighborhood nodes and prospect the next state by Markov chain. Step 3: Repeat Step 1 for each sub graph, each of whose root is a node in the set determined at Step 1.

218

H. Chae et al.

Let N be a set of nodes comprising the web access graph. Let node v be a fringe node of node u if and only if v is included in the set N and e (u,v) > 0, where e (u,v) represents the value of an edge. Outgoing edges from node v are defined as edges between node v and its fringe nodes. Total outgoing edge value for node v is defined as the sum of the edge values of its outgoing edges. The fringe nodes whose edge value are greater than or equal to the threshold are selected. The threshold θ provides a criteria for selecting frequently accessed nodes from the requested node, and it can be calculated as follows: θҏ= ((Total Outgoing Link Value) * ρ) / (Number of Outgoing Links), 0 ≤̓ῤ≤̓1

(Formula 1)

ρ ҏis a selection factor, which is a predetermined yet adjustable value. The threshold θҏ can be changed by varyingρ, affecting selection of nodes. These change of ρ values are effected by reasoned Situation Information [4] from various resources and produced value of 0 ≤ҏ ρҏ ≤ҏ1[2] In this paper, access frequency is used to represent link usage, but it can be combined with other attributes or weights based on system resources and network environment. Also, it is investigated the pattern of node path at this process and it is able to get hold next step node using Markov Chain. The algorithm used in link retrieving is described below: Link Retrieving Algorithm: 0. Create an empty list; 1. Set an anchor with the requested node; 2. Determine Selection Factorῤaccording to Situation information; 3. Calculate θҏfor the anchor; 4. Select a set of nodes, each of whose incoming edge has a value greater than or equal toθҏand adds the nodes into the list; 5. For each of the nodes in the set selected at step 3, 5.1 update the anchor with each node in the set; 5.2 catch the state of updated nodes and get the prediction value sepa rately using Markov Chain. 5.3 repeat steps 3, 4, and 5.

Experiment result of chapter 5 illustrates exemplary linkage information displayed on a mobile handheld device according to the SA Personalization operation with the access graph shown in Figure 4.When the user is connected to the wireless network of the service provider, the threshold is θ = (2+15+5+18+5+40+10+5) * ρ / 8. If we consider the selection factor (current situation information) ρ =0.8, then θ = 10. Thus, nodes {embedded.korea.ac.kr}, {www.korea.ac.kr}, {eku.korea.ac.kr}, and {faculty}, which are rooted from node ‘User’ (saying, “phone number”) and whose values are greater than or equal to θ (e.g., 10), are first selected. In this example, only node {embedded.korea.ac.kr} has an outgoing edge, so the link retrieving process continues with the sub graph, which is rooted at the node, {embedded.korea.ac.kr}. Similarly, when a user selects a link from the screen, the same link retrieving procedure is applied. The Controller wraps the links in the selected nodes and sends them to the user for display.

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments

219

4.2 Applying Markov Chain to Personalization Algorithm In this section, the Markov Chain model which is an important part of prospecting algorithm is described on the line of Link Retrieving Algorithm If the Markov Chain model was inducted based on the selecting node algorithm on the standard of thresholdθ̓ then the next node, the next step site selected by user, can be predicted. One way to do this is to assume that the state of the model depends only upon the previous states of the model. This is called the Markov assumption and simplifies problems greatly. When considering the SA personalization, the Markov assumption presumes that current node can always be predicted solely given knowledge of the node of the past few nodes (web site). Defined first order Markov process consisting of SA personalization is described below: z

States: Web-Page1 (linked), Web-Page2 (linked), ….. Web-Page n (linked). Transitions for SA personalization in Figure 5 are converted into a state transition diagram in Figure 6(a) without loss of meaning. Note that the transition probabilities from state

s A, 2

s′A,1 , s A,3 , s′A, 4

to states

, and

s A, 5

are

p21 , p23 , p24 ,

and

p25 , respectively, in Figure 6(a). The state transition diagram in Figure 6(a) can also be assumed to form a Markov chain, because mostly the transition to the next state depends on the current state and, specially, the transition from the thinking state, s A, 2 to other states depends only on the current access pattern links. z

vector: Defining the probability of the system being in each of the states at time 0(Initial Vector). It can be consider that vector is a thresholdθ. Through analyzing the most recent data, the initial probability vector is calculated us ing the formula (1) satisfied by the condition (2). I(S1, S2, …….Sn) = I( α F , β F ,  , δ F )

(1)

n

F=

¦f

=Į+

i

+ …… + į

(2)

i =1

(Formula 2)

n

¦ I (S ) = 1

(3)

i

i =1

z

State transition matrix: The probability of current nodes is expressed by the previous node (web site). Any system that can be described in this manner is a Markov process.

S1

S=

z

S1 ª a11 « S 2 « a 21 S 3 « a 31 «  «  « « Sm ¬« a m1

S2

S3

Sn

a12

a13

 

a 22 a 32 

a 23 a 33 

    

 am 2

  am 3  

a1n º » a 2n » a 3n » »  »  » » a mn ¼»

S is the transition probability matrix form.

Prediction of next web link: In ‘Prediction of next web link’ step, the probability and frequency of click-occurrence is estimated, which will occur in the future, using the transition matrix created and the initial probability vector created. Next formula depicts the computation of probability of click-occurrence.

220

H. Chae et al.

I(S1, S2, ….. , Sn) ×

S1

S2

S3

S1 ª a11 S 2 « a 21 « S 3 « a 31 « « « « Sm «¬ a m1

a12

a13

 

Sn

a 22 a 32 

a 23 a 33 

    

 am 2

  am 3  

a1n º » a 2n » a 3n » » = P(S1,  »  » » a mn »¼

S2, ….. , Sn)

P is occurrence probability and next state(Web site) can be predicted.

In this way, a user can get links associated to a particular link (web page) until the user explicitly specifies that s/he wants to get contents instead of links or there is no link available associated to the selected URL. When the user wants the web contents of a selected link or no link information is available by the access analyzer, the Controller sends through the Wireless/Internet Gateway URL corresponding to the selected link to the Origin Server to retrieve web contents. Client

s ′A ,1

Access pattern list request

s ′A′′, 3

Access pattern list transmission

s2

s ′A ,1

thinking

Access pattern list request

s ′A′′, 3

Access pattern list transmission

s2 s3 s2

Wired transmission

s ′A′ , 2

access pattern list access

s ′A′ , 2

access pattern list access

thinking back

s ′A ,1

thinking

Access pattern list request

s ′A′′, 3

Access pattern list transmission

……… ……… s2

Original Server

Gateway Wireless transmission

…………………………………………….. …………………………………………….. s ′A , 4

thinking

URL transmission

s ′A , 4 URL transmission

s ′4′

s ′A′′, 4

s ′A′′, 4 Target web page transmission

s6

s ′A′ , 2

access pattern list access

web page access

Target web page transmission

found

Fig. 5. Sequence Diagram of Access Pattern

s

access pattern links access for back (S A , 3 )

p23

p23

non-smart click

1.0

( S′A,1 )

1.0

access pattern links access

1.0

(S ′A′,1 )

access pattern links transmission

p21

found

thinking ( S A,2 )

A,5

s

A,1

p56 = 1.0

s

A,2

A,6

p21 p24

(S A , 6 )

1.0

target web page request

s

p66 = 1.0

s

p24

(S′A, 4 )

p25

1.0

1.0

( S ′A′′,1 )

p32 = 1.0

p12 =1.0

( S A,5 )

p25 access pattern links request

A,3

s

p46 = 1.0 A,4

target web page transmission ( S ′′′ ) A, 4

1.0

1.0 target web page access ( S ′′ ) A, 4

(a) Markov Chain for SA personalization

(b) SA personalization Markov Chain simplified by grouping interested states

Fig. 6. Markov Chain for SA personalization

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments

221

5 Experiment 5.1 Experimental Setting As mentioned above, situation-aware personalization provides user customized service by ensuring exterior/interior user information resource. Unlike general user interfaces of desktop PC, mobile devices has personalized user interfaces, so these devices store situations and patterns of service use through user information and history. Applying SA personalization into mobile devices, distinct environments which can extract situations by stored resources are provided. Therefore, SA personalization system in Fig7 offers a function to supply situated sites based on various factors, i.e., access frequency of visited sites or access pattern, and a user context set from a handheld device. Prospecting which is one of important components in SA-personalization system is a reliable estimated-value generating system which complements a weak point that handheld devices are difficult to change states quickly. Such SA personalization is implemented as follows.

Fig. 7. Prospecting Based Personalization

User situation information supporting situation-awareness are provided in a sequence of a context set through the mobile device identified by a user’s phone number as shown in [figure7, left]. List#1:Title List#3:1st URL

List#2:011-9005-xxxx List#4:2nd URL

[Figure 7, left]

the situation which is a user's current location or current time can be known through the user information and also the user information decides the selection factor ρ, then it effects on the whole Link Retrieving Algorithm. Through these stages, 1st site list on top 3 and 2nd site list depended on the first one is suggested like a [figure7, left].

222

H. Chae et al.

List#1:Site History List#3:Attribute

List#2:Input Form List#4:Prospecting site list

[Figure 7,right]

In the display of [Figure 7, right], the status of updated node is caught on the basis of threshold θ by Link Retrieving Algorithm. And then the prospected site which user wants by the history of the selected node of just previous stage is indicated as a DataGrid form in [figure 7 - , right]. The user recommended this information directly connects the 1st site list and 2nd site list depended on the first one through threshold θ or the prospected site. 5.2 Experimental Results Link Retrieving Algorithm using Situation factor or prospecting method shows the web link corresponded with user situation through the display suited to mobile device. It can show available resource of SA personalization compared with legacy system in Table2. The legacy system means smartclick[1] which is a forerunner of SA personalization and proposed SA personalization system is compared with a smartclick. Also, Table3 describes the capacity of SA personalization compared with existing system. It can show that user can access the contents which user wants with a little number of click and without passing through a lot of page. As a result, SA personalization can be estimated that it provides more developed mobile environment through the personalization algorithm focused on the prospecting and situation aware approach. But, this test to generate these experiment value is executed in small test set (must not exceed 100 access). And the effect of this limit on initial group, F [Formula 2 -(1)], of Markov Chain Model is not considered. Table 2. Resource of each system

System

Exterior resource

Interior resource

SmartClick

-

access pattern

SA Personalization

current location

access pattern, user profile, user preference,

Table 3. Evaluation of each system

System

Average number of Click

Depth

Degree of association

SmartClick

4.5

3

0.24

SA Personalization

1.8

1

0.83

6 Conclusion It is possible to provide the base platform in ubiquitous environment when the mobile device is established strict interaction with internet circumstances. We considered various user information resources to establish such a interaction and also proposed SA personalization by applying the concept of situation-aware to

A Situation Aware Personalization in Ubiquitous Mobile Computing Environments

223

collected context set of user situation. This SA personalization could serve developed personalization distinguished from the existing other systems through the Link Retrieving Algorithm focusing on the prospecting. We could compare the actuality implemented SA personalization system with others and overcome the limit of mobile environment through various tests. The future work is described this: above all things, we will provide well-balanced service through more testing in order to case study of implementation as occasion demands of various user’s data and developed contribution. Also, the continual research is needed in order to obtain more sophisticated result in record time by the light-weighted Markov Chain Algorithm which can give a little load in the embedded environment. Finally, we will have to expand to collect and use the Situation information and try to serve the ideal personalization.

Acknowledgement This work was supported by Korea Research Foundation Grant (KRF-2004-003D00285).

References 1. Seong-ryong Kang; Hoh Peter In; Wei Zhao, “SmartClick: An enabler for human-centered wireless Web service” Advanced Issues of E-Commerce and Web-Based Information Systems, 2002. (WECWIS 2002). Proceedings. Fourth IEEE International Workshop on 26-28 June 2002 Page(s):187 - 194 2. Dongwon Jeong, Heeseo Chae, and Hoh Peter In . “The Performance Estimation of the Situation Awareness RFID System from Ubiquitous Environment Scenario” International Conference EUC 2005, Nagasaki, Japan, December 6-9, 2005. Proceedings p. 987 - 995 3. Yau, S.S, Yu Wang, Dazhi Huang, In, H.P, “Situation-aware contract specification language for middleware for ubiquitous computing” Distributed Computing Systems, 2003.FTDCS 2003.Proceedings. The Ninth IEEE Workshop on Future Trends of 28-30 May 2003 Page(s):93 - 99 4. S. Yau, Y. Wang, and F. Karim, “Developing Situation-Awareness in Middleware for Ubicomp Environments,” Proc. 26th Int'l Computer Software and Applications Conference (2002) 233-238 5. Jorstad, I, van Thanh, D. Dustdar, S,” The personalization of mobile services”, Wireless And obile Computing, Networking And Communications, 2005. (WiMob'2005), IEEE International Conference on, Volume 4, 22-24 Aug. 2005 Page(s):59 - 65 Vol. 4. 6. HyungDon Moon, “LBS Technology and market tendency”, ETRI, 15th IT strategy item/market tendency,2002: http://kidbs.itfind.or.kr/WZIN/jugidong/1080/108003.htm 7. Haewon Jung, Gyungae Moon, “Contents Adaptation tech tendency in Heterogeneous environments ”, Institute of Information Technology Assessment, ITfind volumn.1193, pp. 1-11, 2005.4

A Network and Data Link Layer QoS Model to Improve Traffic Performance Jesús Arturo Pérez, Victor Hugo Zárate, and Christian Cabrera Department of Electronics ITESM - Campus Cuernavaca. Temixco, Morelos, 62589 México {jesus.arturo.perez, vzarate, a00375730}@itesm.mx

Abstract. Currently, there are a lot of e-learning and collaborative platforms to support distance and collaborative learning, however, all of them were designed just like an application without considering the network infrastructure below. Under these circumstances when the platform is installed and runs in a campus, sometimes it has very poor performance. This paper presents a network and data link layer infrastructure design that classifies and prioritizes the voice and video traffic in order to improve the performance and QoS of the collaborative systems applications. This infrastructure has been designed taking in consideration a typical network of a university campus, so that in this way it can be implemented in any campus. After making the design we have made some tests in a laboratory network demonstrating that our design improves 70-130% the performance of these real time collaborative systems which transmit voice and video.

1 Introduction There are many e-learning applications that support collaborative work; however, this does not imply that they are neither effective nor functional. The mayor issues in those applications are focused in the synchronous collaboration [1] because of the problem of managing the information that flows across the network and the mechanism to ensure the quality of the service [2]. Applications, like “Synergeia” [3], “Synergo” [4] and “Blackboard” [5] do not provide efficient tools to communicate across the internet in a synchronous manner. The problem in this case is the lack of control and management in the underlying protocols to achieve the demanded Quality of Service (QoS). This problem forces the software programmers to only provide tools that do not exhaust the bandwidth of the communication (like chats or shared blackboards). All the analyzed collaborative systems work properly when they use a chat or an off-line communication like e-mail. However, the performance and success of real time voice and video is conditioned to the performance of the network below. In many cases modern networks are fast enough to support these applications [6], but the lack of a proper configuration in routers and switches make the applications suffer from performance issues. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 224 – 233, 2006. © IFIP International Federation for Information Processing 2006

A Network and Data Link Layer QoS Model to Improve Traffic Performance

225

Because synchronous communication is the most difficult to implement [7], we need to provide a designed framework to manage the data flow in order to guarantee the QoS independently of the data type.

2 Video and Voice Requirements The audio/video information within a videoconference is segmented into chunks by the application, encoded and compressed, put into a series of data packets and sent over the network to the remote end at basically constant intervals [8]. The data packets may arrive at their destination at slightly varying times, and possibly out of order. In order to keep the "real time" impression, the packets must arrive on time and in time to be re-ordered for delivery through the videoconferencing terminal. An efficient solution for solving the previously mentioned issues involves the use of policies to identify, mark and prioritize traffic in order to preserve the required bandwidth and latency that the application demands. After satisfying these requirements, the packet loss and jitter levels should be kept to a minimum so the end user experience receives the best available quality. These considerations apply to delay sensitive traffic, such as voice over IP [9]. In this work we are considering that the network of the Autonomous System (AS) where the designed infrastructure is going to be implemented has enough bandwidth for voice and video traffic. We will focus on creating a configuration to minimize the packet loss, latency and jitter for videoconference traffic.

3 General Model for Traffic Prioritization Traffic should always follow a prioritization scheme in order to guarantee specific bandwidth requirements from real time communications. This scheme can be represented in the form of a general model which applies to all applications with special conditions (such as maximum delay) to be met. This model is represented in Figure 1. After receiving the traffic through the incoming interface, the first step would be to mark the incoming frames/packets according to our needs. This should be done using a different traffic class for every kind of traffic with different needs. A common practice is to classify voice and video in its own class, away from any other type. Next, the traffic should be ready to be classified according to our own requirements. Delay sensitive data should receive a special treatment to avoid delay at all costs. Any other data should be considered as delay tolerant and further processed in order to provide the bandwidth only to those applications that do really need it. The most important traffic class should receive a strict priority using Low Latency Queuing (LLQ). LLQ allows traffic to skip directly to the output interface, reducing its processing time. By specifying a reasonable amount of the total bandwidth, we will be guaranteeing the required resources for this traffic type. The rest of the classes must go through WRED congestion avoidance mechanisms and queuing (see figure 1). This process would divide the remaining bandwidth according to the policies configured for each data class.

226

J.A. Pérez, V.H. Zárate, and C. Cabrera

Incoming traffic

IP traffic

Traffic type 1

Input interface

Traffic type 2

Traffic type 3

Traffic type default

Low Latency Queuing (LLQ)

Traffic marke r

DSCP writte n traffic

Marked traffic type 1

Marked traffic type 2

Marked traffic type 3

Strict priority X% total bandwidth

Marked traffic type default

Classifie r

Y% Z% Remaining priority priority bandwidth

Prioritization

Weighted Random Early Detection (WRED)

Conge stion avoidance

Remaining traffic goes last

Queuing Higher priority goes first

Output interface

Fig. 1. General model for prioritizing network traffic

Once all conditions are met and all policies are applied, the now marked and prioritized traffic is sent through the router’s outgoing interface to its destination. Now that we have shown the general model, we will describe in detail what we propose to improve the performance in each layer of our model. 3.1 Improving Data Link Layer To improve the performance of the network at layer 2, we need to configure the operation mode and traffic prioritization of the switches at the data link layer. 3.1.1 Switch Mode Operation How a frame is switched from the source port to its destination is a trade off between latency and reliability. A switch can start to transfer the frame as soon as the destination MAC address is received. This is called cut-through and results in the lowest latency through the switch. No error checking is available, but considering the application, it is more important to transfer frames faster than to lose some frames. 3.1.2 Traffic Prioritization with 802.1p If VLANs are used inside our network and traffic is sent among users of the same VLAN, the traffic will never go past layer 2. For this reason, we need to add layer 2 priorities to our designed infrastructure. The IEEE 802.1p is an extension of the IEEE 802.1Q (VLANs tagging) standard. The VLAN tag has two parts: VLAN ID (12-bit) and Prioritization (3-bit). The prioritization field was not defined in the 802.1Q, but is defined in 802.1p. VLAN frame tagging is an approach that has been specifically developed for switched communications and gives the possibility of using the prioritization field. The 802.1p standard also offers provisions to filter multicast traffic to ensure it does not proliferate over layer 2-switched networks. The 802.1p header includes a three-bit field for prioritization, which allows packets to be grouped into various traffic classes. It can also be defined as best-effort QoS (Quality of Service) or CoS (Class of Service) at Layer 2 and can be implemented in network adapters and switches without involving any reservation setup. 802.1p traffic is simply classified and sent to the destination; no bandwidth reservations are established.

A Network and Data Link Layer QoS Model to Improve Traffic Performance

227

IEEE 802.1p establishes eight levels of priority. The highest priority is seven, which might go to network-critical traffic like Open Shortest Path First (OSPF) table updates. Values five and six may be used for delay-sensitive applications such as interactive video and voice. Data classes four through one range from controlled-load applications such as streaming multimedia and business-critical traffic - carrying SAP data, for instance - down to "loss eligible" traffic. The zero value is used as a besteffort default, invoked automatically when no other value has been set. Using the described datagram fields will create a faster infrastructure in the data link layer. This is sometimes described as "layer 2 quality of service". 3.2 Improving Network Layer When willing to provide QoS for traffic that will flow outside our LAN, we need to specify layer 3 priorities to obtain the desired latency and bandwidth. QoS refers to both class of service (CoS) and type of service (ToS). The basic goal of these is to guarantee specific bandwidth and latency for a particular application [10]. To achieve this, we use the Differentiated Services Codepoint (DSCP) or the IP Precedence field in the packet header. These values provide the necessary marking as suggested by the first step of our general model (Figure 1) for layer 3 traffic. DSCP is composed by the first six bits in the ToS byte, while the IP Precedence is created with the first three bits in the ToS value. The IP Precedence value is actually part of the IP DSCP value, so both values can not be set simultaneously. If both values are set simultaneously, the DSCP value overwrites the IP precedence one. The marking of traffic at layers 2 or 3 is crucial to providing QoS within a network. We suggest deciding at which layer to mark after considering the following: • Layer 2 marking can be performed for non IP traffic. This is the only option available for non IP aware switches. • Layer 3 marking will carry the QoS information end-to-end. We propose to use both DSCP to mark packets and use CoS to mark frames to allow layer 2 devices to provide the QoS requirements of frames at the data link layer. A mapping between layer two CoS and layer three QoS (DSCP) is possible, as presented by Ubik [11] However, since we are just trying to improve QoS inside our Autonomous System, we will only propose tools associated with the network edge. After completing the marking stage, classification will be needed to create different classes of traffic with different priorities. 3.2.1 Low Bandwidth WAN Circuits If any low speed connections exist in the network, and a high portion of the traffic is RTP, the most proper protocol to use is the Compressed Real Time Transport Protocol (cRTP) which reduces the consumed bandwidth by compressing the IP/RTP/UDP headers. With cRTP the required bandwidth for a G729A VoIP call is reduced to approximately 50%. In this way, it is possible to double the amount of simultaneous calls in one link. cRTP is not required to ensure good voice quality, but rather a feature that reduces bandwidth consumption. cRTP must be configured on both ends of the link.

228

J.A. Pérez, V.H. Zárate, and C. Cabrera

By default with G.729, two 10-ms speech samples are put into one frame [12]. This creates a packet every 20 ms, so a VoIP packet can be transmitted every 20 ms. Blocking directly affects the delay budget, so it is always desirable to keep the blocking delay at 80 percent of your total voice packet size. So in our case we have a 20 ms seconds packet so the maximum blocking delay must be 16 ms. Now, we need to determinate the exact packet fragmentation size for the links we could have in our collaborative environment with the following algorithm: WAN bandwidth x blocking delay = fragment size in bits The low bandwidth circuits that we could support are a dial up 56Kbps link or ADSL 256Kbps link, so applying the last algorithm we have: Fragment size Dial-up link = 56Kbps x 16 ms = 896 bits per second = 112 bytes per second. Fragment size ADSL link = 256Kbps x 16 ms = 4096 bits per second = 512 bytes per second As we can see, in the low bandwidth WAN link is it necessary to fragment the packets to 128 or 64 bytes for the dial up connection and to 512 bytes to the ADSL connection. In order to fragment the packets we can use FRF.12 if we have a frame-relay interface, if we have interfaces that can run PPP, MCML is recommended otherwise we should use IP MTU, even though this last tool can cause many problems since the receiving station’s overall performance is affected. MCML PPP still requires fragments to be classified by IP Precedence, and to be queued by WFQ. For RTP traffic prioritizing at layer 3 over normal bandwidth WAN circuits, our general model proposes the use of Low Latency Queuing (LLQ) to give absolute priority to voice and video traffic over any other traffic over an interface. 3.2.2 Low Latency Queuing and Congestion Avoidance Techniques Low latency queuing (LLQ) was designed for realtime applications. It brings strict Priority Queuing (PQ) to Class Based Weighted Fair Queuing (CBWFQ). Strict PQ allows delay-sensitive data to be sent directly through the outgoing interface [13] before packets in other queues are sent (as shown in Figure 1). Without LLQ, CBWFQ provides WFQ based on defined classes with no strict priority queue available for real-time traffic. For CBWFQ, all packets are serviced fairly based on weight and no class of packets may be granted strict priority. This scheme poses problems for voice traffic that is largely delay intolerant. LLQ provides strict priority queuing for CBWFQ, reducing jitter in voice conversations. When LLQ is not possible to configure, CBWFQ is the best solution, since we can create a specific class and then assign a specific bandwidth that will be enough to guarantee the QoS of the voice traffic. We propose (see figure 1) to include a congestion avoidance technique for remaining traffic, Weighted Random Early Detection (WRED) with CBWFQ. WRED selectively drops packets according to its importance (packets of lower priority are dropped more than the ones from high priority).

A Network and Data Link Layer QoS Model to Improve Traffic Performance

229

4 Experiments and Results The aim of this section is to show the performance improvement that a real AS LAN will have after the above described procedures are followed. First, we will deploy a network infrastructure using a default configuration (without any kind of priority neither for voice nor video traffic). After that, routers and switches will be configured with the proposed model. We will compare results to determine the level of performance improvement obtained with the proposed design. The proposed network topology that represent an AS consists on 3 Catalyst 2600 series routers connected through their serial interfaces configured at a 2 Mb/s link speed (simulating an E1 connection). Each of the edge routers will be connected through their Fast Ethernet interface with a Catalyst 2900 series switch. Each of these switches connects to one more switch by using its Gigabit Ethernet trunk interfaces. Finally, the hubs and hosts are connected into these, just as it is pointed out in Figure 2. For each tested scenario we will measure the packet loss, delay and jitter, while testing the data link and network layer. SW2

SW1

R1

R2

R3

SW3

SW4

HUB2

HUB1 SNIFFER

TRAFFIC2

TRAFFIC1 VIGO1

VIGO2

Fig. 2. Scenario network topology

The routers were configured following a single area OSPF scheme. 802.1q was used on the Fast Ethernet interfaces to support the VLAN tagging of the switches The used IP addresses were as follows: R1 Fa0.0: R2 S1: R3 Fa0.0: Traffic1: Sniff NIC1: Vigo1:

192.168.3.1 192.168.1.2 192.168.4.1 192.168.3.20 192.168.3.10 192.168.3.15

R1 S0: R2 S0: R3 S1: Traffic2: Sniff NIC2: Vigo2:

192.168.1.1 192.168.2.1 192.168.2.2 192.168.4.20 192.168.4.10 192.168.4.15

Vigo videoconference equipment will be used in each end point of the network, while having other hosts generating traffic from protocols like ftp and http. Other computers will use special software to flood the network with random packets to simulate a real scenario. The test for each scenario consists on keeping a videoconference open between two end points of the network while there is a heavy traffic. We will perform the test of each scenario with and without voice and video priority configurations so that we can measure the improvement percentage.

230

J.A. Pérez, V.H. Zárate, and C. Cabrera

By recreating a videoconference enabled scenario while also simulating normal network traffic, our testing environment comes very close in terms of reality and thus gives us a much better perception of what would the QoS performance benefit be when applied into a real world case, such as an university campus. 4.1 Endpoints Inside the Same Network – Layer 2 Priority The first and simplest scenario describes the typical switched LAN created only by switches. In our simulation, 2 Cisco Catalyst 2950 switches were connected through their Gigabit Ethernet trunk interfaces. For testing, one 3Com 10/100 hub was connected at the Fa0/1 of each of the switches, while also using a traffic generator laptop plugged into the Fa0/2 port of each switch. Both a Vigo videoconference laptop and the sniffer laptop were connected to each of the hubs. The two sniffer cards were inside the same laptop, and each card was connected to a different hub. A videoconference was established between the 2 Vigo enabled laptops while also injecting traffic from the laptops connected through the Fa0/2 port. All traffic between switches was exchanged through the Gigabit Ethernet trunk interfaces. The tests ran in our simulated network showed up some slight improvements after applying QoS at layer 2. The improvements were small due to the fact that our layer 2 equipment is able to switch great amounts of data in a very short time, thanks to its 100/1000 Ethernet interfaces. This points out that our attention should be focused into improving layer 3 prioritization which covers our network full AS. 4.2 Endpoints in Different Networks – Layer 3 Priority In this scenario, the end points are located in different networks, so the traffic will have to go through the router’s serial interfaces. In this way we will just evaluate the layer 3 priority. The used network topology can be observed at Figure 2. The sniffer has two cards, each one is connected to a different network. For this scheme, there are 2 types of router configurations that should be noted. We will refer to them as the edge and the middle routers, being the edge routers the ones that are directly connected to the switches and the middle routers the ones that only use their serial links to communicate the rest of the routers between themselves. The configuration used for the edge routers were as follows: Router(config)#class-map match-any VOICE-VIDEO Router(config-cmap)# match protocol rtp audio Router(config-cmap)# match protocol rtp video The creation of the VOICE-VIDEO class identifies the RTP traffic commonly used in videoconference. Router(config-cmap)# class-map match-any HTTP-FTP Router(config-cmap)# match protocol ftp Router(config-cmap)# match protocol http The HTTP-FTP class identifies the traffic we will be using as a 2nd priority. In our tests, our injected traffic is of this kind, so we provide a specific class for it to ensure the router responds as we request.

A Network and Data Link Layer QoS Model to Improve Traffic Performance

231

Router(config)# policy-map MARKING Router(config-pmap)# class VOICE-VIDEO Router(config-pmap-c)# set dscp af41 The MARKING policy is specific of the edge routers. Once in the middle routers, traffic has already been marked so there’s no need to do this again. Router(config)# policy-map VOICE-VIDEO Router(config-pmap)# class VOICE-VIDEO Router(config-pmap-c)# priority percent 50 Router(config-pmap-c)# class HTTP-FTP Router(config-pmap-c)# bandwidth remaining percent 70 Router(config-pmap-c)# class class-default Router(config-pmap-c)# bandwidth remaining percent 30 Router(config-pmap-c)# random-detect The VOICE-VIDEO policy gives special treatment to each traffic class specified previously. We define a strict 50% traffic priority to all the data matched by our VOICE-VIDEO class. From the remaining bandwidth we chose to give 70% (35% from the total absolute bandwidth) for HTTP and FTP traffic, while giving the rest of the bandwidth to any other kind of traffic not previously defined. For each of the edge routers, we applied our policies VOICE-VIDEO and MARKING to the corresponding interfaces. For R1: R1(config)# interface s0/0 R1(config-if)# service-policy output VOICE-VIDEO R1(config-if)# interface fa0/0 R1(config-if)# service-policy input MARKING The configurations for the middle router differ from the edge ones, so it doesn’t require any marking because R1 and R3 (the edge routers) are doing all the marking themselves. The extra configuration required for the middle router R2 to work was: R2(config)# class-map match-any VOICE-VIDEO R2(config-cmap)# match ip dscp af41 The edge routers MARKING policy already set the dscp to af41, so the middle routers can trust this value and only compare the incoming packets against this. The only difference between the middle and edge routers is the MARKING policy. The VOICE-VIDEO policy remains the same, so the only missing thing is to apply the policy to an interface. R2(config)# interface s0/0 R2(config-if)#service-policy output VOICE-VIDEO R2(config-if)#interface s0/1 R2(config-if)#service-policy output VOICE-VIDEO Finally, we apply the policy to our serial interfaces. In contrast to the edge routers, the same service policy needs to be applied to both serial interfaces. Since we don’t process nor do any marking from incoming traffic, we do only need to specify the prioritization for the data already marked. The edge router marks the header and the middle routers are dedicated to give a preferential or deferential treatment to the marked packets with a given DSCP field

232

J.A. Pérez, V.H. Zárate, and C. Cabrera

[14]. By following the previous steps, we will be successfully marking and prioritizing our traffic through all of our routers. It is important to note that the policies must remain equal through all routers to maintain consistency. After applying this configuration, the sniffer laptop was set to capture and measure the time differences for a 1-way throughput. The following table shows the differences when applying the commands shown above: Table 1. Experiment results

Voice (No QoS) Voice (QoS) Benefit (%) Video (No QoS) Video (QoS) Benefit (%)

Total packets 686 705 2328 2399

Average delay (ms) 27.910 12.036 131.88 31.209 17.671 76.61

Jitter (ms) 60.870 60.401 .776 18.610 17.940 3.60

During the tests there were no lost packets at all and, as shown, there is a remarkable improvement in both voice and video (131.88% and 76.61% respectively) after applying the QoS settings. We should keep in mind that these results were obtained on a simulated network where lots of traffic was being injected into the Fast Ethernet interfaces to flow through the serial link, thus forcing the router to apply the prioritization. Under higher data load, the benefits margin would have been even bigger.

5 Conclusions In this paper we proposed a general guide for enabling QoS inside an autonomous system composed by several routers and switches in order to provide a more suitable environment for real time traffic used in videoconference. The two created scenarios for simulation of layer 2 and layer 3 infrastructures show up benefits from the implementation of QoS in their policies. Even though we prioritize the voice and video traffic in our experiments, this model can be applied to any kind of traffic required in collaborative systems. After running the tests, it’s easy to notice the difference between a network with QoS enabled and one without it. The video in both edges appears smoother and the audio is not chopped, no matter what the load in the routers is, as long as the specified priority in the policy maps is enough to handle the video conference demand. When talking about the urgency to implement QoS at layer 2, we do know that this is not so relevant to keep a good quality conference, since layer 2 only involves devices directly attached into our own switched network, thus providing a connection which depends only on our local hardware, usually Fast Ethernet devices. Having a Fast Ethernet switched network provides enough bandwidth for all the devices connected to it, so QoS is not so important as long as the link speed remains constant. However, when dealing with layer 3, many considerations are required since we can not control the traffic coming from other sources. We must follow the proposed model in order to prioritize the outgoing/incoming traffic to assure that the most

A Network and Data Link Layer QoS Model to Improve Traffic Performance

233

important data keeps flowing smoothly without congestions. Inside an AS, this paper provides the required steps to enable QoS in both incoming and outgoing traffic. The obtained results show the type of improvement which will be obtained in the target AS where these settings are applied (up to 131%). This AS refers to the final network where our collaborative system could be connected, enhancing the quality of their communications while allowing for total control of the traffic flowing through it. By using a scenario recreating real traffic with the use of TCP, UDP and ICMP traffic, our tests come close to reality, demonstrating that our general model can be successfully applied into a real world scenario while obtaining similar benefits. With this model, we can guarantee an optimal performance inside the AS, translating into a direct benefit to the network where the collaborative systems are set down.

References [1] Guzdial, M., Hmelo, C., Hubscher, R., Newstetter, W., Puntambekar, S., Shabo, A., Turns, J., & Kolodner, J. (1997). Integrating and guiding collaboration: Lessons learned in computer-supported collaboration learning research at Georgia Tech. Proceedings of Computer-Support for Collaborative Learning (CSCL ‘97), Toronto, Ontario, 91-100 [2] A. Campbell, G. Coulson and D. Hutchison, “A Quality of Service Architecture", Computer Communication Review, Vol.1, No.2, April 1994, pp. 6-27 [3] ECOLE. "Synergeia". Internet Web Site. http://www.ecolenet.nl/best/synergeia.htm. Consultation date: October 2004. [4] Patras, U. "Synergo". Internet Web Site. http://www.ee.upatras.gr/hci/synergo/. Consultation date: October 2004. [5] Blackboard, I. "Blackboard Portal System". Internet Web Site. http://www.blackboard. com. Consultation date: October 2004. [6] S. Chen, K. Nahrstedt, An overview of quality-of-service routing for the next generation high-speed networks: problems and solutions, IEEE Network, Special Issue on Transmission and Distribution of Digital Video, November/December 1998 [7] Avouris, N.; Margaritis, M.; Komis, V. "Real-Time Peer Collaboration In Open And Distance Learning". Proceedings: 6th Hellenic European Conference On Computer Mathematics & Its Applications. Athenas. September 2003. [8] I. Miloucheva, A. Nassri, A. Anzaloni, "Automated analysis of network QoS parameters for Voice over IP applications", 2nd International Workshop on Inter-Domain Performance and Simulation (IPS 2004), 22-23 March 2004, Budapest, Hungary. [9] S. Vegesna, “IP Quality of Service”, Cisco Press, 2001. ISBN 1-57870-116-3. [10] L. Burgstahler et al, “Beyond Technology: The Missing Pieces for QoS Success”, Proceedings of the ACM SIGCOMM 2003 Workshops, Aug 2003, pp: 121-130. [11] Seven Ubik, Josef Vojtech. QoS in Layer 2 Networks with Cisco Catalyst 3350. CESNET Technical Report 3/2003. [12] M.J. Karam, F.A. Tobagi, Analysis of the Delay and Jitter of Voice Traffic Over the Internet, IEEE INFOCOM 2001 [13] Fayaz, A., McClellan, S., Manpreet, S. and Sannedhi K. End-to-end Testing of IP QoS Mechanisms. IEEE Transactions on Mobile Computing 0018-9162/02 IEEE pp 80-86. [14] Fineberg, V., “A practical architecture for implementing end-to-end QoS in an IP network”, IEEE Communications Magazine, Vol. 40 , Issue: 1, Jan.2002, pp.122– 130.

A GML-Based Mobile Device Trace Monitoring System Eun-Ha Song1, Sung-Kook Han1, Laurence T. Yang2, Minyi Guo3, and Young-Sik Jeong1 1

Department of Computer Engineering, Wonkwang University 344-2 Shinyong-Dong, Iksan, 570-749, Korea {ehsong, skhan, ysjeong}@wonkwang.ac.kr 2 Department of Computer Science, St. Francis Xavier University Antigonish, NS, B2G 2W5, Canada [email protected] 3 School of Computer Science and Engineering, Aizu University Aizu-Wakamatsu, Fukushima-ken 965-8580 Japan [email protected]

Abstract. Recently, the demands on information services have been increasing significantly. This is mainly due to the popularization of computer and mobile telecommunication devices and the rapid improvements on wireless communication technology. Specially, information services and their corresponding management for mobile devices, such as Location Based Service (LBS) and Telematics, become more and more important. However, the standard for geographical space data has not been finalized. Many commercial monitoring systems are using their own independent geographical information without making them compatible to others. Much efforts and resources have been wasted on managing and operating those different monitoring systems’ geographical Information System (GIS) databases. Accordingly, a standard format called GML, based on the most commonly used geographical data format such as DXF, DWG and SHP, has been emerged. In this paper, our work on GML’s visualization in Trace Monitoring Systems (TMS) is described fully. The details on how to trace and manage data moving among different mobile terminals are presented as well.

1 Introduction Geographical Information Systems (GIS) has become one of the key technology to improve and shape our future living environment, even our social life. It is an advanced information system by systematically computerizing all geographical information such as the configuration of the ground, buildings, roads, rivers, bridges, geological structure, nature of the soil, and the environment of sea. It can use these computerized data for efficiently managing national land, environment, disasters, business activities, our daily life and so on. Furthermore, the realization of wireless connectivity is bringing fundamental changes to telecommunications and computing and profoundly affects the way we compute, communicate, and interact. It provides fully distributed and ubiquitous mobile computing and communications, thus bringing X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 234 – 243, 2006. © IFIP International Federation for Information Processing 2006

A GML-Based Mobile Device Trace Monitoring System

235

an end to the tyranny of geography. Therefore, the mobile telecommunication industry is making the increasing efforts and investing enormous development budgets on providing high quality services on these increasingly popular mobile devices. In order to keep high quality services, such as Location Based Service (LBS), to manage trace monitoring technology on mobile devices anytime, anywhere, by any means without interruption, a trace monitoring system is very necessary. For the majority of existing trace monitoring systems on mobile devices, none of them can provide the standard geographical information because their data are based on the existing numerical map, DXF [1]. Furthermore, none of them can support and provide the integrated location information for those mobile device users. In order to overcome the above limitations, we focus on our approach on GML 3.1 [4] format which is a standard encoding language based on XML which can present a geographical and service founded on location information regardless platforms and clients. The format is very generic built on SMP (Synthetic Map Preprocessor) [5] since the existing DXF, DWG [2] SHP [3] file formats are only suitable for a special type of application. In this paper, we present our implementation approach for TMS (Trace Monitoring System of mobile devices) which can efficiently manage the integrated tracing on users' location information, after getting and saving information from the moving users who are using WIPI [6] as mobile devices.

2 Related Works In this section, GML is introduced firstly, and the existing visual systems based on GML are outlined as well. Then based on the existing numerical map and other geographical formats, the mobile device monitoring systems are explained briefly. 2.1 Map Representation Based on GML Due to rapid increasing demands and uses of internet or mobile telecommunications, OGC, a private GIS standard organization, offered GML 3.1 version starting from 1.0 version, to make such standard specification has interoperability of geographical information in different hardware and software environments. GML is the standard encoding language based on XML which can present a geographical and service founded on location information regardless of the kinds of platform and client. The existing visual systems based on the GML are iSMART EXplorer 4.4 [7] by eSpatial Inc., OS Master Map Viewer 2.0 [8], TatukGIS Viewer 1.4 [9] by TatukGIS Inc., FME Universal Viewer 2003 [10] by SafeSoftware Inc., and GML Viewer by ETRI. In the following paragraph, we briefly introduce these existing visual systems one by one. We start with iSMART EXplorer 4.4 first. Its application is light, very easy to use, and has an advantage on analysis because it is connected OCI DB. And it is also possible for users to enlarge, reduce, move, and re-examine non-spatial attribute data to find out schema automatically. Among the most notable advantages, it can edit the space and offer fast response time for connecting low bandwidth through web browser. For OS Master Map Viewer 2.0 developed by JAVA, it can read 1900 points

236

E.-H. Song et al.

a second for those files in WinZip, GZip, and GML formats. It can compare and visualize their attributes after one or many spots are chosen. If some regions have a meaning, it can make them visual differently. It can change and visualize a numerical statement according to different themes. If the visual field is manipulated by mouse or keyboard (including movement, enlargement, and reduction), it will draw the visual field again after shaping the round shape of dotted line for representing the converted image. For TatukGIS Viewer 1.4, it can support almost all formats like Raster image file format and vector graphic file format and also have the capability to process the maximum 2G bytes. It can also convert the visual geographic information into PDF file type and measure the size of the dotted formation, the distance among positions, and the appropriate regions while handling the attributes with SQL Builder. It represents the same attributes with the equal color based on Vector attribute information. For FME Universal Viewer 2003, it shows the measuring distance, geometrical information, and the data set of the appropriate files. It is possible to distinguish each attribute with the other meaning, after saving *.fmv, to turn them into other formats. The above described visual systems can show a simple map format but they can't trace the moving course of mobile objects. Therefore, in this paper, we propose a system to trace and manage the integrated movement of mobile devices in these visual systems. 2.2 The Existing Monitoring Systems The existing monitoring systems are divided into the ones with visual tracing and the ones with only raw data in tables. One typical example of the former ones is the Tracing Monitoring Solution of Cyber Map World (CyberMapWorld Co. Ltd.). It is a kind of tailored solution for tracing through GIS system to offer different applications the detailed information in real-time. Such applications include the movement course and location information of the vehicles, customers to the enterprises, government and public offices that are in need of tracing monitoring on vehicles, distribution, and customers. The system is composed of LBS engine for managing the mobile objects of the large capability and GIS engine of the technology applied with the main memory DB. It is the system to supply a solution based on LBS server included the detailed DXF files with all reduced scale. It can trace the mobile objects on an extensive scale at a time and all the vehicles and the users, and offer the searching speed out of common. The NEO controlling system, if the call is registered in the window of user's devices, indicates the call lists before the allocation, and after allocating the vehicles, the passenger's state is shown in the allocation list. If you enter the number of the car to trace, this system will show the latest location information of it based on DXF geographic information data. The managers can control the sending intervals and frequency of the data according to the states of the system. However, for the majority of existing trace monitoring systems described above, none of them provide the standard geographical information because their data are based on the existing numerical map, DXF format. Furthermore, none of them can support and provide the integrated location information for those mobile device users. To overcome the above limitations, in this paper, we propose a system to trace

A GML-Based Mobile Device Trace Monitoring System

237

and manage the mobile devices based on the international recommended GML standards.

3 TMS Design 3.1 TMS_Server TMS_Server is composed of GML library module generating GML format, Server Broker controlling all TMS_Server compositions, Light-Weight Import bringing the filtering data from SMP, Moving Storage saving the information on moving space from Viewer at the time of changing the location of mobile devices, and Communication Manager communicating the mobile devices and Viewer. The architecture of these modules is described as follows in Fig. 1.

Fig. 1. Architecture of TMS_Server

3.1.1 Light-Weight Import and Viewer Import Light-Weight Import considers the processing speed, the memory capacity, and the visualization area of mobile devices. Viewer Import plays a major role of supporting monitoring based on the standard geographic files. The former module extracts layer and attributed entity section from the source geographic information data such as DXF, DWG, and SHP files at SMP, and saves as the light-weighted files. The latter module saves the extracted files. After that, these files are returned into manipulation map files and memorized in each memory address. Checking the memorized files, the scale map sheet code building files are stored in theme which are indicated as layer 4111=Building, 4112= Glasshouse, 4113=Historic Interest, on the other in term, these are stored in outline as level 50. In the scale map sheet code road, theme is stored as land, group as road or track,

238

E.-H. Song et al.

term as public with level 50. These data are also stored without handling the attributes specially. 3.1.2 GML Library Module GML library module controls the converting process, which changes the geographic information data from Server Broker into the geographic space information data with the same type of GML 3.1 format based on XML. The detailed contents in each class of GML library module are listed in Table 1. Table 1. Classes of GML library module

Class AnchorPoint CartographicMember CartographicText CoordinateTuple Feature FeatureCollection

Description Selecting a fixed GML point To make CartographicText To save the assigning attributes in showing Text To make AnchorPoint (Punctual Coordinates) To establish a basic model(fid =10000000, FeatureCode=0) Integrating CartographicMember and TopographicMember Showing text, polyline(attributes, coordinates), GMLDocument polygon(attributes, coordinates), point GMLMulPoint Accepting various CoordinateTuple with GML point GMLPoint To make CoordinateTuple To make GML documents (parsing order: text-polygonGMLSchema polyline) GMLSchemaImp Defining tag of GML documents TextRendering Defining text description TextString To description of letters line Topographic Defining the attributes to be included Topographic point TopographicMember Defining each attribute to be included Topographic 3.1.3 Communication Manager Communication Manager is in charge of the communications among the WIPI users, TMS_Server, and Viewer. This module delivers the geographic data of the lightweighted GML 3.1 format from the server to Viewer through UDP communications, the mobile devices, and TCP/IP protocols. With the present coordinates as its starting points, it delivers the geographic data as the size of 250×250 to show the size 120×146 as a visualization area in mobile devices. It delivers the geographic data at the shape size of 2500×2500 than the size in the appropriate map sheet to Viewer. This module also saves and delivers moving information from the mobile devices a second. If Viewer wants to know the geographic space information enters its ID, this module gives the moving information in mobile devices to TMS system. Table 2 shows each class file in Communication Manager.

A GML-Based Mobile Device Trace Monitoring System

239

Table 2. Classes of Communication Manager

Class ReadThread ServerConn SimpleServer

Description Disconnecting and delivering the read data Recording the connected time, date, file size in server, performing GML creating, handling the original data file, and delivering created GML data Indicating the comments in GML server

3.1.4 Server Broker Server Broker is a kind of medium coordinating and controlling each module. These class files are shown in Table 3. It demands GML file corresponding to the coordinates moving in mobile devices, and has a role of delivering the coordinates to the basic coordinates of GML library module. It receives the ID's moving information from mobile devices in Viewer, delivers this moving information to Communication Manager, and sends the coordinates to the core ones of GML library module for the initial visualization. Table 3. Classes of Server Broker

Class

Description Recording the connected time, date, file size, performing MapPatcher GML creating in server, if making errors, recording "The phone is off", adding method to short type converting byte[] Allowing Socket approaching, if making errors, recording "This Mapserver is already used port or security port" MapServerImp Designating numbers of IP and port 3.1.5 Moving Storage Moving Storage is a repository with the moving information in mobile devices according to ID through Server Broker. This stored data is returning TM coordinates into text. 3.2 Viewer Viewer is composed of Communication Manager module corresponding with TMS_Server in Fig.2. Server Broker is used for mediating and adjusting all viewers and handling the coordinates, GML parser is used for analyzing GML file into XML file and dividing according to each attribute, User Event is used for handling event message when manager of Viewer moves the map, Monitoring Event module is used for tracing and managing the moving information in mobile devices for monitoring. 3.2.1 Communication Manager Communication Manager receives the geographic data of GML format from TMS_Server through TCP/IP protocols and the moving space information about

240

E.-H. Song et al.

Fig. 2. Architecture of TMS Viewer

mobile device ID's shifting of mobile devices from TMS_Server. In details, when there is demand on the event from User Event, this module will send and receive the geographic space information through communicating with TMS_Server. 3.2.2 GML Parser GML parser is a module of analyzing GML file for the visualization. GML is based on XML, and this paper adopted GML 3.1 format version. There are feature schema, geometry schema, GML schema, and application schema. After distinguishing every schema in schema parser, the relevant schema has a charge of working and sorting tag and contents as the attributes of XML is sorted in kXML Parser. Then it moves contents matching the sorted tag in pair to Monitoring Broker. 3.2.3 User Event User Event manages the event messages demanded from Viewer such as enlargement, reduction, and manual movement of map to a specified area. 3.2.4 Monitoring Broker Monitoring Broker is a module of adjusting and mediating the geographic information among modules. It delivers the geographic space information from TMS_Server to GML parser, after receiving the analyzed geographic space information from GML parser, to make these data show to Viewer, adding the matching coordinates and applied the styles to text, polygon, polyline, and point. 3.2.5 Monitoring Event Monitoring Event makes the continuous changing space coordinates visible to Viewer. Because the locations in mobile devices change every moment, the changing coordinates in the geographic space saved to mobile devices' ID make them visible at once a second in Monitoring Broker.

A GML-Based Mobile Device Trace Monitoring System

241

4 Implementation and Case Studies The implementation of TMS uses JAVA 1.3.1-b24, JBuilder 2005 as the programming tool. The implemented mobile devices, because of limitations in using the practical devices, are AROMA-WIPI Emulator Evaluation Ver. 1.1.2.7 [14]. The visualization of viewer adopted the area of map sheet 4_35701077 and the address is as the followed; 3 Ga, Hanok Village, Pungnam dong, Wansan gu, Jeonju, Jeonbuk, 560-033 Korea. In Fig. 3, the mobile device ID 1 after joining in Viewer moves from Jungang elementary school to Chongsu pharmacy. In Fig. 4, the mobile device ID 2 moves from Jeonju tradition museum to Sungmun church. In Fig. 5, the mobile device ID 3 moves from Gyodong temple of Wonbuddism to piano academy. Fig. 6 is a console screen of

Fig. 3. Mobile Device ID 1

Fig. 4. Mobile Device ID 2

Fig. 5. Mobile Device ID 3

Fig. 6. TMS console of map sheet 4_35701077

242

E.-H. Song et al.

Fig. 7. Viewer of map sheet 4_35701077

TMS_Server offering the geographic information to Viewer, and a console screen of TMS recorded with the moving coordinated in the mobile device ID 1 and received the geographic information from TMS_Server. In Fig. 7, the mobile ID 1 is shown with blue color, the mobile ID 2 with red color, and the mobile ID 3 with green color.

5 Conclusions and Future Works In order to import DXF, DWG, SHP file as a basic numerical map files easily in TMS, in this paper we filter and exclude the unnecessary parts in the existing format visible according to the tag and the attributes. Then, to import the filtered file based on SMP module capable of composing the basic geographic information of TMS system rapidly and easily, the scale and map sheet is stored as clear numbers and each file can be made to manage uniquely. TMS is implemented to make it visible based on GML 3.1 format suggested in OGC, to attain TM coordinates as the real time moving space information of various mobile devices, and to make it possible to get the integrated tracing management sending these to TMS_Server. In this paper, the implemented TMS is applied to the existing TMS to the present call systems without any special equipment because it can, on the manager's part, trace and manage the user's mobile device. In using the geographic information, it makes GML format adopted the international geographic recommended standard instead of the present numerical map for visualization. As for the numerical map, to

A GML-Based Mobile Device Trace Monitoring System

243

make GML format, it makes the unnecessary information filtered and light-weighted, and offers indexing files. In future work, it is necessary to develop TMS service which make use of the public DXF which is popular geographic information service and SVG getting vector graphic easily in the internet environment, to apply DEM (Digital Elevation Model) as an actual measured topographic data to represent the real space information, and to apply LOD (Level of Detail) as the brief handling technology on all areas classifying the far and near and controlling the degree of accuracy. And it is also necessary to develop TMS to indicate only location on map which the users as multimedia thematic map want making use of the delivery of meaning the merits of GML 3.1, and adding POI (Point of Interest) information in each main building to the attribute information.

Acknowledgement This work was supported by the Korea Research Foundation Grant funded by the Korean Government (MOEHRD) (the Center for Healthcare Technology Development, Chonbuk National University, Jeonju 561-756, the Republic of Korea).

References 1. Autodesk Drawing eXchange Format, http://www.autodesk.com/techpubs/autocad/ acad2000 /dxf 2. Open Design Alliance, http://www.opendwg.org 3. ESRI, ESRI Shapefile Technical Description. ESRI, INC, http://www.esri.com, 1998. 4. OpenGIS Consortium, Inc. Geography Markup Language (GML) Implementation Specification, http://www.opengeospatial.org 5. C-Y Jeon, J. Park, E-H Song, Y-S. Jeong, “A Development of Integrated Map Preprocessor for Mobile GIS Visualization,” KIPS, VOL.12 NO.1 pp. 707 710, 2005. 6. Wireless Internet Standardization Forum, “Mobile Standard Platform WIPI 2.0.1”, http://wip i.or.kr, 2004. 7. eSpatial Inc. iSMART Explorer 4.4, http://www.espatial.com 8. Snowflake Software Ltd. OS Master Map Viewer 2.0, http://www.snowflakesoftwa re.co.uk 9. TatukGIS Inc. TatukGIS Viewer 1.4, http://www.tatukgis.com/ 10. Safe Software Inc. FME Universal Viewer 2003, http://www.safe.com 11. CyberMapWorld co., Location Tracing Solution, http://lbs.cybermap.co.kr/ 12. Canas C&C co., http://www.kindcall.com/ 13. kXML, http://kxml.kobjects.org/ 14. Aromasoft co., AROMA-WIPI Emulator Evaluation, http://www.aromasoft.com

Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks Chulho Won, Jong-Hoon Youn, and Hesham Ali Computer Science Department University of Nebraska at Omaha Omaha, NE 68182, USA {cwon, jyoun, hali}@mail.unomaha.edu

Abstract. Denial-Of-Service (DOS) attack is recognized as a biggest threat against the operation of large-scale wireless sensor networks (WSN). Especially, high-mobility radio jamming like vehicles carrying radio jamming device can cause a serious damage in performance of WSNs. Because of resource-constraint design of sensor node, it is hard to provide enough protection against high-mobility jamming attack. Therefore, large-scale WSNs are extremely vulnerable to that type of DOS attack. Recognizing the importance of the problem, we conducted a simulation study to investigate the impact of radio jamming on the performance of a large-scale WSN. Based on the simulation results, the moving speed of radio jamming source has the most conspicuous effects on the WSN performance such as packet delivery success ratio and delay. As the speed changes from 8 m/sec to 1 m/sec, the success ratio drops by up to 10 %. On the other hand, the delay increases by up to 55 %.

1 Introduction There is an increasing demand on the use of large-scale sensor networks. Some of challenging applications include medical care, emergency response, wildlife monitoring, environmental monitoring, traffic monitoring, battlefield military operations, remote terrain exploration, and many others. Denial-Of-Service (DOS) attack [10], [11], [12] is recognized as a biggest threat for the operation of mission-critical network. When a large-scale sensor network operates in a hostile environment, protection against DOS attacks becomes the most important issue for the longevity of system operation. Radio jamming, by a definition, is the operation of sending strong signals on the same channel or frequency to make impossible to receive desired signals. In this paper, high-mobility radio jamming is defined as a DOS attack by radio jamming device carried by an automotive mechanism such as mobile robot or vehicle. Therefore, they can cause a significant disruption of network communication in a large area of the system deployment because the mobile radio jamming can move from one location to another in a short time. Even though it is relatively easy to launch attack using high-mobility radio jamming, it is hard to provide protections against the attack. Large-scale WSN has a weakness in protection against high-mobility jamming attack for several reasons. First, since sensor nodes are highly resource-constrained, it X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 244 – 251, 2006. © IFIP International Federation for Information Processing 2006

Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks

245

is not affordable to provide full-fledged security measures on the small-footprint sensor nodes. Second, large-scale WSNs need to operate in an unattended manner. Providing maintenance to large-scale networks is not almost possible. Therefore, a sudden change of operating conditions critically affects the system function and life time. For example, radio jamming attack causes a large amount of transmission failures in the attack area. Therefore, the sensor nodes in the attack area suffer from excessive energy consumption. Third, high-mobility radio jamming has not been much addressed in the context of WSN. There are few protection mechanisms proposed in considering the scarce resource of sensor nodes and the high-mobility of radio jamming. Since the radio jamming creates routing voids in the WSN, the existing approaches [5], [6] for routing void can provide a solution. However, those existing approaches are not effective for high-mobility jamming. First, the existing approaches are based on the availability of the map of routing voids. In comparison, the routing voids created by radio jamming are extremely time-varying and thus the status of routing void is changed frequently in an unpredictable way. As the map of routing voids is changed quickly, the frequency of the map update needs to be increased. And thus this approach needs a significant increase of energy consumption. Since a WSN may have a very tight energy budget, frequent map update does not become a viable solution. The main motivation of this paper is to look into the impact of high-mobility radio jamming on WSN performance by focusing on three aspects. First, high-mobility jamming attack model is developed based on key parameters such as interference range, speed, and mobility. Second, simulation is used to investigate the effectiveness of the existing routing protocols in protecting WSN against high-mobility radio jamming. Several performance metrics are measured to compare the effectiveness among the protocols. Finally, we propose a desirable approach for protecting WSN against that type of DOS attack based on the simulation results. The rest of paper consists of as follows; Section 2 presents related work, Section 3 describes a high-mobility radio jamming model, Section 4 presents the simulation environment and the results, and finally Section 5 discusses conclusions.

2 Related Work Research issues on DOS attack was not studied much in the context of WSN. In the positional paper, Wood [10] presented a number of different types of DOS attack, which can be used in the context of WSN. Ahmed [12] surveyed potential DOS attacks and pointed out that radio jamming on mobile machine can be an effective attack to WSN. Several researches addressed radio interference effect in the context of short-range wireless networks. Crossbow Technology Inc. [3] and Steibeis-Transfer Center [15] independently conducted experiments to measure the effect of interference on 802.15.4. The technical document [3] from Crossbow Technology Inc. describes measurement results showing that the packet delivery rate in a MICAz sensor network

246

C. Won, J.-H. Youn, and H. Ali

is dropped significantly by the interference with 802.11b WLAN when they use closely located radio channels. The Steibeis-Transfer Center [15] also conducted a measurement study using commercial devices. According to the study, the radio interference effect of 802.11b can cause significant performance degradation to 802.15.4. Howitt [16] analyzed the radio interference of 802.15.4 on 802.11b. He used both analysis and measurement to prove that the 802.15.4 has little or no effect on 802.11b performance and thus the coexistence of 802.15.4 and 802.11 needs to be approached to protect 802.15.4. Howitt [17] studied the effect of interference using experiments and analytical models. The experiments intended to evaluate the impact of the interference between Bluetooth and 802.11b. He also built analytical models for the interference caused by 802.11b on Bluetooth and for the interference caused by Bluetooth on 802.11b. Golmie [18] proposed a dynamic scheduling algorithm for Bluetooth to relieve the radio interference effect between Bluetooth and WLAN. The algorithm is to guarantee system performance requirements such as QoS while reducing the effect of the interference by WLAN. It extends the Bluetooth channel hopping mechanism in a dynamic way that devices in the network maximize their throughput and get the fairness of access. As mentioned earlier, several algorithms were proposed for bypassing permanent routing voids in mobile ad-hoc networks and wireless sensor networks [5], [6]. Although the existing mechanisms are effective for permanent routing voids, radio jamming attacks creates temporary routing voids, which frequently changes the status between disconnection and connection. Therefore, the main concern of using the existing routing void mechanisms is in their low effectiveness. Wood [11] addressed a Denial-Of-Service (DOS) attack in the context of largescale wireless sensor network. The attack is assumed to use radio interference, called radio jamming attack. They propose a mapping and detection algorithm for jammed regions of sensor network. The mapping protocol provides the application layer the map of the jammed regions hole, which helps to route packets around the jammed regions. The detection and mapping algorithm is executed in a distributed manner. The wireless nodes in jammed region detect a jamming attack autonomously and broadcast the attack to their neighbors to detect and map the jammed area. They proposed a carrier sense defeat mechanism for broadcasting high-priority attack message.

3 High-Mobility Radio Jamming Model For modeling a radio jamming attack, a general transmission loss model of radio signal is adopted as described in [7]. The interference signal strength at a distance of r is represented as in Equation1, where G is a random noise.

E ( r ) = m( r ) + G ∂ r m(r ) = 10 log( ) −α , α = 4, ∂ = 7 dB R

(1)

Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks

247

This model shows that the interference strength, which is called intensity hereafter, is inversely proportional to the distance from the jamming source as shown in Equation (1). A circle of interference area will be formed at a distance. In that area, the jamming signal causes interference to the communications between sensor nodes. Mobility is another cause of system performance degradation under mobile radio jamming. As the jamming source moves around, the routing void changes its location. Therefore, the mobility effect is characterized by two parameters: moving speed and recurring interval. The recurring interval indicates how often the radio jamming attack returns back to the same area again. The moving speed indicates how fast the radio jamming moves through the area. To capture the general characteristics of radio jamming effect, our radio jamming model has three main parameters: interference intensity, moving speed, and recurring interval.

4 Simulation 4.1 Methodology To evaluate the effectiveness of the proposed scheme in a large-scale sensor network, a simulation study was conducted. We used the NS2 simulator with 802.15.4 model developed at the City University of New York [13]. The WSN consists of 200 nodes and they are placed 8 meter apart on a grid. The radio jamming effect was modeled using three parameters: intensity, speed, and interval. We assumed that there is a single source of radio jamming and all the nodes in same interference area are interfered at the same level. The intensity of the model indicates how many nodes are interfered by the radio jamming. Therefore, the higher the intensity is, the more nodes get the interference. For the mobility pattern, the radio jamming source moves at a fixed speed through the network towards to the boundary of the network. The source returns back to the old place at an interval. For the packet traffic generation, eight pairs of sender and receiver are used for one-to-one traffic with UDP packets. The senders and the receivers are located on the opposite side of the grid. The radio jamming source moves around the space between the senders and the receivers. Each sender sends packets to its receiver at interval of 1 second. The effect of mobility radio jamming on WSN performance was measured with two metrics: average packet delivery success ratio and average delay. The success ratio is the number of received packets divided by the number of sent packets. The delay is the time for packet to travel from sender to receiver. The metrics were measured by varying three parameters: intensity, interval, and speed. The WSN uses two popular routing algorithms: AODV (Ad-hoc On-Demand Distance Vector) [4] and GPSR (Greedy Perimeter Stateless Routing) [5]. 4.2 Results The first set of simulation results presents the effect of interference intensity on the performance of the chosen routing protocols. For the simulations, we used fixed

248

C. Won, J.-H. Youn, and H. Ali

98 96 94 92 90

AODV 2

88

GPSR 2

86 84 82 80 78 6

12

18

Fig. 1. Success Ratio versus Intensity 0.1 0.09 0.08 0.07 0.06

AODV 2

0.05

GPSR 2

0.04 0.03 0.02 0.01 0 6

12

18

Fig. 2. Delay versus Intensity

values for the interval and the speed; the interval was set to 70 seconds and the speed was at 2 m/sec. In Fig.1 and Fig.2, AODV 2 and GPSR 2 use the speed of 2 m/sec. The intensity was set to 6 m, 12 m, and 18 m. Fig.1 compares the success ratio between two routing protocols: AODV and GPSR. The x-axis indicates the intensity of radio jamming. The intensity represents the radius of the interference area. It is interesting to note that two protocols react to the change of the intensity differently. AODV adapts quickly to the change of the intensity. Therefore, the protocol maintains its performance pretty well. In comparison, GPSR shows a rapid degradation of performance over the change of the intensity. It is because it needs to wait for a long time until the routing information is being updated. Fig.2 compares the changes of packet delay of those two routing protocols. Compared to the success ratio, the delay is not affected much by the change of the intensity. The second set of simulation results presents the effect of recurrence interval of radio jamming source. For the simulations, we used fixed values for the intensity and the speed; the intensity was set to 12 m and the speed was 4 m/sec and 2 m/sec. In Fig.3 and Fig.4, AODV 2 and GPSR 2 use the speed of 2 m/sec, and AODV 4 and GPSR 4 use the speed of 4 m/sec. The interval was varied between 50 and 90 seconds.

Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks

249

Success Rate

%

95

AODV 4 AODV 2 GPSR 4 GPSR 2

85

75 90

80

70

60

50

Interval

Fig. 3. Success Ratio versus Interval

Latency 0.1 0.08 0.06

AODV 4

0.04

AODV 2

0.02

GPSR 4 GPSR 2

0 90

80

70

60

50

Interval

Fig. 4. Delay versus Interval

Fig.3 compares the effect of the recurrence interval on the success ratio between two routing protocols: AODV and GPSR. The x-axis indicates the recurring interval. As described earlier, the recurrence interval indicates how quick the source returns back to the same location. In general, this parameter has a higher value as the size of WSN gets bigger on the assumption that a single radio jamming source was used. As shown in Fig.3, both AODV and GPSR have lower success ratio as the recurrence interval gets shorter. One difference is that GPSR has bigger performance degradation with the increase of the interval. Fig.4 compares the effect of the recurrence interval on the packet delay. The delay is gradually increased as the interval gets shorter. The third set of simulation results presents the effect of moving speed of radio jamming source. For the simulations, we used fixed values for the intensity and the interval; the intensity was set to 12 m and the interval was 50 and 70 seconds. In Fig.5 and Fig.6, AODV 50 and GPSR 50 use the interval of 50 seconds, and AODV 70 and GPSR 70 use the speed of 70 seconds. The speed was 8, 4, 2, and 1 m/sec. Fig.5 compares the effect of the speed on the success ratio. The x-axis indicates the moving speed of the mobility radio jamming source. As described earlier, the speed indicates how fast the jamming source moves around in the WSN. As shown in Fig.5,

250

C. Won, J.-H. Youn, and H. Ali

Success Rate

95 AODV 50 %

AODV 70 GPSR 50

85

GPSR 70

75 8

4

2

1

Speed

Fig. 5. Success Ratio versus Speed

Latency 0.1 0.09 0.08 0.07 0.06 0.05 0.04 0.03 0.02 0.01 0

AODV 50 AODV 70 GPSR 50 GPSR 70

8

4

2

1

Speed

Fig. 6. Delay versus Speed

both AODV and GPSR show steep degradation of success ratio as the speed is increased. Fig.6 presents the effect of the mobility of radio interference on the packet delay. The delay is increased rapidly as the radio jamming source moves faster.

5 Conclusions We used a simulation method to investigate the effect on mobile radio jamming on the performance of large-scale WSN. The behavioral characteristic of mobility radio jamming attack was modeled with three parameters: interference intensity, recurrence interval, and moving speed. Among the parameters, the speed has the most conspicuous effect on both success ratio and delay. As the speed changes from 8 m/sec to 1 m/sec, the success ratio drops by up to 10 %. On the other hand, the delay increases by up to 55 %.

Impact of High-Mobility Radio Jamming in Large-Scale Wireless Sensor Networks

251

References 1. Rahul C. Shah, Summit Roy, Sushant Jain, and Waylon Brunette, “Data MULEs: Modeling and Analysis of A Three-tier Architecture for Sparse Sensor Networks,” in Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications (SPNA), Anchorage, Alaska, May 2003. 2. Ember, “EM2420 2.4 GHz IEEE 802.15.4/ZigBee RF Transceiver,” available at http://www.ember.com/downloads/pdfs/EM2420datasheet.pdf. 3. Crossbow Technology Inc., “Avoiding RF Interference between WiFi and Zigbee,” available at http://www.xbow.com. 4. C.E. Perkins and E.M. Royer, “Ad-hoc On Demand Distance Vector Routing,” in Proceedings of the WMCSA’99, 1999. 5. Brad Karp and H.T. Kung, “GPSR: Greedy Perimeter Stateless Routing for Wireless Networks,” in Proceedings of the Mobicom, 2000. 6. Qing Fang, Jie Gao, and L.J. Guibas, “Locating and Bypassing Routing Holes in Sensor Networks,” in Proceedings of the Infocom, 2004. 7. T.Fuji and S.Nishioka, “Selective Handover for Traffic Balance in Mobile Radio Communications,” in Proceedings of the ICC, 1992. 8. Al R. Shah, Hossam Hmimy, and George Yost, “Models and Methodology of Coverage Verification in Cellular Systems,” in Proceedings of the IEEE Vehicular Technology Conference, 1998. 9. Liang Qin and Thomas Kunz, “Pro-active Route Maintenance in DSR,” ACM SIGMOBILE Mobile Computing and Communication Reviews, Vol 6, No 3, July 2002. 10. Anthony D. Wood and John A. Stankovic, “Denial of Service in Sensor Networks,” IEEE Computer, 35:48-56, Oct. 2002. 11. Anthony D. Wood, John A. Stankovic, and Sang H. Son, “JAM: A Jammed-Area Mapping Service for Sensor Networks,” in Proceedings of the 24th IEEE International Real Time Systems Symposium, 2003. 12. Nadeem Ahmed, et al., “The Holes Problem in Wireless Sensor Neworks: A Survey,” Technical Report, UNSW-CSE-TR-043, the University of South Wales, Sydney, Australia, 2004. 13. NS2 Simulator for 802.1.5.4, available at http://ees2cy.engr.ccny.cuny.edu/zheng/pub/file. 14. Crossbow Technology Inc., “MICAz Wireless Measurement System,” available at http://www.xbow.com/Products. 15. Steibeis-Transfer Centre, “Compatibility of IEEE802.15.4 (Zigbee) with IEEE802.11 (WLAN), Bluetooth, and Microwave Ovens in 2.4 GHz ISM-Band,” available at http://www.ba-loerrach.de. 16. I. Howit and Jose A. Gutierrez, “IEEE 802.15.4 Low Rate-Wireless Personal Area Network Coexistence,” Issues Wireless Communications and Networking, Vol.3, pp. 1481-1486, 2003. 17. I. Howitt, V. Mitter, and J. Gutierrez, “Empirical Study for IEEE 802.11 and Bluetooth Interoperability,” in Proceedings of the IEEE Vehicular Technology Conference, Spring 2001. 18. N. Golmie, “Bluetooth Dynamic Scheduling and Interference Mitigation,” ACM Mobile Networks, MONET Vol. 9, No. 1, 2004.

A Scalable and Untraceable Authentication Protocol for RFID Youngjoon Seo, Hyunrok Lee, and Kwangjo Kim International Research center for Information Security (IRIS) Information and Communications University (ICU) 103-6 Munji-dong, Yuseong-gu, Daejeon, 305-732, Korea {golbeat, tank, kkj}@icu.ac.kr

Abstract. RFID (Radio Frequency Identification) is recently becoming popular, promising and widespread. In contrast, RFID tags can bring about traceability that causes user privacy and reduces scalability of RFID. Guaranteeing untraceability and scalability at the same time is so critical in order to deploy RFID widely since user privacy should be guaranteed. A large number of RFID protocols were designed in the open literature, but any known protocols do not satisfy untraceability and scalability at the same time to the best of our knowledge. In this paper, we suggest a RFID authentication protocol that guarantees untraceability and scalability together; needless to say preventing several known attacks: replay, spoofing, desyncronization, and cloning by eavesdropping. Our protocol supports ownership transfer and considers multitag-reader environment; a reader receives messages from the tags what a reader wants in our protocol. In addition, we address the reason why the item privacy is important, and a way to keep it securely.

1

Introduction

RFID is recently becoming popular all over the world due to its convenience and economical efficiency; furthermore, RFID nowadays comes into the spotlight as a technology to substitute the bar code [10,11]. On the other hand, RFID is jeopardized from various attacks and problems as an obstacle of widespread RFID deployment: replay, spoofing, traceability, desyncronization, unscalability, and tag cloning. We focus ourselves on untraceability and scalability in this paper. To prevent attacker from tracing a tagged item is most important in RFID system since it infringes personal privacy. For example, Albrecht[18] who organized a Benetton boycott claimed RFID tags “spy chips” due to the traceability of tags. And moreover, tags with unique ID can be associated with a person’s identity. Garfinkel et al. discussed personal privacy threats in [13]. However, we have to keep the constant computational time in back-end server regardless of the number of tags when designing an untraceable protocol. In other words, there must be a trade-off between scalability and untraceability. If a response from a tag, as an example, does not include information about its ID, X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 252–261, 2006. c IFIP International Federation for Information Processing 2006 

A Scalable and Untraceable Authentication Protocol for RFID

253

which is dynamic or incomputable, these protocols are likely to be unscalable since readers are supposed to exhaustively search in database to find tag’s ID. If a response from a tag, on the contrary, includes information about its ID, which is static or computable, tagged items are likely to be traceable because an adversary also can find its ID as an authorized one does. The previous protocols[2,6,7,15,16] and hash lock scheme[14] are scalable, but traceable. Rhee et al.[5], Ohkubo et al.[9] and randomized hash lock[14] schemes are untraceable, but unscalable. Therefore, we try to design a scalable and untraceable protocol that any other literatures have not dealt with before. 1.1

Our Contribution

Our contribution in this work is twofold: firstly, we propose the reason why we write pseudo-EPC into tag’s memory not a code itself. Writing EPC itself into tag’s memory brings about infringing item privacy after an adversary eavesdrops EPC or tampering a tag. Shortly after an adversary finds out what EPC of the particular tag is, he/she can learn what kinds of items and whether tagged items are expensive or cheap. In other words, item privacy can be violated. It is clear that item privacy brings about user privacy and incentive to steal valuable items. On the other hand, writing pseudo-EPC into tag’s memory guarantees item privacy even after an adversary comprises tags. It doesn’t matter as long as back-end server converts pseudo-EPC into a valid EPC and points to a right entry for retrieving relevant product information. Secondly, our contribution is to design a scalable and untraceable protocol which is more secure than Dimitrious protocol[15](denoted by “TD”); we use only four hash operations while TD uses five and more hash operations. We make it using a shared secret k; when a reader sends a query, a shared secret k needs to be authenticated by a tag. This is totally different approach in comparison with the previous literatures. The only tags stored with the same secret k respond to reader’s query; a reader gets the message from particular tag what the reader wants. It reduces computational time in tags and back-end sever, especially in multi-tag-reader environment. 1.2

Notations

We use the notations for entities and operations as summarized in Table 1 throughout the paper. 1.3

Organization

The rest of the paper is organized as follows: In Section 2, we briefly introduce the previous work. In Section 3, we describe how to design a protocol that provides forward secrecy, untraceablility, scalability, synchronization, anti-spoofing, and anti-cloning. In Section 4, we propose our RFID authentication protocol which is a scalable and untraceable protocol based on hash function. In Section 5,

254

Y. Seo, H. Lee, and K. Kim Table 1. Notations R T Tk Tk B A h() IDi k TS T Slast t ⊕ M1 , M2 P IN l←r

RFID tag reader, or transceiver. RFID tag, or transponder. A set of T which has same secret k. A set of T which has secret k where k = k. A back-end Server. An adversary. One-way hash function. Pseudo-EPC of T at i-th query(i=0,1,· · ·). Shared secret key between R and Tk . Timestamp. last T S sent by an authorized R. Temporal storage. Exclusive-or (XOR) function. Concatenation of messages M1 and M2 . Access PIN written into a reserved T memory. Operator which updates l with r.

=

Verification operator to check whether the left hand side is same with the right hand side or not.

?

?

> m n γ β

Comparison operator to check whether the left hand side is greater than the right hand side or not. Number of read operations. Number of tags. Number of tags within an operating range. Number of tags that have same k within an operating range.

we describe the analysis of our protocol. We finally conclude our results in Section 6.

2

Previous Work

There have been many papers which are hash-based [2,4,3,5,7,9,14,15,17], pseudonym-based[1,12], zero knowledge-based[16] using PUF(Physical Unclonable Function), and tree-based protocol[8] using pseudonym generator that attempts to address the security concerns raised as using RFID tags, but it is believed that there is no perfect protocol that avoids all of the threats with reasonably low cost until now. Hash Lock Scheme[14](denoted by “HLS”) is based on one-way hash function; HLS is traceable. Randomized Hash Lock scheme[14](denoted by “RHLS”) is an extended version of HLS to remove traceability, but RHLS is unscalable. Henrici et al.[2], Lee et al.[7](denoted by “LACP”), and TD are scalable, but traceable during a valid session. Ohkubo et al. protocol[9](denoted by “OSK”) is untraceable, but unscalable. Wong et al.[6] and Tuyls et al. protocol[16] can be traceable; and also, pseudonym-based protocols[1,12] can be traceable after A collects all of the pseudonyms.

A Scalable and Untraceable Authentication Protocol for RFID

3

255

Security Requirements

When designing a RFID authentication protocol, the following properties should be guaranteed together as our goal: forward secrecy, untraceablility, scalability, synchronization, item privacy, anti-cloning and preventing spoofing. In each subsection, we suggest how to improve unsatisfying security requirements in the previous five protocols: HLS, RHLS, OSK, LACP, and TD. 3.1

Forward Secrecy

OSK and TD can guarantee forward secrecy. OSK and TD employ a hash function to update an identifier while HLS and RHLS do not refresh an identifier; that is, upon compromising an identifier, A learns all the previous transactions in HLS and RHLS. LACP uses XOR operation to update an identifier; consequently, LACP fails to guarantee forward secrecy. Hash function has a one-wayness property, while XOR operation does not. A can collect all pseudonyms from the response of tags in pseudonym-based protocol[1,12] which can not guarantee forward secrecy; more seriously, pseudonym-based protocol can not guarantee untraceablility. In order to design a protocol that guarantees forward secrecy, we have to use a hash function when updating secret keys as long as there is no alternative. When updating IDi , finding a lightweight function or scheme that guarantees forward secrecy is still an open problem. 3.2

Untraceability and Scalability

In Table 2, forward secrecy(FS ), untraceability(UNT ), and untraceability during a valid session(UNT-DVS ) are viewed as one categorization. FS and UNT-DVS are classified into UNT ; Guaranteeing UNT means satisfying FS and UNT-DVS. OSK is successful in designing UNT, but OSK causes the worst result in terms of scalability. The number of tags is going to increase sharply in the near future; furthermore, T recognition rate is not perfect so far, which increases the number of read operation; the complexity of OSK, O(2mn2 ), definitely suffers from too much in multi-tag-reader environments since all of the tags within the operating range of reader are supposed to respond a query. That’s why scalability also can not be overlooked. We introduce γ as the number of tags within an operating range since all tags, which are stored in B, are not likely to be within a range of R. After applying γ to complexity of OSK, it becomes O(2mnγ). In this paper, we define scalability as that the computational complexity is quite suitable for multi-tag-reader environment in the B. 3.3

Synchronization

HLS and RHLS don’t need to synchronize a shared key because the shared secret is fixed; however, TD, OSK and LACP have to synchronize secret information since they update key only by an authorized R. OSK can lose synchronization due to resilience. If desynchronization occurs, B can not recognize the T ; this T becomes useless in this case.

256

3.4

Y. Seo, H. Lee, and K. Kim

Spoofing and Cloning

HLS and RHLS send message in the clear; so, A can learn the shared secret keys by eavesdropping, and then can spoof R and T . In OSK, spoofing R is possible by replay attack. In LACP, A can spoof the T if R and T send message carelessly. Cloning is divided into two groups: by eavesdropping or by tampering. Cloning by eavesdropping has the same significance with spoofing the R in terms of security; preventing A from cloning by tampering is hard to prevent since A learns all information of storage. However, Tuyls et al. protocol[16] discussed how to prevent A from cloning by tampering using PUF(Physical Unclonable Function), but it’s too costful. 3.5

Item Privacy

Item privacy can be stated verbally as: active A can not find out the contents or price of a tagged item even though EPC is revealed. Violation of item privacy gives A the seduction to steal tagged items after A eavesdrops EPC; in other words, item privacy should be guaranteed although A knows what kind of product after tampering T . For example, A tampers tiny jewelry such that the general public can not tell genuine from imitation; in this case, A is difficult to decide to counterfeit or not if pseudo-EPC is used in RFID tag.

4

Our Protocol

In this section, we propose a scalable and untraceable RFID authentication protocol based on hash function. 4.1

Initialization

Any T has four non-volatile memories ID0 , k, access PIN and T Slast which are initialized into T ’s memory during manufacturing process; ID0 , pseudo-EPC, which is produced by hash function or the other encoding schemes, is written into T ’s memory; access PIN is written into T ’s reserved memory; k is written into T ’s memory; T Slast is set by 0 while initializing. T Slast is updated with T S sent by an authorized R to prevent replay attack after successful mutual authentication. R only has k which is stored during manufacturing process or ownership transfer. B keeps four fields: EPC, h(IDi ), IDi , and access PIN; IDi and access PIN are shared between T and B, while EPC and h(IDi ) are not. In our protocol, we assume that B can tell an authorized R from an unauthorized one; time clock which is built in R is tightly synchronized like the mobile phone in multi-tag-reader environment. 4.2

A Scalable and Untraceable Protocol

Our protocol is illustrated in Figure 1. TD does not guarantee UNT-DVS ; and so, we suggest a protocol which removes the weakness of TD. In addition, we propose how R communicates with T using timestamp to prevent replay attack without implementing time clock in T unlike TD.

A Scalable and Untraceable Authentication Protocol for RFID

Back-end Sever

257

Tag

Reader

k, IDi , P IN, T Slast

k 1. Get T S t ← h(k, T S)

t, T S ?

IF T S > T Slast THEN t ← h(k, T S) ? IF t(computed) = t(received) THEN NEXT 3. h(IDi ), T S  2. h(IDi )  Finds ID t ← h(IDi , P IN ) IDi+1 ← h(IDi , P IN, T S) 4. t -

5. t, T S ?

IF T S(sent) = T S(received) THEN t ← h(IDi , P IN ) ? IF t(computed) = t(received) THEN IDi+1 ← h(IDi , P IN, T S) T Slast ← T S



Secure Channel

-

Insecure Channel

-

Database Fields in Back-end Server ID P IN EPC code h(ID)

Fig. 1. Our Protocol

Operation 1. R gets T S from its timestamp information. R computes h(k, T S), and then transmits h(k, T S), T S to T . T compares T S and T Slast . If T S is greater than T Slast , then T generates h(k, T S) using T S and k. Otherwise, T considers it as an unauthorized request. If the value received is the same as the value computed, they authenticate the R as an authorized one. The step 1 is quite different from the other protocols: the other protocols authenticate R at the last steps(4 - 5) while our protocol authenticates R at the step 1. In other words, Tk responds to R while Tk does not respond.

258

Y. Seo, H. Lee, and K. Kim Table 2. Comparison with others Protocol

HLS [14] Forward Secrecy × Untraceability during × a valid session Untraceability × Scalability O(1) Scalability in multi- O(γ) tag-reader environment Hash operations 0 Prevent spoofing R × Prevent spoofing T × Synchronization NA

RHLS OSK [9] TD [14] [15] ×     ×

LACP Our Protocol [7] ×  × ∗

    O(n) O(2mn) O(1) O(1) O(1) O(nγ) O(2mnγ) O(γ) O(γ) O(β)

1 × × NA

2  × 

5+α   

2  × 

4   

Notations  ×

satisfied not satisfied

 ∗ 

partially satisfied if k is revealed, ×. Otherwise,  if k is revealed, . Otherwise, 

2. T sends h(IDi ) to the R, which reduces time complexity to O(β) in multitag-reader environment because all of the tags respond to R’s query in the previous protocols at all time while only Tk responds in our protocol. 3. R forwards h(IDi ) and T S to B. B finds IDi ; B computes h(IDi , P IN ) using IDi and P IN ; B updates IDi to IDi+1 where IDi+1 = h(IDi , P IN, T S). Otherwise, B stops the procedure. 4. B sends h(IDi , P IN ) to the R. 5. R forwards h(IDi , P IN ) and T S to T . T compares received and sent T S. If two values equal, T also computes h(IDi , P IN ) and compare the received and computed values. If all comparisons are successful, T updates IDi to IDi+1 like B does; T also updates T Slast . Otherwise, T stops the procedure. The main difference between the previous protocols and ours is that T authenticates the R two times at the steps 1 and 5 while the R authenticates T just one time in the previous protocols. Our main idea is to use a shared secret key k; k is written as a new value when enrolling tags in the system or doing ownership transfer while IDi is updated as IDi+1 when a successful mutual authentication happens with only an authorized R.

5

Security and Performance Analysis

In this section, we analyze security of our protocol against all aspects in Table 2. – Synchronization. Simplified TD protocol happens to desyncronization problem. TD protects desyncronization between B and tags at the last step

A Scalable and Untraceable Authentication Protocol for RFID











– –





259

in enhanced TD protocol. We, however, don’t need the last step to avoid desyncronization since our protocol emits a query with shared secret k which is used to authenticate R. On the other hand, Although the memory channel is read by A once; we guarantees synchronization between tags and B even though A knows k and h(IDi ). The reason why we should use T S is discussed in [15]. Forward Secrecy. Our protocol updates IDi to IDi+1 using a one-way function h() like OSK and TD. As long as there is no alternative, we have to use one-way function to guarantee forward secrecy. Untraceability during a valid session. Tags authenticate the R after receiving the first message, and then tags respond to only an authorized R’s query. Therefore, tags do not respond to R with different k. As a result, tags are untraceable during a valid session since A doesn’t impersonate even in the step 1. Untraceability. Tags authenticate the R after receiving the first message; R authenticates the tags after receiving the second message. In each step, tags and R authenticate counterpart to remove traceability. In addition, although A knows k, A can not trace a particular tag since tag responses to query is always different at the valid session. Scalability. This is most big contribution in our work. B has time complexity O(β) to find a tag in multi-tag-reader environment. This result is the best complexity in comparison with the previous protocols. Time complexity of each protocol changes in multi-tag-reader environment(See Table 2); from O(1) to O(γ) in most cases, from O(1) to O(β) in ours where β < γ < n. Spoofing the tag. As long as A doesn’t know the value of k, A can not spoof the tags in our protocol. If A tampers with a tag, then A can spoof the tags at the step 1. However, B finds out that A is not an authorized R in the end. There is no way to spoof the a tag unless A knows k and IDi . Spoofing the reader. As long as A doesn’t know the IDi , A can not spoof the R since tag response to R’s query is different at all time. Item Privacy. The party who has EPC is only B in our protocol; that is, we guarantee item privacy as long as B is not compromised. The other previous protocols are also possible to guarantee item privacy if HLS, RHLS, OSK, TD, and LACP assume that those satisfy three conditions: only B has EPC, T doesn’t have EPC, ID is not a EPC itself. Performance Analysis. Our protocol is more secure than TD in terms of traceability aspects even though ours reduces hash operations five and more to four. In our protocol, tag needs four hash operations to take care of communicating with R with quite good security performance. Under the assumption that tags can not be tampered, we don’t need to send last message. Ownership Transfer. We supports ownership transfer using k. As far as we know, ownership transfer issue is dealt with only in [8] so far. For example, Alice has R that has k which is also stored in tagged items of Alice. When Alice gets some tagged item from Bob, Alice can write her own k which is changeable into tagged item received from Bob.

260

6

Y. Seo, H. Lee, and K. Kim

Concluding Remarks

We deal with what item privacy is, why item privacy is important and how the way guaranteeing item privacy can be applied to our protocol. There is a trade-off between scalability and untraceablility in RFID authentication protocol; therefore, many literatures did not suggest a protocol which guarantees scalability and untraceability together. However, in this paper, we propose a scalable and untraceable protocol. In addition, R gets response from tags what R wants. As future work, we will propose scalable and untraceable RFID authentication protocol with specific ownership transfer.

References 1. Ari Juels, “Minimalist Cryptography for Low-cost RFID Tags”, In C. Blundo and S. Cimato, editors, The Fourth International Conference on Security in Communication Networks – SCN 2004, LNCS 3352, pp.149-164, Sep. 2004, Springer-Verlag, Amalfi, Italia. 2. Dirk Henrici and Paul M¨ uller, “Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers”, International Workshop on Pervasive Computing and Communication Security – PerSec 2004, pp.149-153, Mar. 2004, IEEE Computer Society, Orlando, Florida, USA. 3. Gene Tsudik, “YA-TRAP: Yet Another Trivial RFID Authentication Protocol”, International Conference on Pervasive Computing and Communications – PerCom 2006, Mar. 2006, IEEE Computer Society Press, Pisa, Italy. To appear. 4. Gildas Avoine and Philippe Oechslin. “A Scalable and Provably Secure Hash based RFID Protocol”, In International Workshop on Pervasive Computing and Communication Security – PerSec 2005, pp.110-114, Mar. 2005, IEEE Computer Society Press, Kauai Island, Hawaii, USA. 5. Keunwoo Rhee, Jin Kwak, Seungjoo Kim and Dongho Won, “Challenge-Response based RFID Authentication Protocol for Distributed Database Environment”, International Conference on Security in Pervasive Computing – SPC 2005, LNCS 3450, pp.70-84, Apr. 2005, Springer-Verlag, Boppard, Germany. 6. Kirk Wong, Patrick Hui and Allan Chan, “Cryptography and Authentication on RFID Passive Tags for Apparel Products”, Computers in Industry, Nov. 2006, Elsevier Science, Article In press. 7. Su-Mi Lee, Young Ju Hwang, Dong Hoon Lee and Jong In Lim, “Efficient Authentication for Low-Cost RFID Systems”, International Conference on Computational Science and its Applications - ICCSA 2005, LNCS 3480, pp.619-627, May 2005, Springer-Verlag, Singapore. 8. David Molnar, Andrea Soppera and David Wagner, “A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags”, Selected Areas in Cryptography – SAC 2005, LNCS 3897, pp.276-290, Aug. 2005, Springer-Verlag, Kingston, Canada. 9. Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita, “Cryptographic Approach to Privacy-friendly Tags”, In RFID Privacy Workshop, 2003, MIT, USA. 10. “Navigating the New Era of RFID”, Article in EPCglobal Canada Inc. 11. Nigel Wood, “Global Supply Chain GTIN & RFID Standards II”, EPC Global Standards Development, EPCglobal Canada, October 14, 2004.

A Scalable and Untraceable Authentication Protocol for RFID

261

12. Philippe Golle, Markus Jakobsson, Ari Juels and Paul Syverson. “Universal Reencryption for Mixnets”, The Cryptographers’ Track at the RSA Conference – CTRSA, LNCS 2964, pp.163-178, Feb. 2004, Springer- Verlag, San Francisco, California, USA. 13. Simson L. Garfinkel, Ari Juels and Ravi Pappu, “RFID Privacy: An Overview of Problems and Proposed Solutions”, IEEE SECURITY and Privacy, pp.34-43, May-Jun. 2005. 14. Stephen Weis, Sanjay Sarma, Ronald Rivest and Daniel Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems”, Conference on Security in Pervasive Computing – SPC 2003, LNCS 2802, pp.454-469, Mar. 2003, Springer-Verlag, Boppard, Germany. 15. Tassos Dimitriou, “A Lightweight RFID Protocol to protect against Traceability and Cloning attacks”, Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm’05, pp.59-66, Sep. 2005, Athens, Greece. 16. Pim Tuyls and Lejla Batina, Lejla, “RFID-Tags for Anti-Counterfeiting”, Topics in Cryptology – CT-RSA 2006, LNCS 3860, pp.115-131, Feb. 2006, Springer-Verlag, San Jose, CA, USA. 17. Jeongkyu Yang, Jaemin Park, Hyunrok Lee, Kui Ren and Kwangjo Kim, “Mutual Authentication Protocol for Low-cost RFID”, Ecrypt Workshop on RFID and Lightweight Crypto, pp.17-24, Jul. 2005, Graz, Austria. 18. http://www.spychips.com/what-is-rfid.html.

Vulnerability of an RFID Authentication Protocol Proposed in at SecUbiq 2005 Daesung Kwon, Daewan Han, Jooyoung Lee, and Yongjin Yeom National Security Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon 305-350, Korea {ds kwon, dwh, jlee05, yjyeom}@etri.re.kr

Abstract. In this paper, we analyze the security of the RFID authentication protocol proposed by Choi et al. at SecUbiq 2005. They claimed that their protocol is secure against all possible threats considered in RFID systems. However, we show that the protocol is vulnerable to an impersonation attack. Moreover, an attacker is able to trace a tag by querying it twice, given the initial information from 2log2 (+1) + 1(≈

+ 2) consecutive sessions and 2 · 2log2 (+1) (≈ 2( + 1)) consecutive queries, where is the length of secret values (in binary).

1

Introduction

Recently a Radio-Frequency IDentification(RFID) system attracts much attention in various industries. Regarded as one of the leading technologies realizing so-called ubiquitous(or pervasive) computing societies, RFID is replacing the current bar-code system. An RFID system consists of three components; tag, reader and back-end database(BED). Since the communications between a tag and a reader are executed on public RF channels, the system faces many problems in security and privacy. However, traditional cryptographic techniques are not suitable for RFID systems since tags are much constrained in terms of computational power and memory. The constraints make it a challenging problem to design RFID protocols which are both secure and efficient. We refer to [11] for security and constraint issues in RFID systems. Initially, physical protections such as blocker tags[7], active jamming and Faraday cages are suggested. Since those methods have limits for broad usage, cryptographic solutions have been studied. Certain cryptographic or arithmetic primitives are proposed to use for RFID protocols, while the majority of them are still based on secure hash functions[2,4,5,8,9,10]. Refer to [1,6] for detailed surveys of this approach. In SecUbiq 2005 Choi et al. proposed another hash-based RFID authentication protocol[3], named OHLAP protocol. OHLAP seems to be an improved version of the protocol suggested in [8]. The authors emphasize that OHLAP is more suitable to ubiquitous computing environment than the protocol in [8] since OHLAP uses static IDs. They also claim that OHLAP is more efficient than X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 262–270, 2006. c IFIP International Federation for Information Processing 2006 

Vulnerability of an RFID Authentication Protocol

263

those in [10] and [8] in terms of tag’s computation cost and security against various attacks. However, in this paper, we show that OHLAP protocol is not secure practically. First, we show that an attacker can easily impersonate a tag by eavesdropping only one session. We also show that one can recover two candidates for ID by eavesdropping consecutive 2 log2 (+1) + 1 sessions and by sending consecutive queries less than or equal to 2 · 2 log2 (+1) , where is the length of secret values. (Two phases - eavesdropping and querying - are not necessarily consecutive.) Once a tag’s ID is revealed, then any other tag’s ID in the same group can be easily computed just by eavesdropping a session and sending two consecutive queries. In particular, if a tag’s ID is known, then one can trace a tag by two consecutive queries. The paper is organized as follows. In Section 2, we briefly describe OHLAP protocol. We discuss the vulnerability of OHLAP in Section 3. In Appendix, we present the proofs for the lemmas used in Section 3.

2 2.1

OHLAP Protocol System Set-Up

In the set-up phase, a tag and a back-end database(BED) store certain secret values. Data fields of a tag and a reader are initialized to the following values: 1. BED: First, BED divides identities of tags into several groups. Each group is associated with a group index GI. Data fields of a BED are initialized to -bit strings GI, ID, K, S and DATA where GI is a group index of tags, ID is a string used for identifying, K is a secret value which is stored in all tags, S is a tag’s secret value and DATA is a storage of an accessible information about each tag. BED needs a one-way hash function H : {0, 1}∗ → {0, 1} to execute hash operations. 2. Reader: A reader picks uniformly random value r ∈ {0, 1}. A reader does not need to execute any operation. It merely forwards a tag(BED)’s message to a BED(tag). 3. Tag: A tag stores its own ID, GI, K, S and a counter c. The counter c is initialized by an arbitrary value, which is -bit string. Whenever a tag receives a query from a nearby reader, the tag increase c by 1. To execute hash operations, the tag needs a one-way hash function H. 2.2

Authentication Process

When a reader queries to a tag, the tag and the reader authenticate each other as shown in Fig. 1. Step 1. A reader picks a random value r, and sends Query and r to a tag. Step 2. If r is all zero, the tag sends “stop” message to the reader and halts the protocol. Otherwise, it performs processes as follows:

264

D. Kwon et al.

1. The tag computes A1 = K ⊕ c, A2 = ID + (GIi ⊕ r ⊕ c) mod (2l − 1). using r,c and its own ID,GIi and K. 2. Also, the tag computes B = H(ID (S ⊕ GIi ) (r ⊕ c)), and sends A1 , A2 and BR to the reader, where BR is a right half of B. 3. Then the tag increase the counter c which should not exceed 2 − 1. If the counter c exceeds 2 − 1, it is initialized by initial c. Step 3. Upon receiving A1 , A2 and BR from the tag, 1. The reader forwards A1 , A2 , BR and r to the BED. 2. The BED computes c = A1 ⊕K and IDj = A2 −(GIj ⊕r⊕c ) mod (2 −1) using all group indices GIj . 3. The BED checks if one of computed (IDj , GIj ) is matching to one of the stored (ID, GI)s. If this succeeds, the BED computes H(ID (S ⊕ GIi ) (r ⊕ c)). Otherwise, the BED halts this process. 4. Then, the BED authenticates the tag by checking if the right half of H(ID (S ⊕ GIi ) (r ⊕ c)) is equal to the received value BR . 5. The BED sends BL to the reader, where BL is a left half of B. The reader forwards BL to the tag. Step 4. The tag authenticates the reader by checking if the received value BL is equal to the left half of B of step 2.

BED K

k

GI

Reader

ID

S

id1

s1

g1

:

idn

sn

g2

idn’

Sn’

A1, A2, BR, r B = H(ID||(S∆GIi)||(r∆c)) B = BL||BR

BL

Query, r

A1, A2, BR

Tag: ID, GIi, c, K, S A1 = K ∆ c A2 = ID + (GIi ∆ r ∆ c) mod 2l -1 B = H(ID||(S∆GIi)||(r∆c)) B = BL||BR

BL

Fig. 1. Authentication process in OHLAP Protocol

3

Vulnerability of OHLAP Protocol

We now discuss the vulnerability of the OHLAP protocol. For convenience, we introduce the following notations for -bit number A. (i + 1)-th bit of A = A−1 A−2 · · · A1 A0 . Ai Ai1 ,i2 ,··· ,ik Ai1 Ai2 · · · Aik A≥i0 (A≤i0 ) A−1 · · · Ai0 (Ai0 · · · A0 )

Vulnerability of an RFID Authentication Protocol

3.1

265

Impersonation

In this subsection, we give a simple attack of spoofing a reader. By eavesdropping a session between a tag and a reader, an attacker can generate valid responses of the tag for any query from a reader. Let ID, GI, S be the secret information of a tag. By eavesdropping a session, an attacker obtains the following: – r: query from a reader. – A1 (= K ⊕ c), A2 (= ID + (GI ⊕ r ⊕ c) mod 2 − 1), BR : response from a tag where K is a common secret key in valid tags, c is a counter and BR is a right half of H(ID (S ⊕ GI) (r ⊕ c)). – BL : response from a reader which is a left half of H(ID (S ⊕ GI) (r ⊕ c)). ˜1 , A ˜2 , B ˜R ) of the tag to a Now the attacker can generate a valid response (A random query r ˜ from a reader as follows: ˜1 = A1 ⊕ r ⊕ r ˜, A

˜2 = A2 , A

˜R = BR B

˜1 , A ˜2 , B ˜R ), BED will validate the information as follows: After receiving (A ˜1 , BED obtain the counter c by xoring K: 1. From A 1

˜ = K ⊕ A1 ⊕ r ⊕  r c = K ⊕ A = c⊕r⊕ r 2. BED recovers the same ID and B since ˜ − (GI ⊕ r ID = A ˜ ⊕ c ) = A2 − (GI ⊕ r ˜⊕c⊕r⊕r ˜) = A2 − (GI ⊕ r ⊕ c) = ID 2

˜ = H(ID (S ⊕ GI) (˜ r ⊕ c )) = H(ID (S ⊕ GI) (r ⊕ c)) B ˜), = B(= B BED would accept BR as a valid value. ˜2 , B ˜R from an attacker as gener˜1 , A Therefore, BED would regard the values A ated by the valid tag. 3.2

Recovering a Tag’s ID

In this subsection, we present the method of recovering two candidates for a tag’s ID by eavesdropping consecutive 2 log2 (+1) + 1 sessions and by sending the tag consecutive (well-chosen) queries less than or equal to 2 · 2 log2 (+1) + 1. This attack is based on the following three lemmas. The first lemma shows that if we know (A ⊕ B) for 2n consecutive B, we get the less significant n bits of unknown A and B.

266

D. Kwon et al.

Lemma 1. Let x and y be bit unknown values. If we know x ⊕ y,

x ⊕ (y + 2i ),

for i = 0, · · · , n − 1 where n < − 1, then we can recover less significant n bits of x and y. Proof. By bitwise xoring x ⊕ y and x ⊕ (y + 2i ), we get z(i) = y ⊕ (y + 2i ) for i = 0, · · · , n − 1. Then, z(i)i+1 is given by z(i)i+1 = yi+1 ⊕ (y + 2i )i+1 = (yi+1 ) ⊕ (yi+1 ⊕ yi ) = yi for i = 0, · · · , n − 1. Therefore, we can recover y≤n−1 and x≤n−1 . This lemma will be used to learn the less significant n bits of K, c from A1 s in 2n consecutive sessions. The following two lemmas play a key role in recovering ID from A2 s. Lemma 2. Given x+y

mod 2 − 1,

x + (y ⊕ 1) mod 2 − 1

for (> 2)-bit unknown values x, y, we can obtain two candidates for (x0 , y0 ), a pair of LSB’s of (x, y). On the contrary to LSB of x, xi (i > 0) are determined uniquely by (x0 , y0 ) and x≤i−1 . Lemma 3. Given x+y

mod 2 − 1,

x + (y ⊕ 2i ) mod 2 − 1

for (> 2)-bit unknown values x, y such that x≤i−1 = 0 (0 < i < − 1) and y0 = 0, we can obtain xi . The proofs of Lemma 2 and Lemma 3 are given in Appendix. By combining Lemma 2 and Lemma 3, we get the following theorem which is directly applicable to recovering tag’s ID. Theorem 1. Given x+y

mod 2 − 1,

 x + y ⊕ (⊕ij=0 2j )

mod 2 − 1, i = 0, ..., − 1

for (> 2)-bit unknown values x, y, we can obtain two candidates for x. Proof. By Lemma 2, we can recover two candidates for (x0 , y0 ). Inductively, we assume that two candidates for (x≤i−1 , y0 ). Let  i x = x − x≤i−1 , y = y ⊕ (⊕i−1 j=1 2 ) − y0 .

Vulnerability of an RFID Authentication Protocol

267

Since x≤i−1 = 0, y0 = 0 and  i  x + y = x + y ⊕ (⊕i−1 j=0 2 ) − x≤i−1 − (y0 ⊕ 1) mod 2 − 1  x + (y ⊕ 2i ) = x + y ⊕ (⊕ij=0 2i ) − x≤i−1 − (y0 ⊕ 1) mod 2 − 1 are known, x , y satisfy the condition of Lemma 3. Hence we get xi which is equal to xi for each candidates. This finishes the proof. Now, we describe the algorithm to find two candidates for the ID of a tag. Let n = log2 ( + 1). We denote c0 the initial counter and cp , cp the counters of the tag before Step 1, Step 2 respectively. We assume that cp , cp are less than 2 − 2n − 2 and 2 − 2n+1 − 2 respectively. Since the probability that cp , cp don’t satisfy the assumption is very low, we will not consider those cases. Step 1. Recover less significant n bits of K and c. – By eavesdropping consecutive (2n + 1) sessions, we could get A1 = K ⊕ (cp + i),

i = 0, ..., 2n .

– By Lemma 1, we can extract less significant n bits of K and cp . Step 2. Set the less significant n bits of the counter c to 0. – Since the less significant n bits of K are recovered, we can obtain the less significant n bits of the counter, say cp , when we want. – By sending Queries and non-zero random values to the tag, we can set the less significant n bits of the counter to 0 and denote the counter by c ¯. – Since we assumed that cp < 2 − 2n+1 − 2, then the number of queries is at most 2n . Step 3. Recover two candidates for ID. – Knowing that the less significant n bits of counter are 0, we send Queries and non-zero values r(i) = i ⊕ (⊕ij=0 2j ), (i = 0, · · · , − 1) and r( ) = to the tag consecutively. Then, corresponding A1 (i)’s from the tag are given as follows: c + i) ⊕ i ⊕ (⊕ij=0 2j ) mod 2 − 1 A1 (i) = ID + GI ⊕ (¯ = ID + GI ⊕ c ¯ ⊕ i ⊕ i ⊕ (⊕ij=0 2j ) mod 2 − 1 = ID + C ⊕ (⊕ij=0 2j ) mod 2 − 1 for 0 ≤ i ≤ − 1, and c + ) ⊕ mod 2 − 1 A1 ( ) = ID + GI ⊕ (¯ = ID + C

mod 2 − 1.

– By applying Theorem 1, we obtain two candidates for ID. In summary, the recovery attack consists of two phases: eavesdropping consecutive ( + 2) sessions and sending consecutive queries at most 2( + 1) times. As a result, the attacker can obtain two candidates for ID.

268

3.3

D. Kwon et al.

Tracing

Since the information obtained by eavesdropping consecutive ( + 2) sessions can be applied to tags anytime, we can trace tags by sending consecutive queries 2( +1) times whenever necessary. In this subsection, we present another property that allows an attacker to trace tags more easily. Theorem 2. If a tag’s ID is compromised, then the IDs of tags having the same group index GI can be revealed by two consecutive queries. Proof. We assume that we have ID(0) of a tag and the information of a session between the tag and a reader except for counter, group identity and secret key. In other words, we have following information of the tag. – ID(0)  – r(0), A1 (0) = K ⊕ c(0), A2 (0) = ID(0) + GI ⊕ r(0) ⊕ c(0) – GI ⊕ c(0). Let ID(i) be the identity of another tag, say tagi , having the same group identity. Then we can get ID(i) by two consecutive queries. In the first session, we send a Query and nonzero value r to tagi . Then we get the information – A1 (i) = K ⊕ c(i). In the next session, we send a Query and A(0)1 ⊕ A1 (i) = c(0) ⊕ c(i) to the tag. Then the tag responds with 

– A1 (i) = K ⊕ (c(i) + 1)  – A2 (i) = ID(i) + GI ⊕ c(0) ⊕ c(i) ⊕ (c(i) + 1) mod 2 − 1. The identifier ID(i) of tagi can be extracted as follows:    ID(i) = A2 (i) − GI ⊕ c(0) ⊕ A1 (i) ⊕ A1 (i) mod 2 − 1 

where GI ⊕ c(0) and A1 (i) ⊕ A1 (i) are known values. As a special case of Theorem 2, by two consecutive queries, we can determine whether there is a tag with a specified ID. It means that tags in OHLAP protocol are traceable in practical sense.

4

Conclusion

We have shown that the RFID authentication protocol[3] proposed at SecUbiq 2005 is vulnerable to impersonation attack and tracing. First, an attacker can easily impersonate a tag by eavesdropping one session. Second, an attacker can trace a tag by sending two consecutive queries, once he keeps initial information from (at most) 2( + 1) consecutive queries. Third, if a tag’s ID is revealed, then any other tag’s ID in the same group can be easily computed just by

Vulnerability of an RFID Authentication Protocol

269

eavesdropping a session and sending two consecutive queries. In particular, if a tag’s ID is known, then one can trace a tag by two consecutive queries. Impersonation and tracing are due to the method of using a counter and random values in computing authentication values. Easy traceability is due to usage of GI, which is one of the main characteristics for the protocol. Our work shows that efficient design might result in a serious weakness in security and privacy.

References 1. G. Avoine, Cryptography in Radio Frequency Identification and Fair Exchange Protocols, PhD thesis, EPFL, Lausanne, Switzerland, December 2005. 2. G. Avoine, P. Oechslin, A scalable and provably secure hash based RFID protocol, Workshop on Pervasive Computing and Communication Security(PerSec) 2005, March 2005. 3. E.Y. Choi, S.M. Lee and D.H. Lee, Efficient RFID Authentication Protocol for Ubiquitous Computing Environment, SecUbiq 2005, LNCS 3823, 945-954, Dec. 2005. 4. T. Dimitriou, A lightweight RFID protocol to protect against traceability and cloning attacks, Conference on Security and Privacy for Emerging Areas in Communication Networks(SecureComm) 2005, September 2005. 5. D. Henrici and P. M¨ uller, Hash-based enhancement of location privacy for radiofrequency identification devices using varying identifiers, Workshop on Pervasive Computing and Communication Security(PerSec) 2004, March 2004. 6. A. Juels, RFID Security and Privacy: A Research Survey, To be appeared in IEEE Journal on Selected Areas in Communications, 2006. 7. A. Juels, R. Rivest and M. Szydlo, The blocker tag: Selective blocking of RFID tags for consumer privacy, Conference on Computer and Communications Security - CCS’03, p 103-111 ACM Press, October 2003. 8. S.M. Lee, Y,J. Hwang, D.H. Lee and J.I. Lim, Efficient Authenticaiton for LowCost RFID Systems, International Conference on Computational Science and Its Applications(ICCSA) 2005, May 2005. 9. M. Ohkubo, K. Suzuki and S. Kinoshita, Efficient hash-chain based RFID privacy protection scheme, International Conference on Ubiquitous Computing - Ubicomp, Workshop Privacy: Current Status and Future Directions, September 2004. 10. K. Rhee, J. Kwak, S. Kim and D. Won, Challenge-response based RFID authentication protocol for distributed database environment, International Conference on Security in Pervasive Computing(SPC) 2005, April 2005. 11. S. Weis, Security and privacy in radio-fequency identification devices, Master thesis, Massachusetts Institute of Technology(MIT), Massachusetts, USA, May 2003.

Appendix: Proofs of Lemmas in Section 3.2 We prove Lemma 2 and Lemma 3 in Section 3.2. Proof of Lemma 2. First, we consider following two cases, which can be discriminated by the values of x + y(mod 2 − 1) and x + (y ⊕ 1)(mod 2 − 1).

270

D. Kwon et al.

Case 1. x + y = 0(mod 2 − 1) and x + (y ⊕ 1) = 1(mod 2 − 1). Case 2. x + y = 1(mod 2 − 1) and x + (y ⊕ 1) = 0(mod 2 − 1). In Case 1, x + y could be 0, 2 − 1 modulo 2 . Depending on x + y(mod 2 ), x0 , y0 is determined as follows:

(0, 0) if x + y = 0 mod 2 , (x0 , y0 ) = (1, 0) if x + y = 2 − 1 mod 2 . In Case 2, by setting y = y ⊕ 1, we can apply the above argument. Therefore, both in Case 1 and Case 2, we can obtain two candidates for a pair (x0 , y0 ). Now, we consider Case 3 which is neither Case 1 nor Case 2. This case can be subdivided to two following cases again. Case 3-1. x + y < 2 and x + (y ⊕ 1) < 2 , Case 3-2. x + y ≥ 2 and x + (y ⊕ 1) ≥ 2 . Note that the case that x + y < 2 and x + (y ⊕ 1) ≥ 2 are contained in Case 1 and the case that x + y ≥ 2 and x + (y ⊕ 1) < 2 are contained in Case 2. In the two subcases of Case 3, less significant two bits of x + y(mod 2 − 1), x + (y ⊕ 1)(mod 2 − 1) are given as follows:

in Case 3-1, (x + y)1,0  (x + y mod 2 − 1)1,0 = (x + y + 1)1,0 in Case 3-2,

(x + (y ⊕ 1))1,0 in Case 3-1, (x + (y ⊕ 1) mod 2 − 1)1,0 = (x + (y ⊕ 1) + 1)1,0 in Case 3-2. Let z = (x + y) ⊕ (x + (y ⊕ 1))(mod 2 − 1). Then z1 is calculated as follows.

x0 in Case 3-1, z1 = x0 ⊕ 1 in Case 3-2. Therefore, in Case 3, (x0 , y0 ) is given by

(z1 , z1 ⊕ (x + y mod 2 − 1)0 ) (x0 , y0 ) = (z1 ⊕ 1, z1 ⊕ (x + y mod 2 − 1)0 )

in Case 3-1, in Case 3-2.

This implies that in Case 3, we can also obtain two candidates for (x0 , y0 ). Proof of Lemma 3. Since x0 = y0 = 0, (x + y(mod 2 − 1))j mod  = (x + y)j (x + (y ⊕ 2i )(mod 2 − 1))j mod  = (x + (y ⊕ 2i ))j hold irrespective of the carries for 0 < i < , 0 < j ≤ . Let z = (x + y) ⊕ (x + (y ⊕ 2i )). Since x≤i−1 = 0, zi+1 , (i + 2)-th bit of z, is equal to (i + 1)-th bit of x, because zi+1 = (xi+1 ⊕ yi+1 ⊕ xi yi ) ⊕ (xi+1 ⊕ yi+1 ⊕ xi (yi ⊕ 1)) = xi . This finishes the proof.

Reliable Broadcast Message Authentication in Wireless Sensor Networks Taketsugu Yao, Shigeru Fukunaga, and Toshihisa Nakai Ubiquitous System Laboratories, Corporate Research & Development Center, Oki Electric Industry Co., Ltd., 2-5-7 Honmachi, Chuo-ku, Osaka, Japan {yao282, fukunaga444, nakai365}@oki.com

Abstract. Due to the low-cost nature of sensor network nodes, we cannot generally assume the availability of a high-performance CPU and tamperresistant hardware. Firstly, we propose a reliable broadcast message authentication working under the above-mentioned circumstances. The proposed scheme, although based on symmetric cryptographic primitives, is secure against anyone who knew the message authentication key as well as the malicious router nodes in multi-hop networks. The proposed scheme consists of three steps; (i) reliable broadcast of a message, (ii) legitimate acknowledgments from all the nodes in the network, and (iii) disclosure of the message authentication key. Secondly, we propose a way to reduce the amount of the stored information until the disclosure of the key, in which the server transmits the message integrity code of a message before transmitting the message. Finally, we consider the characteristic and the security issues of the proposed schemes. Keywords: Sensor Networks, Software Update, Message Authentication, Oneway Key Chain, Secure Acknowledgment, Symmetric-key.

1 Introduction Recently, sensor networks are proposed for a wide variety of applications, such as home and building automation systems, industrial plant management systems, and environmental monitoring systems. We suppose that the sensor network system consists of a large number of resource-constrained sensor nodes and the server which manages and controls the system. In this system, the server and all nodes transmit and receive data using wireless multi-hop networks. Our target is updating software on sensor nodes over wireless networks. As mentioned above, there are a large number of sensor nodes in sensor networks. If we find software bugs on sensor nodes or try to add new functions to them, it takes lots of works to pick up all nodes and update the software in nodes. Updating software on nodes over wireless networks, therefore, is effective in the remote maintenance of the sensor networks, such that the server transmits update data to nodes, and nodes update their software by themselves. Security is one of the essential issues in updating software on sensor nodes. We suppose that software update should satisfy the following two requirements. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 271 – 280, 2006. © IFIP International Federation for Information Processing 2006

272

T. Yao, S. Fukunaga, and T. Nakai

(i) Each node authenticates received data as one signed by the certified server. (ii) The server receives acknowledgements that all nodes are sure to receive the correct update data. Related works are TESLA: [1],[2],[3],etc, and Merkle hash tree: [4],[5],etc. TESLA offers sender authentication at the cost of loose initial time synchronization and slightly delayed authentication. Merkle hash tree is a tree-chaining techniques for signing/verifying multiple packets using a single signing/verification. In this paper, we propose a message authentication scheme that satisfies the above two requirements in multi-hop tree networks. Our scheme needs no time synchronization between the sender and the receivers. Instead, the key disclosure appeared in TESLA relies on the reception (by the sender) of secure acknowledgements from the receivers. Here, we use a Merkle hash tree-like technique in a secure acknowledgement scheme. The rest of this paper is organized as follows. In section 2, we explain the constraints of sensor nodes on hardware and the desired message authentication for sensor networks. In section 3, we introduce the message authentication using a oneway key chain construction. In section 4, we propose a reliable broadcast message authentication which is characterized by the secure acknowledgments of broadcast data. In section 5, we consider the characteristics of the proposed schemes and also describe the security issues. Finally, we conclude this paper in section 6.

2 Constraints and Desired Message Authentication for Sensor Networks Due to the low-cost nature of sensor network nodes, we cannot generally assume the availability of a high-performance CPU and tamper-resistant memory. We desire a

Fig. 1. Message authentication using a one-way key chain

Reliable Broadcast Message Authentication in Wireless Sensor Networks

273

broadcast message authentication for sensor networks, such that nodes can authenticate the messages without secret information which is characterized in asymmetric-key-based schemes, as well as nodes can authenticate the messages with less computational power like symmetric-key-based schemes. A broadcast message authentication based on symmetric-key cryptographic primitives is generally implemented by generating/verifying the message integrity code (MIC), which is also called the message authentication code (MAC), using the message authentication key shared among the server and all the other nodes. On the other hand, a broadcast message authentication based on asymmetric-key cryptographic primitives has the advantage that there is no necessity for nodes to conceal the message authentication key (generally called a public-key). There have been studies on evaluating the calculation cost of asymmetric-key cryptographic primitives in an effort to be performed by sensor nodes: [6],[7],[8], etc.

3 Message Authentication Using One-Way Key Chain In this section, we introduce a message authentication scheme relying on a one-way key chain construction which is the basic idea for TESLA: [1],[2],[3]. This scheme has the advantage that nodes can authenticate the messages without secret information, although it is based on symmetric-key cryptographic primitives. 3.1 Procedures A one-way key chain is a chain of keys generated through repeatedly applying a oneway function on a random number. A one-way function is one which is easy to compute but difficult to invert. A message authentication scheme using a one-way key chain uses each of keys in a one-way key chain as the message authentication key, which is used for generating/verifying MICs. In figure 1, we show an example of the procedure of the message authentication scheme using a one-way key chain. In this scheme, the stored key in nodes is for verifying the next key in the one-way key chain, and does not have to be secret. Even if attackers compromise and fraudulently obtain the stored key in nodes, it is difficult, on the principle of a one-way function, for the attackers to find the message authentication key to be used for generating the correct MICs of messages. 3.2 Threats in Multi-hop Communication Environments The scheme explained in section 3.1 has the drawback that the nodes, which know the key disclosed by the server, may spoof the nodes which have not yet known the key. For example, router nodes in multi-hop networks can impersonate the server by delaying the messages intentionally. A malicious router node does not forward the message transmitted by the server to the next hop nodes and waits for the disclosure of the message authentication key by the server. When the message authentication key is disclosed by the server, the malicious node generates the MIC of malicious messages using the disclosed key, and forwards the malicious messages with its MICs to the next hop nodes. After that, the malicious node forwards the disclosed key to the

274

T. Yao, S. Fukunaga, and T. Nakai

next hop nodes. Consequently, the malicious node can deceive all descendant nodes into accepting the malicious messages as the authenticated ones.

4 Reliable Broadcast Message Authentication In this section, we propose a reliable broadcast message authentication which is tolerant to the server spoofing attacks even in multi-hop networks. The server can confirm that all nodes are sure to receive the correct data because our scheme makes use of secure acknowledgments (ACKs). 4.1 Outline of the Proposed Scheme As mentioned in section 3.2, there is a risk that the attackers may know the disclosed key earlier than victim nodes in multi-hop networks. Therefore, it is desirable that the message authentication key becomes invalid once the server discloses it. The proposed scheme has the following two features: (i) The server discloses the message authentication key after the server has received the correct ACKs from all the other nodes. (ii) The system specifies the number of the messages to be authenticated per each of keys in a one-way key chain, and the server and all the other nodes synchronize the number of authentications. The proposed scheme works well and the attacker cannot deceive the victim nodes as long as the scheme prevents the attacker from forging the acknowledgement messages. In the next section, we introduce a secure and efficient acknowledgment scheme for multi-hop tree structured networks as an example to realize the system mentioned above. 4.2 Secure Acknowledgements Adopted in Multi-hop Tree Networks In this section, we introduce a secure and efficient acknowledgment scheme of the broadcast messages transmitted by the server for multi-hop tree networks which is typical structure of sensor networks. There are the following problems in the acknowledgments of the broadcast messages transmitted by the server in multi-hop environments. (i) Replying the ACKs causes a large transmission overhead, especially under the circumstances in which there are a large number of nodes in sensor networks. (ii) The ACKs lack authenticity. (For example, it is possible for malicious router nodes to forge ACKs.) Ariadne[9] is a secure routing protocol. We adopt the concept of a per-hop hashing introduced in Ariadne to the generation of ACKs for multi-hop tree structured networks. We model the multi-hop tree network as a Merkle tree, and generate ACKs using a Merkel hash tree-like techniques. In this scheme, we assume the server and all the other nodes previously share the routing information and pair-wise distinct keys, where each of these keys is shared between the server and a unique node of the

Reliable Broadcast Message Authentication in Wireless Sensor Networks

275

network. We show the basic concept of our acknowledgment scheme in figure 2, where M is a broadcast message from the server, KA, KB, KC, KD, and KE is pair-wise distinct key shared between the server and the node A, B, C, D, and E, respectively, and hA, hB, hC, hD, and hE is secure ACKs generated by the node A, B, C, D, and E, respectively. Figure 2 (a) illustrates the ACK generation in the proposed scheme. Equation (1) shows a secure ACK hX generated by a node X. h X = H(MIC K ( M ) { || [ Secure ACKs from the children nodes ] || ...} ) X

(1)

where MIC K ( ) represents a MIC generation algorithm using a pair-wise distinct key represents a bit concatenation, and “{ [Secure KX, H represents a hash function, ACKs from the children nodes] …}” represents secure ACKs generated by the children nodes of a node X when a node X is a router node. Figure 2 (b) illustrates the verification procedure of the secure ACKs by the server. The server has the node control table as shown in figure 2 (b) to check pair-wise distinct keys and the routing information of all nodes in the network. The server can compute secure ACKs using its broadcast message M, pair-wise distinct keys, and the routing information in the node control table as nodes have generated. The server verifies whether or not its own computing information h’A equals to the secure ACK hA replied from nodes, and if it equals, the server acknowledges that the broadcast message M is certainly reached to all of the nodes. The secure acknowledgment scheme as mentioned above has the advantage that the server can confirm not only that all nodes receive the correct message, but also that there is no change in the network structure which has been known by the server. This scheme can suppress the transmission overhead compared with the case that each node replies an ACK to the server. Moreover, a secure ACK is generated using one or more pair-wise distinct keys shared by between the server and a unique node. So it is difficult for the attackers to forge any ACKs forwarded by any nodes without knowing all pair-wise distinct keys which is involved in the generation of the ACKs. X

Fig. 2. Secure and efficient acknowledgments in multi-hop tree structured networks based on the concept of a per-hop hashing

276

T. Yao, S. Fukunaga, and T. Nakai

On the other hand, there are drawbacks in this scheme. It allows any corrupted node to make the whole authentication scheme collapse by injecting a single incorrect piece of data during transmission of ACKs to the server. Despite the server know all the keys, the server cannot invert the hash function. Therefore the server is not able to detect which nodes have been corrupted in the network. A way of solving this problem may be that router nodes aggregate the ACKs using a reversible algorithm such as an exclusive-or on behalf of a hash function. 4.3 Implementation Figure 3 illustrates the implementation of the proposed message authentication scheme, which combines the message authentication scheme using a one-way key chain as mentioned in section 3.1 and the secure acknowledgment scheme as mentioned in section 4.2. If the system specifies that several messages can be authenticated per each of keys in a one-way key chain, the server should disclose the message authentication key after verifying the acknowledgments of all messages.

Fig. 3. Reliable broadcast message authentication

4.4 Store-Reduced Version of Our Scheme The proposed scheme, as mentioned above, has the issue that the nodes must store the received messages until the server discloses the message authentication key because the nodes cannot authenticate the messages without the key. This could be critical to memory-constrained nodes. In this section, we propose a way to reduce the amount of the stored information until the disclosure of the key. In this store-reduced version of the proposed scheme, the server transmits the MIC of a message before transmitting the message. After verifying the correctness of ACKs of transmitted data from all the nodes, the server transmits the message authentication key and the message corresponding to the already transmitted MIC. In this case, the nodes can authenticate the message immediately when it is received, and the amount of the stored information in nodes until the key disclosure is only the MIC, whose data size is

Reliable Broadcast Message Authentication in Wireless Sensor Networks

277

generally assumed to be smaller than data size of the message. Thus we can reduce data size to be stored in the nodes until the nodes know the message authentication key. The store-reduced version of the proposed scheme does not satisfy the following requirement at the time of the verification of the correctness of the received ACKs of the MICs: the server receives acknowledgments that all nodes are sure to receive the correct messages. Indeed, the above requirement can be satisfied by the server transmitting a combination of the following data: the message authentication key, the message, and the MIC which is generated by the next message to be going to be transmitted. The nodes reply the ACKs of the combination data. If the server verifies the correctness of the received ACKs, the server acknowledges that all nodes were sure to receive the correct messages as well as the correct MICs. Table 1. Comparisons among the four message authentication schemes based on symmetrickey cryptographic primitives about both the tolerance to the server spoofing attacks and the receipt of correct data by nodes, where is (a) message authentication using the key previously shared by among the server and all the other nodes, (b) message authentication using a one-way key chain, (c) TESLA, and (d) the proposed scheme, respectively

5 Security Considerations In this section, we consider the characteristic of the proposed scheme and also describe the security about the tolerance to the server spoofing attacks of the proposed ones. Firstly, we compare the proposed scheme about the characteristic with other three schemes based on symmetric-key cryptographic primitives: (a) message authentication using a key previously shared by among the server and all the other nodes as mentioned in section 2, (b) message authentication using a one-way key chain as mentioned in section 3, and (c) TESLA: [1],[2],[3], respectively, as shown in table 1. The proposed scheme is tolerant to the server spoofing attacks even in multihop environments on the assumption that it is difficult for the attackers to forge the ACKs of data transmitted by the server. In addition, our scheme needs no time synchronization between the server and all the other nodes to disclose the message authentication key used to generate/verify the MICs. Instead, the server verifies that all nodes reliably receive the correct messages, because key disclosure of our scheme relies on the reception (by the sender) of secure ACKs from the receivers. Secondly, we consider about the tolerance to the server spoofing attacks of both the proposed scheme and the store-reduced version of the proposed scheme. In the proposed scheme, it is guaranteed that the valid messages have reached to all of the nodes at the time of the key disclosure, because the server transmits the

278

T. Yao, S. Fukunaga, and T. Nakai

message with its MIC and discloses the message authentication key after the legitimate acknowledgments of both the message and the MIC. So even if the malicious router nodes put the malicious messages into the networks, the nodes can dispose of them as follows: (i) Against the malicious messages which are put before the key disclosure. We assume that the malicious router nodes put the malicious messages into the network before the key disclosure. In this case, the malicious router nodes cannot generate the correct MICs corresponding to the malicious messages because the message authentication key has not yet been disclosed. The nodes can dispose of the malicious messages depending on the verification results of the MICs. (ii) Against the malicious messages which are put after the key disclosure. We assume that the malicious router nodes put the malicious messages into the network after the key Fig. 4. Example of nodes disposing of disclosure. In this case, the malicious router malicious messages in the proposed nodes can generate the correct MICs scheme corresponding to the malicious messages because the message authentication key has already been disclosed. However, it is guaranteed that the valid messages with its MICs have reached to all of the nodes at the time of the key disclosure. The nodes can dispose of the malicious messages depending on the received order because the malicious messages are received after all nodes have received the valid messages with its MICs as shown in figure 4. Here, the system should specify the number of the authenticated messages per each of keys in a one-way key chain. Table 2. Comparisons of the proposed schemes about both stock data in nodes until the key disclosure, and the receipt of MICs more than the specified number per each of the keys in a one –way key chain

Reliable Broadcast Message Authentication in Wireless Sensor Networks

279

In contrast, in the store-reduced version of the proposed scheme, the server transmits only the MIC at first, and discloses both the key and the message after verifying the correctness of the received ACK of the MIC. Therefore, it is not guaranteed that the valid messages have reached to all of the nodes at the time of the key disclosure. In this case, the nodes may accept the malicious messages as follows: We assume that the malicious router nodes generate the malicious MICs, and put them into the network after the key disclosure. In this case, the malicious router nodes can generate the correct MICs corresponding to the malicious messages because the message authentication key has already been disclosed. Moreover, it is not guaranteed that the valid messages corresponding to the stored MICs have reached to all of the nodes at the time of the key disclosure. So the nodes may wrongly accept the malicious messages if the nodes store the malicious MICs which are injected after the key disclosure. To prevent the wrongly acceptance, the nodes should not receive the malicious MICs. As an example, the nodes do not accept the more MICs than Fig. 5. Example of nodes disposing of the specified number, which is the number of malicious messages in the storethe authenticated messages per each of keys in reduced version of the proposed a one-way key chain. After receiving the scheme specified number of the MICs and replying the secure ACKs of them, the nodes dispose of the newly received MICs. Even if the malicious router nodes put the malicious MICs into the network after the key disclosure, the nodes can dispose of the malicious MICs because the nodes have already received the specified number of the MICs. The nodes do not accept malicious messages as shown in figure 5. However, this sheme lacks robustness. If an enemy injects some malicious MICs to the nodes during transmission of the specified number of the correct MICs, the nodes dispose of some correct MICs, which are received later, and do not reply the ACKs of them to the server. Therefore, the server cannot verify the receipt of the correct MICs. The authentication scheme could be stopped. In this case, the server can only detects some troubles in the network either by not having received the ACKs from the nodes or by not verifying the correctness of the received ACKs. Consequently, we show the result of the security consideration on both the proposed scheme and the store-reduced version of the proposed scheme in table 2.

280

T. Yao, S. Fukunaga, and T. Nakai

6 Conclusion We have proposed a reliable broadcast message authentication which is tolerant to the sender spoofing attacks even in multi-hop environments. Our schemes need no time synchronization between the sender and the receivers. Moreover, the sender acknowledges that all receivers are sure to receive the correct messages, because key disclosure of our schemes relies on the reception of secure ACKs. To minimize the number of ACKs to be received before key disclosure, we compute MICs using a Merkle hash tree-like technique. We have also proposed a way to reduce the amount of the stored information until the disclosure of the key. The proposed schemes are based on symmetric-key cryptographic primitives that are generally computationally less expensive than public key cryptographic ones, so we think our schemes are feasible for the resource-constrained sensor nodes. However, our schemes lack robustness. Even one sensor node which has been compromised by an attacker can easily corrupt the broadcasting, and nobody can distinguish which node has been compromised and is corrupting the protocol. Our future works are to discover the dishonest node as well as to consider other acknowledgement schemes well-suited for sensor networks.

References 1. A. Perrig, R. Canetti, J.D. Tygar, D. Song: Efficient Authentication and Signing of Multicast Streams over Lossy Channels. IEEE Symposium on Security and Privacy (2000) 56-73 2. A. Perrig, R. Canetti, J.D. Tygar, D. Song: Efficient and Secure Source Authentication for Multicast. ISOC Network and Distributed System Security Symposium (2001) 35-46 3. A. Perrig et al.: SPINS: Security Protocols for Sensor Networks. Wireless Networks Journal., vol.8, no.5 (2002) 521-534 4. R. Merkle: A Certified Digital Signature. Advances in Cryptology – Crypto’89 (1989) 218238 5. C. K. Wong and S. S. Lam: Digital Signatures for Flows and Multicasts. IEEE/ACM Transactions on Networking, vol.7, no.4 (1999) 6. G. Gaubatz, et al.: Public key cryptography in sensor networks – revisited. 1st European Workshop on Security in Ad-Hoc and Sensor Networks, Lecture Notes in Computer Science, vol.3313, Springer, Heidelberg (2004) 2-18 7. D. J. Malan, et al.: A Public-Key Infrastructure for Key Distribution in Tiny OS Based on Elliptic Curve Cryptography. First IEEE International Conference on Sensor and Ad Hoc Communications and Networks (2004) 8. G. Gaubatz, et al.: State of the art in ultra-low power public key cryptography for wireless sensor networks. Workshop on Pervasive Computing and Communications Security – PerSec’05, IEEEE Computer Society (2005) 146-150 9. Yih-Chun Hu, et al., "Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks," MobiCom'02, Atlanta, Georgia, USA, (2002)

Message and Its Origin Authentication Protocol for Data Aggregation in Sensor Networks HongKi Lee1 , DaeHun Nyang2, , and JooSeok Song1 1

2

Department of Computer Science, Yonsei University, Seoul, Korea {lhk, jssong}@emerald.yonsei.ac.kr Graduate School of Information Technology and Telecommunications, Inha University, Incheon, Korea [email protected]

Abstract. In distributed sensor networks, the researches for authentication in sensor network have been focused on broadcast authentication. In this paper, we propose a message and its origin authentication protocol for data aggregation in sensor networks, based on one way hash chain and Merkle tree authentication with pre-deployment knowledge. Proposed protocol provides not only for downstream messages but also for upstream messages among neighbors, and it solves the secret value update issue with multiple Merkle trees and unbalanced energy consumption among sensor nodes with graceful handover of aggregator. In treating compromised node problem, our protocol provides an equivalent security level of pair-wise key sharing scheme, while much less memory requirements compared to pair-wise key sharing scheme. Keywords: sensor networks, aggregation, authentication, Merkle tree, hash chain.

1

Introduction

Recently, distributed sensor networks have been paid lots of attentions because of its valuable applications, such as monitoring of disaster site, observation of valuable creature’s habitation, and surveillance of critical spot in battlefields where human can not approach or stay for observation all the time. Distributed sensor networks typically consist of a large number of resourceconstrained sensor nodes and one or a few powerful control nodes called as base station (BS). The computing ability and the communication range of SN have restrictions because of resource-constrained characteristics of SN. The limitation 



This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment), and supported by grant No. R01-2006-000-10957-0(2006) from the Basic Research Program of the Korea Science & Engineering Foundation. Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 281–290, 2006. c IFIP International Federation for Information Processing 2006 

282

H. Lee, D. Nyang, and J. Song

of computation ability urges us not to adapt the conventional security techniques, but to develop new mechanisms adaptable to sensor networks. The traffic of sensor network is classified into downstream and upstream in terms of its direction. The former is usually called as control message directed from BS to SNs while the latter usually contains sensed data directed from SNs to BS, and the former is usually transmitted by broadcast fashion while the latter depends on routing protocol. To guarantee the reliability of message in sensor network, authentication should be applied to all traffics including message origin. In this paper, we propose an authentication scheme for message and its origin without disclosing of node’s secret key for authentication by utilizing hash chain and Merkle hash tree (MT) authentication [4]. We assume that we can get the pre-deployment knowledge [7], and construct a group with potential neighbor nodes which are the nodes of higher probability to communicate with each other. After that, we build MT with the group member nodes as leaf nodes, and choose a header node as aggregator in which the tree information is stored. After deployment, message and its origin authentication at the aggregator node (AN) can be easily achieved using pre-distributed authentication values. To protect the replay attack with reusing the authentication value, AN maintains the counter values of each nodes and updates for every communications. The contributions of this work are: • Provide a real-time message and its origin authentication scheme for upstream and downstream traffics. • Reduce the computation overhead for authentication, and thus extend the lifetime of sensor networks by utilizing symmetric cryptography. • Provide graceful degradation by minimizing the impact of compromised node (CN), which is limited to CN itself. • Provide almost equivalent security level of pair-wise key sharing scheme with much less memory. • Provide graceful aggregator handover scheme without leakage of security. The remainder of this paper is organized as follows. Section 2 explains the motivation of this work with some overviews of related works. Then, we present proposed protocol in section 3. In section 4, analysis of security and performance evaluation of our protocol are presented. Section 5 finally concludes this paper.

2

Motivation

Considering that the main purpose of sensor networks is gathering information or detecting events through SNs and reporting to user through BSs, we can easily guess that the volume of upstream traffic is much larger than that of downstream traffic. Moreover, upstream traffic which contains various data sensed by lots of SNs at different time is more diverse than downstream traffic which usually contains control messages broadcasted by BS at a stroke. In sensor networks, one of the most significant security threats is CN which is captured and installed malicious codes by adversaries. Since it cannot be

Message and Its Origin Authentication Protocol for Data Aggregation

283

prevented completely because of unattended characteristic of sensor networks, it is required to guarantee the resilience against the CN and to minimize its effect. Authentication of message and its origin before accepting is one of alternative solutions to minimize affection of CNs. For authentication of downstream traffic, μTESLA and its variants have been proposed in [1,2,3]. The μTESLA accomplishes the authenticated broadcast by loosely time synchronization and delayed disclosure of symmetric key fashion with hash chain. The essential problem in scaling up μTESLA is how to distribute and authenticate the parameters of its instances. The multilevel μTESLA uses higher-level μTESLA instances to authenticate the parameters of lower-level ones. The μTESLA and the multilevel μTESLA have the same problem of authentication delay, which connotes the possibility of denial-of-service attacks to disrupt the distribution of its parameters [3]. For authentication of upstream traffic, any remarkable works has not been proposed yet. It commonly relies on conventional cryptographic techniques such as unicast with the shared pair-wise secret between correspondent nodes. Sharing pair-wise keys between all possible pairs is not commonly considered as practical solution because of huge memory requirement. Furthermore, in data gathering application, since authenticity of data is more important while exposure of contents is not a significant issue, shared key is not always required. Considering large volume and diverse messages from lots of SNs, a simple and efficient authentication scheme is surely required.

3

Message and Its Origin Authentication Protocol

In this section, we describe the message and its origin authentication protocol for data centric sensor network in detail. We use the following notations to describe the security protocol and cryptographic operations in this paper. IDi SNi AN , A m ctr CT R N L h(x) hn (x) || 3.1

identifier of sensor node i sensor node with IDi aggregator node of a group the number of member nodes in a group current counter value of hash chain maximum counter value, i.e., the length of hash chain the number of MT, i.e., the number of fraction of hash chain the lifetime of sensor node, i.e., L = N × CT R one-way hash function with input value x compute n times of h(x) concatenation

Assumptions

In our proposed protocol, we assume to construct a security architecture that some deployment knowledge is available as priori and sensor network is static. In many cases, if we have some deployment knowledge, it can be very useful to construct security architecture such as key management and clustering. In fact,

284

H. Lee, D. Nyang, and J. Song

certain deployment knowledge may be available as a priori in many practical scenarios depends on deployment method [7]. We assume that some deployment knowledge to approximate the topology of sensor network is available. We also assume that the sensor network is static, which means that the group membership of SNs will not be changed after deployment. Since sensor networks tends to use redundancy by a large number of cheap SNs to cover wide area, each SN will be responsible for only small area. Therefore, the group membership of SN can be kept even if it has mobility. 3.2

Pre-deployment Phase

Before deployment, grouping based on deployment knowledge and constructing initial security architecture for authentication are performed. At first, based on deployment knowledge, potential neighbor nodes are combined into a group. A secret key, Si , for authentication is allocated to each SN. Si is the seed of hash chain for authentication and should be kept securely to any other nodes including legitimated nodes. After then, authentication key, Ki for each SN is computed by CT R times of iterative hash computation with IDi and Si , i.e., Ki = hCT R (IDi ||Si ), and stores it to the SN’s memory. Next, a MT for authentication of Ki is constructed with Ki s of member nodes. The root hash value of the MT, KR , and the authentication evidence of Ki , CKi , are stored in each member node. Figure 1 shows an example of the MT with m = 8 and CT R = 100. KR = K1,8 , where K1 = h(K1∗ ), K1,2 = h(K1 ||K2 ), K1,4 = h(K1,2 ||K3,4 ), and K1,8 = h(K1,4 ||K5,8 ). In this figure, AN has this tree architecture and KR , while node ID5 will have K5 as own authentication key, and CK5 = (K1,4 , K6 , K7,8 ) (circled ones in Figure 1) as authentication evidence of K5 . To authenticate K5 , compute   KR = h(K1,4 ||h(h(K5 ||K6 )||K7,8 )), and check whether or not KR = KR . Within a group, one member node is selected as AN of the group. It maintains the lists of all the member nodes ID and their current ctrs in the table. And its role is aggregating the sensed data received from member nodes after checking authenticity of sensed data and its origin, and broadcasting control messages. K R = K1,8

K * i = h100 ( IDi || S i ) K i = h ( K *i ) K 5, 8

K1, 4

K 3, 4

K1, 2

K 5, 6

K 7 ,8

K1

K2

K3

K4

K5

K6

K7

K8

K *1

K *2

K *3

K *4

K *5

K *6

K *7

K *8

Fig. 1. An example of Merkle hash tree authentication

Message and Its Origin Authentication Protocol for Data Aggregation

3.3

285

Message and Its Origin Authentication Phase

After deployment, SNs confirm its membership of group and perform their basic operations. Message and its origin authentication will be carried out by a part of the basic operations. In proposed protocol, the message format is as follow: IDS , IDD , Flag, KS , ctrS , CKS , M , MAC(M , ctrS ) where S is source, D is destination, and Flag is combination of I, D, B, H, U We classify the messages into 5 types by the purpose of message, and the each message type is assigned by a Flag character: I for initialization, D for reporting sensed data, B for broadcasting control messages, H for aggregator handover procedure, and U for secret value update procedure. Initialization After deployment, every SN including AN broadcasts its ID and initial hash value Ki with CKi for initialization. AN checks the list of member nodes from these messages by verifying Ki with CKi . If initial authentication is successful, AN saves the ctri s of each SN for next authentication. AN also broadcasts its ID and KA with CKA , and then, SNs authenticate AN by checking weather the KR computed with AN’s message is the same with its own KR or not. After the initialization ends, newly appeared nodes will be treated as CN. SNi → broadcast AN → broadcast

IDi , ∗, (B, I), Ki , ctri , CKi , M, MAC(M , ctri ) where M = “Initialization of IDi ”. IDA , ∗, (B, I), KA , ctrA , CKA , M, MAC(M , ctrA ) where M = “ID of Aggregator Node is IDA ”.

Upstream Authentication. For data aggregation, SNs send sensed data with authentication information which includes the node’s ID, its authentication value hctri (IDi ||Si ) (briefly denoted as hctr i ), latest counter ctri , and CKi with MAC(M , ctri ) to AN. After transmitting, SN changes its counter value for next reporting. SNi → AN SNi

IDi , IDA , D, hctr i , ctri , CKi , M, MAC(M, ctri ) where M = Sensed data ctri = ctri − 1

AN authenticates the received data and its origin by checking MAC and fresh ness of ctri , and rebuild Ki by hCT R−ctr (hctr i ) computation. And with this Ki ,  yield KR and compare it with initial KR . If all tests are successful, AN accepts the message and updates the SN’s counter in the table. Otherwise, AN considers that the data is transmitted from unauthorized node and discards it. AN

Check MAC, and the freshness of ctri   Compute Ki = hCT R−ctri (hctr i ), and KR with Ki and CKi  Compare KR with KR IF all tests are successful, Accept data and ctri = ctri − 1 OR Discard it

286

H. Lee, D. Nyang, and J. Song

Downstream Authentication. Downstream authentication can be achieved by the same way of the upstream authentication. AN broadcasts control message with authentication information and setting B Flag. AN → SN s

IDA , ∗, B, hctr A , ctrA , CKA , M , MAC(M, ctrA ) where M = Control message of AN .

When a SN receives the broadcasted message, it checks the IDA with AN’s ID already known and verify the authenticity of the message. Following procedure of downstream authentication is all the same as upstream authentication. 3.4

Handover of Aggregator Node Phase

Since it has much possibility that AN’s lifetime could be shorter than other SNs to perform the AN’s role, it is required that the role of AN is transferred to another depending on the remained energy status of AN. If AN has to be changed into another, old AN (OAN or OA) chooses an appropriate SN as new AN (NAN or NA) and transmits the information for AN to NAN by means of upstream message with setting H Flag. Transferred message includes the list of member nodes and their current counters. After the AN’s role has been transferred to NAN, OAN broadcasts an announcement of the ID of NAN. OAN → N AN

IDOA , IDN A , H, hctr OA , ctrOA , CKOA , MAC(M, ctrOA ) where M = (ID1 , ctr1 ), (ID2 , ctr2 ), · · · , (IDm , ctrm ) OAN → broadcast IDOA , ∗, (B, H), hctr OA , ctrOA , CKOA , M , MAC(M, ctrOA ) where M = IDN A , ctrN A , T imestamp 3.5

Secret Value Update

In our proposal, we utilize hash chain technique to protect replay attack which utilize the previous hash value achieved by overhearing. However, one of the critical issues for hash chain is secret value update since it has an original limitation of hash chain length. A na¨ıve approach for this problem is to make use of pair-wise keys between every pair of SNs. It avoids wholesale sensor network compromise upon node capture since selective key revocation is possible. However, this solution requires per sensor pre-distribution and storage of m − 1 keys in each SN, and m(m−1) 2 network, which renders it impractical for sensor networks of more than 10,000 nodes, for both intrinsic and technological reasons [8]. We will analyze this point by comparing with our proposal in section 4. Another approach is to use long enough hash chain to last until the end of sensor network’s lifetime. However, long hash chain makes the lifetime of sensor network shorten by consuming node energy to perform lots of hash function for every authentication. The average number of hash computation per one authentication is Therefore, one long hash chain is not a good solution. We propose a secret value update mechanisms: pre-computing multiple Merkle trees from one long hash chain. During pre-deployment phase, each SN extracts

Message and Its Origin Authentication Protocol for Data Aggregation

287

L N of N length hash chains from L length of a long hash chain derived from one initial value, and construct N of MTs with these fractions. This method is very efficient because the next initial value of MT could be authenticated by old hash value. It requires more memory to SNs naturally. However, it can solve secret value update problem. Moreover, it can reduce the number of hash computation for every authentication compared to one long hash chain mechanism.

3.6

Treatment of Node Compromising

In general, the detection of compromised or captured sensor is considered difficult, but feasible at least in certain scenarios such as in battlefields [3]. In this paper, we do not consider the process or mechanism to detect CN, but assume such results are given. When CN is detected, AN can simply block the CN by setting its ctr to “0”. Then it node can not be authenticated, and therefore, the messages from that node are treated as invalid data in aggregation.

4 4.1

Analysis of the Proposed Protocol Security Analysis

Proposed protocol is secure against the adversary which can overhear every communication messages and can compromise small number of SNs. In proposed protocol, Si is the only one secret which should be kept securely by each node, because it is only used for producing Ki with hashed form and should not transmitted or exposed to anyone else after deployment. AN maintains only a table of member nodes and their latest counter additionally. Since there is no shared secret, transmitted information in our protocol are not encrypted data but just public data which can be obtained through overhearing. Therefore, even if adversary capture and compromise SN including AN, it can not get any other secrets without its Si . We adopted group mechanism and BS does not intervene in any procedures. Thus, all the security problems are limited in each group and the possibility of attack to communication between SN and BS are removed. Furthermore, because an adversary can get only each node’s Si through node compromising, small number of CN can not effect the correct operation of entire sensor networks. This protocol provides complete authentication not only for data aggregation but also for broadcasting. And it also provides secret update and handover of AN schemes. Therefore, any other assistant schemes are not required for message and its origin authentication in sensor networks. 4.2

Overhead Analysis: Computation and Memory

In proposed protocol, the number of hash computation is decided by the length of hash chain and the height of MT. For one authentication, the average number of hash computation is CT R/2 times to get a new hash chain value in SN and

288

H. Lee, D. Nyang, and J. Song

to get Ki in AN, and log2 m times of additional computations to verify that Ki in MT in AN. If m is fixed, the hash chain length is the determinant factor, and by controlling this we can reduce the number of hash computation. To shorten the hash chain, we divide long hash chain into multiple fragments and adopte multiple MTs with the fragments. If we divide a length L of long L hash chains, the average number of hash chain into N fragments of length N L hash computation in each node becomes simply 2N . Table 1 shows the average number of hash computation in each SN and AN. Each SN has to maintain the authentication information such as its own ID, secret value for authentication, hash counter, authentication key, the authentication evidence for MT authentication, root hash value of MT, and ID and counter of AN for authentication of control messages. AN additionally maintains the authentication information for the member nodes, which is the table of member node ID and its counter value set. SNi AN

IDi , Si , ctri , Ki , CKi , KR , IDA , ctrA IDA , SA , ctrA , KA , CKA , KR + table of (IDi , ctri ) set

If we use N of MTs, SN has to maintain N sets of Ki and CKi . If we use multiple MT scheme with fraction of long hash chain, and thus, the next authentication key Ki can be verified by previous Ki , the memory for Ki can be saved. However, AN does not need to maintain additional information for multiple MTs, because only current ctr of each node is required for authentication. When we use multiple MTs, we can reduce the memory to maintain ctr. The counter means the length of hash chain, thus, log2 L bits are required for ctr. If we divide long hash chain into N of multiple fragments, the length of counter L  of each node. goes down by log2 N On the other hand, in pair-wise key scheme, to protect the replay attack, it requires also countermeasures such as pseudo-random number generator (PRNG) or challenge and response (C/R) protocol. It has the computational burden for na¨ıve pairwise scheme, whereas our scheme is strong against replay attack. And the pair-wise key scheme requires m − 1 of memory space for key pairs. Table 1 briefly shows the required computation for one authentication and the required memory for maintaining authentication information in each SN compared with those of the pair-wise key scheme. We assume the environments sensor network is as below: L (Lifetime of SN) m (Number of member node) Platform of SN Hash algorithm Time to perform SHA1 for 64 byte plaintext

10,000 1,024 Atmega 128 SHA1 7,700 μseconds [9]

Based on these parameters, SN can communicate 10,000 times with other SNs. If SN reports sensed data per 1 hour, it is reasonable considering more than 1 year of SN’s lifetime. Table 2 shows the average number of hash computation and its

Message and Its Origin Authentication Protocol for Data Aggregation

289

Table 1. Required resources for one authentication and memory Avg. # of hash computation SN AN Pair-wise key scheme

L 2N

L 2N

+ log2 m PRNG or C/R protocol

# of information (2 + log 2 m) × N L (2 + log2 m) × N + log2 N ×m m−1

computational time, and the number of authentication values to be maintained by each SN for various N . It also shows the memory gain compared with the pair-wise key scheme. When we divide the 10,000 length of hash chain into 50 fragments, it takes about 0.48 seconds to generate one authentication value while the gains of memory are 58% in SN. By [10], the energy consumption is smaller than RSA signing operation considering RSA signing consumes 304 mJ per 1 byte whereas SHA1 consumes 5.9 μJ per 1 byte. Table 2 also shows the energy consumption of 1 authentication for 64 byte message. Figure 2 shows the relationship of m and the required memory by changing N . We can see that our scheme has more advantages by increasing m, and we can choose various N by the application and environments such as the mission, available memory, required lifetime, etc. Table 2. Comparison of hash computation and memory (L = 10, 000, m = 1, 024 ) N Avg. # of hashing Comp. time 10 500 3.85 sec 20 250 1.92 sec 50 100 0.77 sec 80 62.5 0.48 sec 100 50 0.39 sec

2000 1800

Number of hash value

1600 1400

# of hash key Memory gain Energy consume 120 12 % 188.8 mJ 240 23 % 94.4 mJ 600 58 % 37.8 mJ 960 93 % 23.6 mJ 1200 117 % 18.9 mJ

Pair−wise key N=100 N=80 N=50 N=20 N=10

1200 1000 800 600 400 200 0 0

500

1000

1500

2000

Number of nodes

Fig. 2. The number of required hash key for the number of fraction

290

5

H. Lee, D. Nyang, and J. Song

Conclusion

In this paper, we proposed a message and its origin authentication protocol based on pre-deployment knowledge in static sensor networks. The proposed protocol provides an authentication scheme for traffic of downstream and upstream at real time by utilizing hash chain and MT. With partitioning of long hash chain and constructing multiple MTs, we solved secret update problem, and mitigated energy consumption. Moreover our protocol achieved the graceful degradation by limiting the affection of CN to CN itself. By analyzing with example, we showed the relationship between the computation overhead and required memory compared with pair-wise key scheme. In the example, our scheme can control the computational energy and required memory depends on applications. Proposed protocol fits for group based data centric sensor network with lots of member nodes. And there are only upstream channels and thus, BS can not control SNs, our protocol works well. Since utilizing group mechanism, our scheme is well matched for cluster based sensor network routing protocols such as LEACH [5], and PEGASIS [6].

References 1. A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proceedings of the MOBICOM, 2001. 2. D. Liu and P. Ning, “Multilevel μTESLA: Broadcast Authentication for Distributed Sensor Networks,” ACM Transactions on Embedded Computing Systems, Vol. 3, No. 4, Pages 800-836, 2004. 3. D. Liu, P. Ning, S. Zhu, and S. Jajodia, “Practical Broadcast Authentication in Sensor Networks,” Proceedings of the MobiQuitous, 2005. 4. R. Merkle, “Protocols for public key cryptosystems,” Proceedings of the IEEE Symposium on Research in Security and Privacy, 1980. 5. W. Heinzelman, A. Chandrakasan, and H. Balakrshnan, “Energy-efficient communication protocol for wireless sensor network,” Proceedings of the HICSS, 2000. 6. S. Lindsey, and C. Raghavendra, “PEGASIS: Power-Efficient gathering in sensor information systems,” Proceedings of the IEEE Aerospace Conference, Vol. 3, Pages 1125-1130, 2002. 7. W. Du, J. Deng, Y.S. Han, S. Chen, and P.K. Varshney, “A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge,” Proceedings of the IEEE INFOCOM, 2004. 8. L. Eschenauer and V. Gligor, “A Key Management Scheme for Distributed Sensor Networks,” Proceedings of the ACM CCS 2002. 9. P. Ganesan, R. Venugopalan, P. Peddabachagari, A. Dean, F. Mueller, and M. Sichitiu, “Analyzing and modeling encryption overhead for sensor network nodes,” Proceedings of the ACM WSNA 2003. 10. A.S. Wander , N. Gura, H. Eberle, V. Gupta, and S.C. Shantz, “Enery Analysis of Public-Key Cryptography for Wireless Sensor Networks,” Proceedings of the IEEE PerCom, March 2005.

A New Security Protocol Based on Elliptic Curve Cryptosystems for Securing Wireless Sensor Networks Seog Chung Seo, Hyung Chan Kim, and R.S. Ramakrishna Department of Information and Communications, Gwangju Institute of Science and Technology (GIST), 1 Oryong-dong, Buk-gu, Gwangju 500-712, Rep. of Korea {gegehe, kimhc, rsr}@gist.ac.kr

Abstract. In this paper, we describe the design and implementation of a new security protocol based on Elliptic Curve Cryptosystems (ECC) for securing Wireless Sensor Networks (WSNs). Some public-key-based protocols such as TinyPK and EccM 2.0 have already been proposed in response. However, they exhibit poor performance. Moreover, they are vulnerable to man-in-the-middle attacks. We propose a cluster-based Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) for efficiency and security during the pairwise key setup and broadcast authentication phases, respectively. We have implemented our protocol on 8-bit, 7.3828-MHz MICAz mote. The experimental results indicate the feasibility of our protocol for WSNs.

1

Introduction

Wireless sensor networks (WSNs) have been proposed for a wide variety of applications such as emergency medical care, vehicular tracking, and building monitoring systems. Because these sensor networks are composed of small, resource-constrained sensor nodes and are deployed in harsh, unattended environments, some combination of authentication, integrity, and confidentiality are required for reliable and lasting network communications. However, achieving security in WSNs is a challenging job in that the absence of any supervisor makes the application of conventional security protocol infeasible for WSNs. Furthermore, the limited resources at the sensor nodes are targets of Denial-of-Service (DoS) attacks. Therefore, it is essential to build a security protocol taking into account the inherent characteristics of WSNs such as low computing power, low bandwidth, high susceptibility to physical capture, and dynamic network topology [1]. Besides, the security protocol should cope with a number of threats including eavesdropping, injecting malicious messages, and node compromise. Most of the existing security protocols are based on symmetric key. The symmetric key system provides efficient cryptographic operations of encryption and decryption. However, it is not appropriate for setting up pairwise keys and broadcast authentication because it generates heavy traffic and involves complex architecture. Moreover, symmetric-key-based security protocols are vulnerable to X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 291–301, 2006. c IFIP International Federation for Information Processing 2006 

292

S.C. Seo, H.C. Kim, and R.S. Ramakrishna

node compromise. Some public-key-based protocols such as TinyPK [8], EccM 2.0 [7] and Blass’ [4] have addressed these issues. However, they exhibit poor performance. They are vulnerable to man-in-the-middle attack. This paper presents a new security protocol based on the ECC. Our protocol consists of mainly two phases: pairwise key setup and broadcast authentication. We propose a cluster-based ECDH and ECDSA for security of key agreement and efficiency of broadcast authentication, respectively. Our contributions are summarized below: – The proposed ECDH provides the generic key agreement mechanism which does not require any knowledge of network topology. The proposed scheme can prevent the man-in-the-middle attack by verifying the signature of the public key from other nodes. The built pairwise keys are used to distribute the cluster key, a key that is common to all the cluster elements. – The cluster-based ECDSA offers efficient broadcast authentication which can reduce the overheads on network-wide verification. This is why only the clusterheads are responsible for verifying broadcast messages in our protocol. – We have implemented the proposed protocols on the 8-bit, 7.3828-MHz MICAz mote [11] which is one of the most popular sensor motes. The experimental results testify to the viability of our protocol for WSNs. Furthermore, the proposed protocol outperforms existing ECC-based protocols over GF (2p ) for WSNs with the aid of efficient algorithms such as width-w Mutual-Opposite-Form (wMOF) [14] and shamir’s trick [13]. The remainder of this paper is organized as follows: In Section 2 we take a look at related work. Section 3 describes the proposed security protocols. Security is analyzed in Section 4. In section 5 we present implementation and experimental results. Conclusions are presented in Section 6. The details of main idea for efficient implementation of ECDH and ECDSA can be found in the Appendix.

2

Related Work

As WSNs are becoming attractive in ubiquitous computing environments, security of WSNs is understandably attracting attention. Many security protocols have been proposed to date. They are divided into two main categories: symmetric-key-based protocols and public-key-based protocols. The security protocols taking advantage of symmetric keys such as SPIN assume the complete impracticability of public key system due to their high computational overhead [2,3]. However, symmetric key systems are not as versatile as public key system, so that they complicates the design of security architecture such as key distribution, and broadcast authentication. The complicated security architecture generates heavy network traffic. Currently, many researchers are attempting to apply the public key cryptosystem for securing WSNs. Watro et al. presented the TinyPK for authentication and key agreement between 8-bit MICA2 motes [8]. The TinyPK makes use of RSA-based DiffieHellman for key agreement. However, TinyPK takes more than 2 minutes to

A New Security Protocol Based on ECC for Securing WSNs

293

establish a pairwise key between two sensor nodes. Kumar et al. [6] developed a communication protocol employing ECDH key exchange. Their work involves optimal extension fields where field multiplication is quite efficient. However, it is vulnerable to the Weil descent attack. The work of Wander et al., compared the performance of RSA and ECC on the Atmega128L processor in respect of energy consumption [12]. They tried to integrate the RSA and ECC into SSL handshake to provide mutual authentication. Gaubats et al. have compared Rabin’s scheme, NtruEncrypt, and ECC on a low power device in [5]. The results of experiments show that the ECC is more appropriate for WSNs than Rabin’s scheme and NtruEncrypt. The EccM 2.0 has implemented ECDH key agreement protocol on MICA2 mote [7]. In the EccM 2.0, the established pairwise key between two sensor nodes is used for the symmetric key of TinySec [9] which is the link-layer security architecture in TinyOS [10]. Blass and Zitterbart have also analyzed the performance of the ECDH, ECDSA and El-Gamal on MICA2 mote [4].

3 3.1

Proposed Protocol Assumptions and Preliminaries

– The sensor network consists of several clusters. They are interconnected by gateway nodes which are involved in more than two clusters. – Clusterheads are computationally very powerful and have larger storage capacity than normal sensor nodes. – Each sensor node has one public key and its corresponding signature signed by BS’s private key. BS’s public key is also stored in every node before deployment. All public keys of clusterheads are stored in the BS. – NA is the normal node named A in a cluster. NC and NG represent the clusterhead and gateway node, respectively. KA is the private key of NA . PA is public key of NA and SP A is the signature of the public key in NA . KAB is the pairwise key between NA and NB . KC refers to the cluster key. EKAB (m) indicates that a message m is encrypted with pairwise key KAB shared by node A and node B. The concatenation of messages is expressed with the operator ||. G is the global point in ECC operation. 3.2

Pairwise Key Establishment

We combine the ECDH key agreement and the clustering scheme. We can categorize the pairwise key setup into four types. This is illustrated in Fig. 1. The categories involve keys between clusterhead and normal nodes adjacent to it (1), between normal nodes (2), between either gateway node and clusterhead or gateway node and normal node (3), and between clusterheads (4). In the process of pairwise key setup between normal nodes and clusterhead, the validity of normal nodes which are adjacent to clusterhead should be verified because they can modify the data from other normal nodes or generate malicious data directly. Furthermore, the legality of gateway nodes should be examined to prevent attackers from pretending a valid node. Otherwise, the attacker can control as to where the gathered data should go by impersonating the gateway node.

294

S.C. Seo, H.C. Kim, and R.S. Ramakrishna

Fig. 1. Pairwise key establishment process

In fact, the legitimacy of the clusterhead should be inspected by other normal nodes because it plays a pivotal role in gathering the data and forwarding it. Some of the normal nodes which are close to the clusterhead can investigate the identity of the clusterhead via the signature of its public key. The sensor nodes make use of the established pairwise key as a symmetric key of TinySec [9] which is a link-layer security architecture in TinyOS [10]. In fact, our protocol utilizes the TinySec so that it can provide node-to-node confidentiality and authentication. (i) Between clusterhead and normal nodes 1. Normal node (NA ) sends a pair of public keys (PA = G ∗ KA ) and its signature (SP A ) signed by BS’s private key to the clusterhead (NC ). NA −→ NC : PA ||SP A 2. The clusterhead verifies the validity of the public key using BS’s public key. If the signature is authentic, the clusterhead sends its public key to NA . Otherwise, it registers NA as a malicious node. 3. If the signature proves to be valid, they can calculate the common pairwise key (KAC = KCA = PA ∗ KC = PC ∗ KA = G ∗ KA ∗ KC ). 4. After completing the pairwise key setup between the normal nodes and the clusterhead, the latter can distribute the cluster key (KC ) which is the commonly shared key of a cluster. The cluster key is encrypted with pairwise keys between each normal node and clusterhead and is distributed to each normal node. NC −→ NA : EKCA (KC ) (ii) Between two normal nodes 1. NA sends its public key (PA = G ∗ KA ) to NB . 2. NB sends its public key (PB = G ∗ KB ) to NA . 3. They can calculate the common pairwise key (KAB = KBA = PA ∗KB = PB ∗ KA = G ∗ KA ∗ KB ).

A New Security Protocol Based on ECC for Securing WSNs

295

Fig. 2. Broadcast authentication process

(iii) Between gateway node and ( clusterhead or normal node ) 1. The gateway node (NG ) sends (PG , SP G ). 2. If a clusterhead receives the message from the gateway node, it can verify the validity of the public key immediately. 3. If a normal node gets the message, it forwards the pair to the clusterhead to examine it. The clusterhead returns the result of the verification. NG −→ NA : PG ||SP G NA −→ NC : EKAC (PG ||SP G ) NC −→ NA : EKCA (V alid or N ot) 4. If the signature is authentic, the remaining steps are same as before. (iv) Between clusterheads Assume that two clusterheads NCA and NCB try to set up a pairwise key. 1. A clusterhead (NCA ) sends (PCA , SP CA ) to the gateway node (NG ). NCA −→ NG : EKGCA (PCA ||SP CA ) 2. A gateway node (NG ) forwards the pair to another clusterhead (NCB ) NG −→ (NCB ): EKGCB (PCA ||SP CA ) 3. If the signature is valid, the clusterhead (NCB ) also sends (PCB , SP CB ) to the clusterhead (NCA ). The same procedure is followed to verify the validity of the clusterhead (NCB ). 4. After authenticating mutually, the clusterheads can compute the common pairwise key. 3.3

Broadcast Authentication

In WSNs, the BS broadcasts its command or query to sensor nodes. If a broadcast authentication mechanism is not provided, an attacker can impersonate the BS and execute a kind of DoS attack by generating heavy traffic over the network. Similarly, the clusterheads broadcast their aggregated data from normal nodes to the BS. Unless there is provision for authentication, it is possible for attackers to send malicious or bogus data to the BS. For broadcast authentication in WSNs,

296

S.C. Seo, H.C. Kim, and R.S. Ramakrishna

μTESLA has been proposed in [2]. However, all the sensor nodes must be synchronized with the BS in μTESLA. This constraint results in decreased lifetime of the sensor network. Furthermore, the delayed disclosure of the authentication keys causes time delay in message authentication in μTESLA. We can provide efficient broadcast authentication mechanism by exploiting the ECC, especially the ECDSA, due to its even smaller key size as compared with other digital signature algorithms. However, the overhead of verification in ECDSA is almost twice as large as that of signing. If all the sensor nodes in the network verify the broadcast messages from the BS, considerable energy is consumed. This is unacceptable in view of the limited resource of the entire network. Therefore, we propose a cluster-based ECDSA so that we may reduce the overhead of verification for broadcast authentication. Actually, only the clusterheads are responsible for verifying the broadcast message in our mechanism. This results in a sharp fall in resource consumption. In Section 3.1, we have assumed that BS’s public key is stored in each sensor node and the public keys of the clusterheads are also maintained by the BS. The public key of the BS is utilized by the clusterheads for verifying the signature of the broadcast message from the BS. Similarly, the public keys of the clusterheads are applied to verify the messages from the clusterheads to the BS. Broadcast from Base Station to Clusterheads The process is depicted in Fig. 2. In the figure, the BS broadcasts a message to the clusterheads ( 1 through 4 ). The message is encrypted by the pairwise keys of the concerned nodes for providing confidentiality. The details are given below. (i) Signing the broadcast message 1. The BS generates the signature (r, s) based on the message (m) and its private key (d). The nonce value (R) is used to prevent replay attack. The (r, s) is computed as below: r = x1 mod n, kP = (x1 , x2 ), k ∈ [1, n − 1], P is a point on curve s = k −1 {h(m||R) + dr} mod n, where h is SHA-1, n is large prime. 2. The BS (NB  ) sends a pair of signature (r, s) and a message (m) with random nonce (R) to gateway nodes for delivering it to clusterheads. The gateway nodes forward it to the clusterheads. NB  −→ NG : EKB G ((r, s)||m||R) NG −→ NC : EKGC ((r, s)||m||R) (ii) Verifying the broadcast message 1. When a clusterhead receives the signed broadcast message, it verifies the message by comparing (v) and (r). In addition, it ignores the duplicate messages by checking the nonce value, which results in energy efficiency. The procedure for computing value (v) is given below: v = x1 mod n, u1 ∗ G + u2 ∗ PB  = (x1 , y1 ), u1 = {h(m||R) ∗ w} mod n, u2 = r ∗ w mod n, w = s−1 mod n. 2. If the calculated (v) is same as the received (r), the clusterhead accepts this message. And then it broadcasts a local query encrypted with the cluster key (KC ) to normal nodes in a cluster.

A New Security Protocol Based on ECC for Securing WSNs

297

NC −→ NA : EKC (m) 3. Normal nodes begin on the assigned work and return the results. Broadcast from Clusterheads to Base Station This procedure in Fig. 2 is reversed. (i) Signing the broadcast message 1. A clusterhead collects data from normal nodes in a cluster. It signs the gathered data using its private key (The signing procedure is same as above). For prevention of replay attack, the nonce value (R ) is used. 2. The clusterhead sends a pair of signature (r , s ) and data (m ) to a gateway node. NC −→ NG : EKCG ((r , s )||m ||R ) 3. The gateway node forwards the pair to the BS through other clusters. NG −→ NB  : EKGB ((r , s )||m ||R ) (ii) Verifying the broadcast message 1. The BS can verify the message from clusterheads because it maintains the public keys of clusterheads (The verification procedure is same as above). It also achieves high energy efficiency by rejecting the duplicate messages through checking the nonce value. 2. If the signature proves to be innocent, the BS accepts this message.

4

Security Analysis

We analyze the proposed key setup protocol and broadcast authentication mechanism with regard to essential security properties such as confidentiality, integrity, authentication, and node compromise attack. Confidentiality and Integrity. In a process of pairwise key setup, even if an attacker can eavesdrop on the information exchange such as the nodes’ public key, the secret pairwise key continues to be secure. This is why an attacker must solve the ECDLP to gain the pairwise key. After completing the process, the nodes use the pairwise key for a symmetric key in TinySec [9]. The TinySec provides efficient node-to-node confidentiality and authentication. Furthermore, broadcast messages from BS are encrypted by these pairwise key. Therefore, our protocol ensures confidentiality and integrity. Authentication. We categorize the pairwise key setup into four types and then require that the concerned nodes verify each others’ signature so as to thwart man-in-the-middle attack. For example, the identity of the clusterheads, the gateway nodes, and the normal nodes that are close to the clusterhead is examined because they play principal roles in our protocol. Furthermore, the BS broadcasts messages signed with its private key. In both cases, attackers cannot forge the signature of the public key because it is signed by the BS’s private key. Therefore, the proposed protocols provide authentication mechanism through the process of verifying the signature.

298

S.C. Seo, H.C. Kim, and R.S. Ramakrishna

Node Compromise. Node compromise is a central attack that can destroy the entire mechanism. An attacker can examine the secret information and the running code by compromising a node. In our protocol, nodes maintain minimal information such as their own public/private key pair and the corresponding signature. Therefore, if an attacker compromises t nodes, the information about the (t + 1)th node remains out of reach. In other words, the attacker must solve the ECDLP in order to find out the private key of the (t + 1)th node. This is an advantage of our protocol over symmetric-key-based protocols [2,3] which are vulnerable to node compromise attack.

5

Implementation and Performance Evaluation

We have implemented the proposed protocol on an 8-bit, 7.3828-MHz MICAz mote [11]. For emphasizing the feasibility of our protocol in WSNs, we concentrate on efficient implementation of the proposed pairwise key establishment protocol and broadcast authentication mechanism based on the ECC rather than the cluster forming or the routing protocol. 5.1

Implementation Details

Elliptic Domain Parameters and Selection of Key Size. We make use of the recommended 113-bit Elliptic Curve Domain Parameters (sect113r1 of [15]) over GF (2p ). Although the selected 113-bit key is shorter than NIST’s recommended key size (163-bit), it is more in tune with the life time of the sensor nodes. In fact, the largest broken key size has 109-bit, and it took more than seventeen months with ten thousands computers. Elliptic Scalar Multiplication. The ECDH and ECDSA are related to compute the scalar multiplication which computes (Q = dP ) for a given point P and a scalar d. The performance of ECDH and ECDSA depends on the number of additions in the scalar multiplication. The number of additions should be reduced for efficiency. We have developed a scalar multiplication algorithm using wMOF which is a kind of signed representation. We can represent the equivalent value with reduced number of additions with the aid of the wMOF [14]. Even though the number of additions is reduced, an extended window size requires additional memory for precomputed points. Through experiments, we have found that the optimal window size is 3 on MICAz mote with regard to memory and efficiency. The verification procedure in ECDSA involves scalar multiplication of multiple points such as vP + uQ. If the sensor nodes are required to verify the signature quickly, the term vP + uQ should be computed efficiently. Inspired by shamir’s trick [13], we perform simultaneous elliptic scalar multiplication using wMOF. The details of our algorithm can be found in the Appendix. 5.2

Performance Evaluation

We compare our work with other implementations over GF (2p ) using the same key size. Actually, the EccM 2.0’s key is 163 bits long. We lowered the key size

A New Security Protocol Based on ECC for Securing WSNs

299

of EccM to 113-bit for a fair comparison. In Table 1, we present the performance of our pairwise key setup protocol based on ECDH and compare it with other existing implementations in aspect of time, energy, and CPU utilization. By signed representation of the multiplier, the proposed protocol can achieve better performance than other implementations. Furthermore, by preloading the public key and its signature on each sensor node before deployment, the sensor nodes do not have to compute their public key, which lowers the overhead of the pairwise key setup process. In fact, it takes only 5.796 sec for two normal nodes to share a pairwise key. Clusterheads can establish the pairwise key more rapidly because they have higher computational power than normal nodes. Table 2 also presents the performance of broadcast authentication based on the ECDSA verification. We could reduce the verification overhead by using shamir’s trick based on wMOF. Actually, this overhead is larger than that of computing a pairwise key. However, in our protocol, only the clusterheads or BS verifies the signature of the broadcast message. Therefore, they can complete this operation even within a period of 7.367 sec. The experimental results show that our protocol outperforms existing ECCbased protocols such as EccM 2.0 [7] or Blass’ [4]. Furthermore, it implies the feasibility of our protocol for WSNs. Table 1. Performance of computing pairwise key in ECDH Time EccM 2.0 [7] 22.72 sec Blass’ [4] 17.28 sec Proposed 5.796 sec

Energy 0.54518 Joules 0.41472 Joules 0.13910 Joules

CPU Utilization 1.6783 × 108 cycles 1.2767 × 108 cycles 0.4282 × 108 cycles

Table 2. Performance of verification in ECDSA Time EccM 2.0 [7] 23.63 sec Blass’ [4] 24.17 sec Proposed 7.367 sec

6

Energy 0.56712 Joules 0.58008 Joules 0.17681 Joules

CPU Utilization 1.7458 × 108 cycles 1.7857 × 108 cycles 0.5443 × 108 cycles

Conclusion

For securing the WSNs, we propose pairwise key establishment and broadcast authentication protocol. By clustering the entire network, we can categorize the pairwise key setup into four types involving the concerned members. In our protocol, the sensor nodes can establish the pairwise key efficiently with ECDH over an insecure channel. Furthermore, the proposed mechanism can prevent the man-in-the middle attack by verifying the other node’s signature. Through the application of established pairwise key to Tinysec, our protocol provides node-to-node confidentiality and authentication. In the proposed mechanism, the clusterheads are required to verify the signature of the broadcast messages,

300

S.C. Seo, H.C. Kim, and R.S. Ramakrishna

thereby preventing the attackers from impersonating the BS. This prevents DoS attacks. Through experiments on the 8-bit, 7.3828-MHz MICAz mote, we provide performance analysis of our protocol. The feasibility of the proposed protocol for WSNs is borne out by the above analysis. Acknowledgement. The authors would like to thank Dr. Jong-Phil Yang and anonymous reviewers for their helpful comments and valuable suggestions. This research was supported by Brain Korea 21 of Ministry of Education of KOREA.

References 1. Perrig, A., Stankovic, J. and Wagner, D.: Security in Wireless Sensor Networks. Comm. ACM (2004) 47(6):53–57 2. Perrig, A., et al.: SPINS: security protocols for sensor networks. Wireless Networking. (2002) 8(5):521–534 3. Du, W., et al.: A pairwise Key Pre-distribution Scheme for Wireless Sensor Networks. Proc. 10th ACM Conf. Comp. and Comm. Security. (2003) 42–51 4. Blass, E.O., Zitterbart, M.: Efficient Implementation of Elliptic Curve Cryptography for Wireless Sensor Networks. (2005) 5. Gaubatz, G., et al.: State of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks. Proc. of 3th IEEE Conf. on Pervasive Comp. and Comm. (2005) 146–150 6. Kumar, S., et al.: Embedded End-To-End Wireless Security with ECDH Key Exchange. Proc. of IEEE Conf. On Circuit and Systems. (2003) 7. Malan, D.J., Welsh, M., and Smith, M.D.: A Public-Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography. Proc. of IEEE Conf. on Sensor and Ad Hoc Comm. and Networks. (2004) 8. Watro, R., et al.: TinyPK: Securing Sensor Networks with Public Key Technology. Proc. of SASN’04 (2004) ACM Press 59–64 9. Karlof, C., Sastry, N., and Wagner, D.: TinySec: Link Layer Security Architecture for Wireless Sensor Networks. Proc. of SenSys’04 (2004) 162–175 10. TinyOS forum. Available at “http://www.tinyos.net/”. 11. MICAz Hardware Description Available at “http://www.xbow.com/Products”. 12. Wander, A.S., et al.: Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks. Proc. of IEEE Conf. on Pervasive Comp. and Comm. (2005) 13. Hankerson, D., Hernandez, J.L.: Software Implementation of Elliptic Curve Cryptography over Binary Fields. Proc. of CHES 2000. LNCS 1965 (2000) 1–24 14. K. Okeya, et al.: Signed Binary Representation Revisited. Proc. of CRYPTO 2004. LNCS 3152. (2004) 123–139 15. Certicom Research: SEC 2-Recommended Elliptic Curve Domain Parameters.

Appendix This section presents main idea for efficient implementation of ECDH and ECDSA by describing the proposed scalar multiplication algorithm. Algorithm 1 computes a scalar multiplication which is a dominant computation in ECC. To generate proper wMOF code on the fly, we have developed algorithm 2. It generates appropriate wMOF code from the MOF using a kind of weighted sum.

A New Security Protocol Based on ECC for Securing WSNs

301

Our algorithms provide efficiency in aspect to both computation and memory. In fact, the scalar multiplication consumes only O(w) bits for signed representation of scalar multipliers. Furthermore, with wMOF code, we could reduce the n ) given n-bit binary string. number of additions from O( n2 ) to O( w+1 Algorithm 1. Scalar Multiplication Algorithm using wMOF 1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19:

INPUT: a point P , window width w, d = (dn−1 , ..., d1 , d0 )2 , R ← O OUTPUT: product dP d−1 ← 0; dn ← 0; i ← c + 1 for the largest c with dc = 0 Compute Pi = iP , for i ∈ {1, 3, 5, . . . , 2w−1 − 1} while i ≥ 1 do R ← ECDBL(R) if di−1 = di then i←i−1 else if di−1 = di then GenerationwM OF (di,...,i−w , indexi , code[w]) for k ← 0 to w − 1 do R ← ECADD(R, code[k] ∗ P ) if k = w − 1 then R ← ECDBL(R) end if end for i←i−w end if end while

Algorithm 2. Generation of wM OF : GenerationwM OF (On the fly) 1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13:

INPUT: w-bit binary strings, index, and w-byte array OUTPUT: w-byte wM OF code check ← true, multiplier ← 1, SU M ← 0, position ← 0 for m ← index − w, n ← w − 1 to index do if check && bm − bm−1 then position ← n; check ← f alse end if SU M ← SU M + multiplier ∗ (bm − bm−1 ) multiplier ← multiplier ∗ 2 n ← n − 1; wM OF [n] ← 0 end for wM OF [position] ← SU M/2w−position−1 return wM OF [w]

Resource Requirement Analysis for a Predictive-Hashing Based Multicast Authentication Protocol* Seonho Choi1 and Yanggon Kim2 1

Department of Computer Science, Bowie State University, 14000 Jericho Park Rd., Bowie, MD 20715, U.S.A. [email protected] 2 Department of Computer & Information Sciences, Towson University, Towson, MD 21252, U.S.A. [email protected]

Abstract. A new multicast authentication scheme for real-time streaming applications was proposed [28] that is resistant to denial-of-service attacks with less resource usages (CPU and buffer) at receivers compared to previously proposed schemes. This scheme utilizes prediction hashing (PH) and one-way key chain (OKC) techniques based on erasure codes and distillation codes. Detailed protocol description is presented at the sender and receiver sides, and a worst-case resource (memory and CPU) requirement at the receiver-side is obtained with an assumption of security condition. Keywords: denial-of-service, multicast, authentication, protocol, resource requirement, cryptographic hashing.

1 Introduction and Related Works We developed an efficient multicast authentication scheme [28] for real-time streaming applications that is resistant to denial-of-service attacks while consuming less resources (CPU and buffer) at receivers compared to previously proposed schemes. This scheme utilizes prediction hashing (PH) and one-way key chain (OKC) techniques based on erasure codes [12, 13, 22, 23, 24] and distillation codes [10]. PH and OKC techniques enable the receiver to significantly reduce the CPU overhead and buffer requirements compared to other block-based solution approaches [8, 10, 15, 16, 17, 18]. Our scheme is based on block-based approach where the real-time data stream is divided into blocks of packets and each block includes predictive authentication information for the next block as well as original stream data from the current block. Preliminary analysis conducted in the middle of this paper indicates that this new scheme consumes much less CPU and buffer space than one of the recently proposed denial-of-service (DoS) resistant multicast authentication schemes, pollution resistant authenticated block streams (PRABS) [10], by a factor of more than 5 for buffer requirement and 3 for CPU requirement as will be shown at the end of Section 3. *

This work was supported by US Army Research Office grant 48575-RT-ISP.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 302 – 311, 2006. © IFIP International Federation for Information Processing 2006

Resource Requirement Analysis for a Predictive-Hashing

303

Several solution approaches were proposed for multicast authentication [8, 10, 12, 13, 14, 15, 17, 18, 19, 20, 22, 23, 24, 27]. However, all of the approaches are vulnerable to denial-of service (DoS) attacks [10]. Hash graph protocols and the Wong-Lam scheme are vulnerable to signature flooding attacks. An adversary flooding the stream with invalid signatures will overwhelm the computational resources of receivers attempting to verify the signatures. Additionally, in hash graph protocols, adversarial loss patterns can cause denial of service. For example, if an adversary causes the loss of all signature packets, nothing is verifiable. Also, erasure codes based approaches have limitations: erasure codes are designed to handle only a specific threat model: packet loss. Erasure codes assume that symbols are sometimes lost but not corrupted in transit; this is the erasure channel model. Unfortunately, the assumptions that underlie erasure codes are unrealistic in hostile environments. Adversaries can pollute the message stream by injecting invalid symbols. If erasure codes use an invalid symbol as input to its decoding algorithm, it will reconstruct invalid data. We have to assume more realistic attack model: malicious end hosts and routers can observe, inject, modify, delay, and drop messages in an erasure encoded multicast stream [10]. Recently, distillation codes [10] were developed to address DoS attack issues in erasure codes based authentication approach. The new block based authentication protocol, named as pollution resistant authenticated block streams (PRABS), was designed and presented in [10] to cope with pollution attacks. However, in PRABS, receivers still need to use significant amount of buffer space, and the CPU overhead at receiver is proportional to the number of attack partitions that may be launched simultaneously. We developed a new mechanism, which is based on Prediction Hashing (PH) and One-way Key Chain (OKC), to overcome those limitations. The basic idea of prediction hashing is that each block of packets convey authentication information that will be used to authenticate (or predict) the next block packets instead of sending the authentication information within the same block as in previous approaches [8, 10, 15, 16, 17, 18]. PH technique allows the receivers to save significant amount of buffer space since only the authentication-related portions from each packet needs to be saved for future packet authentication, while the message portions of arrived packets are processed (or authenticated) immediately after each of them is retrieved from the packet buffer. However, in our scheme, the sender side needs to keep the message portions from two consecutive blocks in the buffer to calculate PH. Explanation on the proposed protocol is given in Section 2 along with attack types considered and the feasibility condition of such attacks. In Section 3, resource requirement analysis is conducted on CPU and memory requirements at the receivers in the worst case scenario. Conclusion is given in Section 4.

2 Predictive Hashing with One-Way Key Chain We developed a new mechanism, which is based on Prediction Hashing (PH) and One-way Key Chain (OKC), to significantly reduce resource requirements by the receiver even in the presence of DoS attack packets flowing in. The basic idea of prediction hashing is that each block of packets convey authentication information

304

S. Choi and Y. Kim

that will be used to authenticate (or predict) the next block packets instead of sending the authentication information within the same block as in previous approaches [8, 10, 15, 16, 17, 18]. PH technique allows the receivers to save significant amount of buffer space since only the authentication-related portions from each packet needs to be saved for future packet authentication, while the message portions of arrived packets are processed (or authenticated) immediately after each of them is retrieved from the packet buffer. However, in our scheme, the sender side needs to keep the message portions from two consecutive blocks in the buffer to calculate PH. One-way key chain technique is already used in other contexts such as in one-time password [11], TESLA [19, 20], etc. In our approach, the sender will obtain a hash chain by applying hash operations recursively to some seed value, and the obtained key values will be assigned to the blocks in backward order of their generation times. The sender will use the assigned key to calculate Message Authentication Codes (MAC) images of the prediction hashes/signature information for the next block, and attach them (along with other authentication related information) to the current block packets. Also, each block packet reveals the key used in the previous block to let the receivers use it in authenticating the previous block packets (or partitions) without applying erasure decoding and signature verifications in most of the cases. These mechanisms are combined with erasure codes and distillation codes to develop a multicast authentication protocol which is very resistant to Denial-of-Service attacks and resource-efficient. Figure 1 shows the overview of our approach at sender side. The receiver side operation is the reverse of the process shown in Figure 1. At the sender side, erasure codes are applied to the hashes/signature obtained from next block (Bi+1) to cope with packet losses during transmission. These erasure encoded symbols are, then, divided into n pieces denoted as E1, E2,…, En. Message authentication codes (MAC) are applied to these E1 through En with a key Ki to prevent a most sophisticated DoS attack which is named as strong relay-attack1 in this paper. Note that the key used in this process will not be revealed until the next block packet is sent out. The output from these MAC codes are denoted as ī1, ī2, …, īn. These pairs attached to the packet are protected by attaching Dj obtained from the distillation codes. These Djs will allow the receiver to formulate candidate partitions by applying one-way accumulators based on Merkel hash trees. When a certain security condition (which will be introduced later) is met, the receiver doesn’t have to apply erasure decoding and signature verification operations, which are the most expensive operations in terms of CPU overhead, for each invalid partition. Applying only some hash operations will allow the receiver to filter out invalid partitions – due to prediction hashes and one-way key chain techniques. The sender side may choose a proper value of block period, p, to satisfy the security condition. It will be shown that this condition is general enough in most of the cases as long as the real-time constraints are not very tight. Even when the security condition may not be satisfied for every case and receiver, it will be much more difficult to launch effective DoS attacks in our scheme due to the restrictions imposed by PH and OKC techniques on adversaries. 1

This will be formally defined later in this section.

Resource Requirement Analysis for a Predictive-Hashing

305

Fig. 1. Overview of our scheme with PH and OKC at the sender

For the purpose of analysis, the following attack types are introduced and used in this paper. Relay-Attack: An adversary may eavesdrop authentic packets and spoof (and send) packets with invalid authentication-related attachments (while preserving the authentic message portions in each packet) in such a way that the receiver will receive at least n-t spoofed packets earlier than n-t authentic packets in the same block. Strong Relay-Attack: If an adversary has the following capabilities, he/she can launch strong relay-attacks: o Adversary can eavesdrop at least n-t authentic packets in Bi and at least one authentic packet in Bi+1. o Adversary copies authentic message portions from Bi packets into (at least) n-t spoofed packets, and uses a disclosed key Ki (from Bi+1 packet) to come up with modified Ej and īj in each spoofed packet. o Adversary sends all these at least n-t spoofed packets in such a way that at least n-t of them will be received before a receiver receives n-t authentic packets in Bi. 2.1 Feasibility of Strong Relay Attacks Security condition can be obtained under which the adversaries cannot launch strong relay-attacks. Once the system parameters such as block period (p), block size (n), redundancy level (related to t), etc., are chosen to satisfy this condition, then such

306

S. Choi and Y. Kim

attacks may not be launched by any adversary, thus maximizing the efficiency of our scheme in terms of buffer and CPU usages. Figure 2 shows a diagram for obtaining such condition. If we set the period, p, to be larger than į = d +(n-t-1) (p/n) where d represents the maximum delay from the sender to the receiver, then it would not be possible for any attacker to launch strong relay-attacks. p > d·n/(t+1) (1) Security Condition Bi

Bi+1

S

Worst-case: this delay=0

Attacker needs to wait (at least) until this point before launching strong relay-attack

A At least n-t strong relay-attack packets must be delivered within this time frame.

period, p

R maximum At least n-t strong relay-attack packets need to be delivered by this time.

Fig. 2. Security Condition

3 Resource Requirement Analysis 3.1 CPU Overhead We will estimate the CPU overhead in terms of how many erasure decoding, signature verification, and hash operations are needed in each block for our extended scheme. If we assume that a safe period value is chosen from formula (2) in such a way that no strong relay-attacks may be launched, then the CPU overhead may be specified as follows: ƒ Number of erasure decoding and signature verification operations: Only one erasure decoding and one signature verification operations are needed for each block. This is because, in our algorithm (Figure 3) – step (4), only those partitions in SymbolBuffer which have īj matching to Ej in a chosen member will be decoded/verified in steps (4-1) and (4-2). If any attacker can’t launch strong relayattacks, any invalid partition stored in SymbolBuffer will not have īj matching to Ej in all its members.

Resource Requirement Analysis for a Predictive-Hashing

307

Fig. 3. Detailed Algorithm at a Receiver

o One case we need to consider is when the receiver couldn’t obtain any authentic packet in Bi, and, as a result, no hashes/signature information will be stored in SymbolBuffer. And, when the authentic packets in Bi+1 arrive later, the receiver can’t authenticate message portions, however, the hashes/signature information contained in Bi+1 packets will be stored in SymbolBuffer for Bi+2 message authentication. Also, it needs to check Hash(Hash(Ki)) == Ki-2 since the receiver will not have the authentic key Ki-1. Even when this happens, the receiver still needs to carry out only one erasure decoding and one signature verification operation when the first authentic packet in Bi+2 is received. ƒ Number of cryptographic hash operations: Hash operations are applied in steps, (2), (4), (6), and (10). o At step (2), the worst case occurs when all the attack packets have different keys included except for authentic packets. Note that these hash operations are applied even before Distillation Decoding is applied. In this worst case, the number of hash operations needed in one block is 1(for authentic partition)+fn (for attack packets) = 1+fn. Another extreme case is when all the attack partitions are of size

308

S. Choi and Y. Kim

n-t packets – this case triggers the highest CPU overhead in PRABS. In this case the number of hash operations is equal to the number of partitions with at least nt members, which is floor(fn/(n-t)). In other cases, the number of hash operations is in between these two extremes. o At step (4), the maximum number of hash operations needed in one block is equal to 1+floor(fn/(n-t)) since only one hash operation is required for each attack partition which has at least n-t members arrived. o At step (6), the number of hash operations needed in one block is (f+1)n in the worst case when all the attack packets are launched from relay-attacks and have valid key included in them (but, with invalid Ej and īj). Also, message portions form authentic packets need to be hashed, too. o At step (10), the number of hash operations needed in one block is (f+1)n ·log n in the worst case when attack partitions have n-t members each and all the attack packets are launched from relay-attacks and have valid message portions and valid keys included in them (but, with invalid Ej and īj). Also, distillation decoding needs to be performed for authentic packets, too. o Hence, the total number of hash operations in the worst case is: 1+fn+1+ floor(fn/(n-t)) + (f+1)n +(f+1)n ·log n = 2+(2f+1)n + floor(fn/(n-t)) + (f+1)n ·log n (2) From this formula, if we subtract the number of hash operations in Prediction Hash based approach (or PRABS), then we get 2+fn+floor(fn/(n-t)) § O(fn). ƒ The total CPU processing time may be represented as follows: [2+(2f+1)n + floor(fn/(n-t)) + (f+1)n ·log n]·CH+CE+CS .

(3)

3.2 Buffer Requirement There are three different buffer spaces maintained by the receiver, Raw Packet Buffer, SymbolBuffer, and HashBuffer. Again, for the purpose of simplicity, it is assumed that strong relay-attacks cannot be launched by any attacker. Under this simplified assumption, let’s find out the amount of buffer spaces needed: ƒ Raw Packet Buffer: The worst case scenario occurs when the receiver receives the first authentic packet in each block. In this case, all the steps in the algorithm will be executed from step (1) to (10), including one erasure decoding, one signature verification, and 1+log n hash operations (for steps (7) and (10)). The other cases which require the second longest processing times are when the steps (5) though (10) are executed with steps (2) through (4) are skipped. In this case, at most 1+log n hash operations are needed for processing each packet (steps (7) and (10)). Hence, the total buffer space needed for storing raw packets is: M[(f+1)R× (CE+ CS +CD + (1+log n)CH) - 1]

(4)

ƒ SymbolBuffer: The maximum space is needed when the receiver receives the first authentic packet in the current block with the smallest delivery delay from the sender, and the last authentic packet in the next block at its latest time instant with the largest delivery delay. This is because even when only one authentic packet (e.g., last one) in the next block arrives, the hashes/signature may have to be

Resource Requirement Analysis for a Predictive-Hashing

309

extracted and verified from the SymbolBuffer to verify the authenticity of the received packet. r2·(2p + d)(f+1) (5) Here, d is the maximum delay that can be experienced by the receiver. And, r2 is the byte arrival rate (bytes/sec) for Ej and īj that need to be stored in SymbolBuffer. ƒ HashBuffer: This buffer is needed for storing authentic hashes/signature once they are authenticated at step (4-2). One set of authentic hashes/signature will no longer be required when the possibility of packet arrivals for the next block is none. Also, while the hashes/signature in HashBuffer are being used for verifying the next block packets, their attached portions (in the next block packets) may be erasure decoded and verified. Hence, double buffering type of technique needs to be used for storing hashes/signature for two consecutive blocks at any time. Thus, the buffer requirement is: 2r2· p(n-t)/n

(6)

ƒ Total Buffer space needed is: M[(f+1)R× (CE+CS +(1+log n)CH) -1]+ r2·(2p+ d)(f+1)+2r2· p(n-t)/n

(7)

Table 1. Buffer and Per-Block CPU requirements for Prediction Hash based approach (including Prediction Hash with One-way Key Chain) and PRABS

PRABS

Buffer Requirement

(Average) CPU requirement

(r1+r2+r3)(p+d)(f+1) +

(n + n × log n)(f+1)CH+

M[(f+1)R × (f+1) (CE+ CS +CD) - (f+1)] Predictiive Hash

r2·(2p + d)(f+1) + 2r2· p(n-t)/n + M[(f+1)R× (CE+ CS + (1+log n)CH) - 1]

(1+fn/(n-t))(CE+CS) [2+(2f+1)n + floor(fn/(n-t)) + (f+1)n ·log n]·CH+CE+CS

Example figures are obtained from the following realistic numbers [12, 29] and the results are shown in Table 2. p = 0.3, d= 0.1, f=10, n=8, t=4, M=500, r1=3120 bytes/sec, r2=400 bytes/sec, r3=480 bytes/sec, CE=0.005, CS=0.005, CH=0.000125. One hash is assumed to occupy 20 bytes. It is shown that our scheme with PH and OKC improves the performance of the previous scheme with just PH technique, and our scheme outperforms PRABS with significant improvements. Table 2. Buffer and Per-Block CPU requirements for an example system Worst-case Buffer Requirement

(Worst-case) Per-block CPU time

PRABS

69905 bytes

0.254 seconds

Prediction Hash with One-way Key Chain

11706 bytes

0.067 seconds

310

S. Choi and Y. Kim

4 Conclusion We developed a new authentication scheme based on PH and OKC techniques on top of erasure codes and distillation codes to provide enhanced resistance to DoS attacks while consuming much less resources compared to other block-based multicast stream authentication schemes. We also analyzed the worst-case resource requirements under the assumption that the security condition is satisfied, and found out that much less resources are needed compared to other protocols such as PRABS.

References 1. D. Adkins, K. Lakshminarayanan, A. Perrig, and I. Stoica. Taming IP packet flooding attacks. In Proceedings of Workshop on Hot Topics in Networks (HotNets-II), Nov. 2003. 2. T. Anderson, T. Roscoe, and D. Wetherall. Preventing Internet denial-of-service with capabilities. In Proceedings of Workshop on Hot Topics in Networks (HotNets-II), Nov. 2003. 3. N. Baric and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology --EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer Science, pages 480–494, 1997. 4. M. Bellare and P. Rogaway. Collision-resistant hashing: Towards making UOWHFs practical. In Advances in Cryptology – CRYPTO ’97, volume 1294 of Lecture Notes in Computer Science, pages 470–484, 1997. 5. J. Benaloh and M. de Mare. One way accumulators: A decentralized alternative to digital signatures. In Advances in Cryptology – EUROCRYPT ’93, volume 765 of Lecture Notes in Computer Science, pages 274–285, 1993. 6. J. Camenisch and A. Lysyanskaya. Dynamic accumulators and application to efficient revocation of anonymous credentials. In Advances in Cryptology – CRYPTO ’02, volume 2442 of Lecture Notes in Computer Science, pages 61–76, 2002. 7. V. Gligor. Guaranteeing access in spite of service-flooding attacks. In Proceedings of the Security Protocols Workshop, Apr. 2003. 8. P. Golle and N. Modadugu. Authenticating streamed data in the presence of random packet loss. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS 2001), pages 13–22. Internet Society, Feb. 2001. 9. M. Goodrich, R. Tamassia, and J. Hasic. An efficient dynamic and distributed cryptographic accumulator. In Proceedings of Information Security Conference (ISC 2002), volume 2433 of Lecture Notes in Computer Science, pages 372–388, 2002. 10. C. Karlof, N. Sastry, Y. Li, A. Perrig, and J. Tygar, Distillation codes and applications to DoS resistant multicast authentication, in Proc. 11th Network and Distributed Systems Security Symposium (NDSS), San Diego, CA, Feb. 2004. 11. Leslie Lamport, "Password Authentication with Insecure Communication", Communications of the ACM 24.11 (November 1981), 770-772 12. M. Luby. LT codes. In Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science (FOCS ’02), pages 271–282, 2002. 13. M. Luby, M. Mitzenmacher, A. Shokrollahi, D. Spielman, and V. Stemann. Practical lossresilient codes. In Proceedings of 29th Annual ACM Symposium on Theory of Computing (STOC ’97), pages 150–159, May 1997. 14. R. Merkle. Protocols for public key cryptosystems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 122–134, Apr. 1980.

Resource Requirement Analysis for a Predictive-Hashing

311

15. S. Miner and J. Staddon. Graph-based authentication of digital streams. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 232–246, May 2001. 16. A. Pannetrat and R. Molva. Efficient multicast packet authentication. In Proceedings of the Symposium on Network and Distributed System Security Symposium (NDSS 2003). Internet Society, Feb. 2003. 17. J. M. Park, E. Chong, and H. J. Siegel. Efficient multicast packet authentication using erasure codes. ACM Transactions on Information and System Security (TISSEC), 6(2):258–285, May 2003. 18. J. M. Park, E. K. Chong, and H. J. Siegel. Efficient multicast packet authentication using signature amortization. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 227–240, May 2002. 19. A. Perrig, R. Canetti, D. Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS 2001), pages 35–46. Internet Society, Feb. 2001. 20. A. Perrig, R. Canetti, J. D. Tygar, and D. Song. Efficient authentication and signature of multicast streams over lossy channels. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 56–73, May 2000. 21. A. Perrig and J. D. Tygar. Secure Broadcast Communication in Wired and Wireless Networks. Kluwer Academic Publishers, 2002. 22. M. Rabin. Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM, 36(2):335–348, 1989. 23. I. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2):300–304, 1960. 24. L. Rizzo. Effective erasure codes for reliable computer communication protocols. ACM Computer Communication Review, 27(2):24–36, Apr. 1997. 25. T. Sander. Efficient accumulators without trapdoor extended abstracts. In Information and Communication Security, Second International Conference – ICICS ’99, volume 1726 of Lecture Notes in Computer Science, pages 252–262, 1999. 26. D. Song, D. Zuckerman, and J. D. Tygar. Expander graphs for digital stream authentication and robust overlay networks. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 258–270, May 2002. 27. C. Wong and S. Lam. Digital signatures for flows and multicasts. In Proceedings on the 6th International Conference on Network Protocols (ICNP ‘98), pages 198–209. IEEE, October 1998. 28. Seonho Choi, ''Denial-of-Service Resistant Multicast Authentication Protocol with Prediction Hashing and One-way Key Chain,'' ism, pp. 701- 706, In Proceedings of the Seventh IEEE International Symposium on Multimedia (ISM'05), 2005.

Ubiquitous Authorization Scheme Based on Device Profile Kevin Tham, Mark Looi, and Ernest Foo Information Security Research Centre, Queensland University of Technology, GPO Box 2434, Brisbane, QLD 4001 Australia {wk.tham, m.looi, e.foo}@qut.edu.au http://www.isrc.qut.edu.au

Abstract. The range of devices that are capable of connecting to data networks has been on a rise in recent times. From the perspective of an administrator, controlling access to data networks, via these devices, usually includes the creation of separate login credentials. This leads to an administrative nightmare, from both the user and administrator’s point of view. This paper proposes a novel approach to this problem and offers a single-sign-on system, where the user’s authorisation is based on the login credentials of the user, and the profile of the device the user is using. An instance of this design is presented with SESAME, to demonstrate the usefulness of the design, and also practicality for implementation.

1 Introduction Up until recently, devices capable of connecting to data networks have been similar in nature; usually computers with a capable processor and large storage. Advancement in device connectivity has introduced a diverse range of mobile devices that are able to access network resources, and with this comes the risk of weakening the overall structure of security in the network. One scenario would be the job of a network administrator. The administrator may log in from his workstation in his office, running daily tasks to up-keep the entire network. However, an administrator does need to go on-site to solve certain network problems, and might carry a PDA, connected to the network via the wireless LAN. From the PDA, the administrator will have a set of tools that will aid him in his work. When the same administrator heads off-site, he might have a mobile phone that connects him to a system, that tells him the status of networking services, through the GPRS network. Giving him constant updates on the status of each network service. To solve this scenario, multiple accounts have to be made for every device the administrator uses, so that the lost of one of the device, will lessen the security impact to the network security. This paper will propose a generic design for a ubiquitous authorisation scheme based on a device profile. This scheme was designed, so that current secure network designs are not impacted in a large way. This will lead on to an instance of this design being presented with SESAME. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 312–321, 2006. c IFIP International Federation for Information Processing 2006 

Ubiquitous Authorization Scheme Based on Device Profile

313

2 Related Work Deriving a user’s sub-set of access, based on the device they are logging in from, does involve several considerations, but is not a difficult concept. The more challenging area, will be determining the device, with which the user is logging in from. Device identification can be determined either automatically, or through a negotiation phase. A method that involves a negotiation phase would be the Extensible Authentication Protocol (EAP) (RFC2248 [BV98]), which is part of the Point-to-Point Protocol (PPP) (RFC1661 [Sim94]). When a PPP session is set-up, the client negotiates the authentication method. The negotiation for authentication, is based on the availability of the method, rather than the ability of the client in handling certain authentication methods. While simplistic in nature, it is effective, though allowing the client to determine the device’s capabilities is not ideal. The Transport-Layer Security Protocol (TLS) [DA99] takes a similar approach to EAP. During the TLS Handshake procedure, both the client and server will agree upon a protocol version, select cryptographic algorithms and optionally, authenticate each other. Much like EAP, TLS had been developed to accommodate a wide variety of authentication mechanisms, and in the specific case of TLS, cryptographic algorithms. This sort of authentication will depend on what the authenticating device is capable of, therefore a kind of profiling for the devices. An example of an automatic process for profiling a device is discuss in the implementation used in the Java 2 platform Micro Edition (J2ME) design. The Connected, Limited Device Configuration (CLDC) [Sun00] HotSpottm [Sun02] implementation boasts a subset of functions from the Connected Device Configuration (CDC) [Sun01] profile. The CDC uses the Java Virtual Machine (JVM) interpreter, whereas the CLDC utilises the K Virtual Machine (KVM). Because of the nature of devices found in CLDC, KVM was designed to have a small footprint. This meant that it offers a subset of features to that of the JVM. This does not relate directly to a security architecture, but profiling devices based on what it can handle is introduced as a possible profiling technique.

3 Security Requirements The security requirements for a ubiquitous authorisation scheme should encompass the following attributes; Single set of login credentials, device profiling, multi-level categorisation of access control, and least impact on current secure network architectures. 3.1 Single Set of Login Credentials A single set of log-in credentials offer very similar attributes to a single sign-on system. The aim of a single sign-on system, like SESAME [PP95], is to offer access to multiple services within a single network without the need to re-authenticate. This is transposed to this requirement, whereby users are allowed to gain access to a data network using a single log-in credential, as opposed to separate log-in credentials for every device they want to gain access to the network from.

314

K. Tham, M. Looi, and E. Foo

3.2 Profiling Techniques Profiling devices involves the step of categorising the different attributes and abilities that a device can handle. This will pertain to the level of “trust” a device has on the network. It is through the use of profiles, that allow for a clearer view on how much “trust” a device might be imparted with. It also provides for the identification of devices that may connect to a network. The end result of profiling will include a set of devices that fall into different categories. This allows the convenience of handling a group of devices as one, thereby reducing complexity. This method also allows for future additions, and offers flexibility. Profiling devices is further discussed in Section 4.2, where methods of automatic and manual device identification are explored. This is first preceded with a discussion on how devices can be profiled. 3.3 Multi-level Categorisation of Access Control Categorisation of the access control list pertaining to a user is necessary to maintain a standard list of access control across the organisation. This allows for access control entries to be placed in different categories. For example, access to administrative tools like password changing and user profile update, could fall under one category, and web-access with proxy rights could fall under another category. This allows for ease of administration, however, the ability to fine tune the access control of each system should still be an option. 3.4 Access Granting When a device has been profiled, it is up to the authorisation server to decide on how much access the device is to be granted. There are two approaches to this problem; allowing full access, and then limiting it, or giving only the right amount of access. Both methods are considered to be equally secure, however, emphasis is placed on the amount of processing required. For the first method, the network will have to depend on another system to reduce the access control list down to size, whereas for the latter method, dependence is placed on the authorisation server to process the correct amount of access to grant and not give anymore than it should. This approach works well in an environment that offers Access Control Lists (ACLs) to user during authorisation. However, this does not apply to systems that depend on role-names or Role-Based Access Control (RBAC) [FK92] systems [MTHZ92, Gan95, KN93]. Roles call for a different approach to this requirement. The ACLs in these systems are not stored in a central repository for retrieval, but rather, every network service contain rules on which roles are authorised for connection. In this case, either the system has to be able to discern the difference between devices automatically, or an intermediary system could change a user’s profile, to suit the device the use is logging in from. 3.5 Least Impact on Current Secure Network Architectures The aim for the proposed system, is to have the least impact on current secure network architectures. This is to ensure a wider acceptance of the technology, whilst still

Ubiquitous Authorization Scheme Based on Device Profile

315

preserving the current rollout of the network architecture that an administrator has. Consideration has to be placed into the integration of the system. One common way is to have an intermediary proxy in place.

4 Proposed Generic Design The proposed design consists of the usual components which are found on a security architecture. These include the following: The User, Log-in Device, Authentication Server, Authorisation Server and the Network. Login Device

User

Application Server

Network

Authentication Server Device Identification & Authorisation Filtering Proxy

Authorisation Server

Fig. 1. Proposed Network Design

4.1 Overall Operations of Proposed Generic Implementation The User is any person with a legitimate account on the network. They possess the Log-in Device that will allow them to access the network resources. The user can only produce their credentials for access to the network, through the aid of the Log-in Devices. These devices refer to a large number of networked devices, ranging from simple Personal Digital Assistants (PDAs) to full-fledge workstations, making this portion of the network heterogeneous. Although the devices are assumed not to be trusted by the network, an assumption has to be made that the module that connects to the network security framework, is trusted. This module resides in the log-in device and will have the task of proving its identity. There are several of doing this, and are outlined in Section 4.2. The log-in device will now act on behalf of the user, to communicate to the security server via the Network. The first point of contact for the log-in device will be the Device Identification and Authorisation Filtering Proxy. This proxy is put in place to handle the communication between the user and the security server. This will impact the least on existing security architectures. At this stage, the proxy will handle the authentication of the device. This allows the proxy to tag the message from the log-in device to the Authentication Server. Placing the proxy at this point allows for an additional feature to security. With the device authentication in the message, the authentication server can now decide if a user has access on the network, and also if the user has rights to authenticate through certain devices. When the authentication server is done, it will contact the Authorisation Server next. This is done via the proxy again, but this time, the proxy just forwards the message, and will not manipulate it.

316

K. Tham, M. Looi, and E. Foo

The authorisation server should function as normal, and the next message should be sent from the authorisation server to the log-in device. This message will contain the user’s ACL. But before it gets received by the log-in device, it will have to pass through the proxy again. This time, the proxy will act as a filter and decide on the level of access a user should have, based on the device they have logged in from. This sub-set of the ACL is then returned from the proxy, to the user. 4.2 Device Profiling Developing a level of trust based on the capabilities of a device is one of the ways in identifying the device. Many devices have differing processing and storage capabilities. This ranges from simple 16MHz processors found commonly in PalmPilot PDAs to 3GHz processors on desktop computers, and storage that ranges from a few hundred kilobytes to gigabytes or even terabytes of storage. The aim of this is to be able to profile a device based on its capabilities to handle cryptographic calculations. Handling the identification of devices by profiling the cryptographic abilities has a direct relation to the ability of the device to be secure. However certain devices do offer better implied security, without the need to have a powerful processor or large storage. Instead, these devices are tamper-resistant in nature, like a smart-card. This means that the profiling will start from the top, between tamper-resistant devices and non-tamper resistant devices. This list will be further broken down into different capabilities of the devices. The profiling of a device can be handled in several ways. However, two common techniques included are an automatic device profiling and a manually profiling technique. Both techniques offer merits and drawbacks at the same time. The biggest consideration has to be the implication to communicating protocols and also complexity of design. The automatic device profiling technique offers the most flexibility, in terms of identification of currently available devices and future offerings. A novel approach is to measure a cryptographic calculation in terms of the device’s response time. This measurement is then compared against a set of known response times, thereby deriving the device’s identification. This concept is simple, but a complex set of protocols is needed to handle it. Other unknown factors like processor bottleneck, and even transmission medium congestion have to be taken into consideration. This is an immense task for deriving a non-guaranteed value, measured in milliseconds. The other method for profiling happens manually. All devices wanting to be used to access network resources will have to be identified. All results are placed in a central repository, with proper identification tags placed in a module of the device. This approach allows for much better use of the network, and also requires a less complex protocol. However, profiling every single device on a network will prove to be a tedious job. With both profiling techniques in mind, choosing the manual technique seems to be a more efficient way of designing the protocol. Allowing for large overheads in communication of a network is best avoided this way. Although tedious to “register” every device, it does not have too many factors to consider when deciding on its access level. Manual profiling can be based on the following attributes.

Ubiquitous Authorization Scheme Based on Device Profile

317

Table 1. General Device Profiles Hardware Description Slow Processor, These devices are generally considered to be the least secure. This usually Small Memory implies that the device will not be able to handle a strong cryptographic scheme. Slow Processor, Devices will be able to handle cryptographic schemes with larger key sizes, Large Memory and are considered to be somewhat more secure, compared to the last category. Handling cryptographic schemes with large key size will take an impact in the processing time. Fast Processor, With a faster processor, these devices are considered to be more secure than Small Memory the last two categories. However, the devices in this category will be limited to schemes with smaller key sizes. Fast Processor, These devices are generally the most secure amongst the other categories. Large Memory There will not be any limitation to the key size and processing times.

5 Instance of Proposed Protocol with SESAME The proposed design aims to impact as little as possible to existing security architectures, but yet extends it with a mutli-level authorisation scheme. This is to be illustrated with the presentation of the proposed design in SESAME. SESAME has been chosen, because of its well-rounded, and complete approach to an authentication and authorisation architecture. This allows for better understanding of the concept of the proposed system. 5.1 Proposed SESAME Extension Based on the proposed design in Section 4, implementation is to take the form of a proxy-type service. The main task of this proxy is to intercept message exchanges during authentication and authorisation, so that appropriate device identification and authorisation filtering can be done. However, based on current SESAME standards, it is not necessary to include the proxy-type service to messages between the client and the Security Server. The biggest change in SESAME will be the inclusion of new message fields in the communication messages. This allows for an easier approach of writing plugin modules. Figure 2 shows the addition of four plugin modules to the various components to the original SESAME architecture. These are the Device ID Module found in the Client, the Device Authentication Module found in the Authentication Server (AS), the Device Authorisation Module found in the Privilege Attribute Server (PAS), and the Device ACL Module found on the individual Secure Association Context Manager (SACM) of the target servers. The following is an outline of the changes made to SESAME, extended to make use of the proposed Multi-Level Authorisation design. 1. During the authentication phase, the APA Client will generate a KRB AS REQ, as specified by RFC1510. This does not differ from the Kerberos message structure, as designed in SESAME. The Device ID Module found in the

318

K. Tham, M. Looi, and E. Foo

User Sponser

APA Client

Device Authentication Module

User

Device ID Module

Client

AS

Device Authorisation Module

Security Server

PAS

Support Components Audit CSF

GSS-API SACM

PKM KDS

Virtual Connection Application Client

SACM

Device ACL Module

Server GSS-API

GSS-API

Communication Protocol

Application Client

PAC Validation Facility

Fig. 2. Proposed Changes to SESAME

APA Client will then modify this structure, by including a Device ID field, identifying the device the APA Client resides in. 2. On receiving the first message, the Authentication Server (AS) will first authenticate the user, as specified in the original SESAME design. Once user authentication is obtained, the Device Authentication Module will then authenticate the device. This module will act as an additional level of authentication, whereby it will decide if a user has authentication rights on certain devices. If the user is not allowed to log in from the device, an error message is generated by the AS, informing the user of a “failed to log in” message. This module will place the Device ID into an additional field in the PAS Ticket, returning from the Authentication Server to the APA Client. The logic of this module is as follows: 3. When recieved by the APA Client, the PAS Ticket found in the KRB AS REP is cached, after which the APA Client will request for a Privilege Attribute Certificate (PAC) from the Privilege Attribute Server (PAS). This is done through the initiator’s Secure Association Context Manager (SACM). The SACM sends the PAS Ticket to the PAS for authorisation. At this point, the PAS Ticket still contains the Device ID field. 4. Authorisation is handled as specified in the SESAME standard. The Device Authorisation Module found in the PAS only ensures that the Device ID field is transposed onto the corresponding PAC, created by the PAS. This will allow for the identity of the device to be made known to the target server. The PAS then builds the PAC (with the inclusion of the Device ID field) and signs it. The PAS is then returned to the initiator’s SACM. It is important to point out that since SESAME handles authorisation based on role names, an exception is made to the functionality of the device authorisation module. In the instance where an authorisation message contains an ACL, the device authorisation module will reduce the set of access, based on the device’s profile. However, role names cannot be reduced. Therefore the final decision on user access rights is handled by the targetted servers.

Ubiquitous Authorization Scheme Based on Device Profile

319

5. When the user wishes to access a server in the network, it will invoke the SACM to contact the targetted server’s SACM. The initiator’s SACM will send the PAC to the targetted server’s SACM, which will in turn validate the PAC in-accordance to the SESAME standard. However, before further communication is allowed between the applications, the Device ACL Module will do the final check. In SESAME, the ACLs are stored on the individual SACM of target servers. The SACMs will handle all the communication, and will base its decision on the user’s role, found in the PAC. This module extends this decision making with an additional deciding factor; access to the targetted server via a specific device. After the SACM has gone through all the deciding factors, this module will then have the last say as to whether a user has access to it. It contains an additional ACL for devices, mapped against a list of users on the system. Access rights are handled as follows: Table 2. System Access Rights Based On Device Rights

Access Rights for User No Access Rights for User

Access Rights for Devices YES NO

No Access Rights for Devices NO NO

Table 2 shows that the only way a user can have access to a target system, is if the device is allowed access to it. 5.2 Proposed SESAME Message Changes Not much will be changed, in terms of message structure. This is to minimise impact on currently running systems. The addition of fields to tickets and tokens are the most drastic changes. The following description of changes to messages are in reference to the ECMA219 [ECM96] specification of a PAC used by SESAME. Message 1 consists of the KRB AS REQ message, and a strong authenticator. This message is used to obtain authentication credentials for the user. The strong authenticator is present because a public-key extension to the authentication phase in SESAME is assumed. Otherwise, the strong authenticator will be absent. The KRB AS REQ message structure follows the RFC1510 [KN93] standard. Modification to the message is the inclusion of a Device ID field, added by the Device ID Module as outlined in Section 5.1. This Module is assumed to be trusted in placing a correct device identification tag. The addition of a device-id[12] field in the KRB-REQ-BODY allows for a string, containing the type of device the user is logging in from. The possible values might be Workstation, PDA, MobilePhone, NoteBook. Message 2 is the return message sent from the authentication server to the client. The structure of this message is exactly the same as that of the KRB AS REP message found in RFC1510 [KN93]. This includes the PAS Tic-ket, as specified as a TicketGranting Ticket (TGT) in RFC1510, and some Kerberos Control Data. The PAS Ticket is used to obtain authorisation data, in the form of a PAC, from the PAS. An addition of

320

K. Tham, M. Looi, and E. Foo

a device-id[11] in the EncTicketPart. The device-id[11] field contains the device identification tag that was obtained from the first message. Message 3 contains the PAS Ticket obtained from the last message. This Ticket has no modification on it, so the device-id[11] in the EncTicketPart is still preserved. This message is sent to obtain a PAC from the PAS, based on the user’s role name. Message 4 is sent from the PAS and back to the Client. This message contains the user’s PAC, signed by the PAS. The PAC contains the device-id[9] in the PAC SpecificContents which has been obtained from deviceid[11] in the EncTicketPart from Message 3. Message 5 may be sent out immediately on receipt of message 4 or much later, but within the life-time of the PAC. The PAC is sent to any targetted server, to obtain access rights into the system. This message contains all the information from message 4, including the device-id[9] in the PACSpecificContents. This allows for the Device ACL Module (as outlined in Section 5.1), to make its decision on the access rights of a contacting user.

6 Conclusion In this paper, we have discussed the merits of having a ubiquitous authorisation scheme based on a device’s profile. Advantages of this design are more evident with the proliferation of mobile devices that have connectivity to data networks. Instead of solving this problem by adding multiple log-ins, the proposed authorisation scheme allows a user to log-in to the network from any device, while using the same set of credentials. This is a convenient method for users, as well as administrators. On the one hand, users do not need to remember different passwords for different systems. On the other, administrators have a scheme that allows a finer granularity in control over device connections, minus the tedious work of creating multiple log-ins for everyone. One of the main disadvantages pointed out in this paper, is that devices still need to be manually profiled. The idea of an automatic profiling system is a novel idea to solve this problem, but runs into the risk of false-positives and false-negatives. This is especially so, since measurement is done in milliseconds, and too many varying factors could impair the calculation. One other lacking in feature is the protection of the device identification tag in each message. A possible implementation, in this case, could be a signed tag of the device name, by the administrator. This in turn can be verified by the Public-Key Infrastructure (PKI) of a network. Future work in this research, could encompass the idea of another profiling technique based on the traversal pathway of a communication message. This allows for the network to be able to determine if the communication has crossed a segment of a network which does not have implicit trust with the secure portion of the network. Work done in IPv4 [Pos81] includes the idea of a source route, but does not offer an audit of where the packet actually transmitted through. If a profile of transmission path is possible, then this research will include an extra factor, whilst deciding on the authentication of a user.

Ubiquitous Authorization Scheme Based on Device Profile

321

References [BV98] [DA99] [ECM96]

[FK92] [Gan95]

[KN93]

[MTHZ92]

[Pos81] [PP95] [Sim94] [Sun00]

[Sun01] [Sun02]

L. Blunk and J. Vollbrecht. RFC2284: PPP Extensible Authentication Protocol (EAP), March 1998. T. Dierks and C. Allen. RFC2246: The TLS Protocol – Version 1.0, January 1999. ECMA International, 114 Rue du Rhˆone, CH-1204 Geneva, Switzerland. Authentication and Privilege Attribute Security Application with related key distribution functions, 2nd edition, March 1996. D. Ferraiolo and R. Kuhn. Role-Based Access Control. In 15th National Computer Security Conference, 1992. R. Ganesan. Yaksha: Augmenting Kerberos with public key cryptography. In Internet Society Symposium on Network and Distributed System Security, pages 132–143, February 1995. John T. Kohl and B. Clifford Neuman. RFC1510: The Kerberos Network Authentication Service (V5). Digital Equipment Corporation, USC/Information Sciences Institute, September 1993. Refik Molva, Gene Tsudik, Els Van Herreweghen, and Stefano Zatti. KryptoKnight Authentication and Key Distribution System. In European Symposium on Research in Computer Security (ESORICS), pages 155–174, 1992. Jon Postel. RFC791: Internet Protocol. Information Sciences Institute, University of Southern California, September 1981. Tom Parker and Denis Pinkas. SESAME V4 – Overview, December 1995. W. Simpson. RFC1661: The Point-to-Point Protocol (PPP), July 1994. Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. Connected, Limited Device Configuration: Specification Version 1.0a, Java 2 Platform Micro Edition, May 2000. Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. Connected Device Configuration (CDC) and the Foundation Profile, 2001. Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 USA. The CLDC HotSpottm Implementation Virtual Machine, Java 2 Platform Micro Edition, 2002.

An Efficient Certificateless Signature Scheme Wun-She Yap1 , Swee-Huay Heng2 , and Bok-Min Goi1, 1

Centre for Cryptography and Information Security, FOE Multimedia University, 63100 Cyberjaya, Malaysia {wsyap, bmgoi}@mmu.edu.my 2 Centre for Cryptography and Information Security, FIST Multimedia University, Jln Ayer Keroh Lama, 75450 Melaka, Malaysia [email protected]

Abstract. Certificateless public key cryptography (CLPKC) is a paradigm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). While certificateless signature is one of the most important security primitives in CLPKC, there are relatively few proposed schemes in the literature. In this paper, we manage to construct an efficient certificateless signature scheme based on the intractability of the computational Diffie-Hellman problem. By using a shorter public key, two pairing computations can be saved in the verification algorithm. Besides, no pairing computation is needed in the signing algorithm. The proposed scheme is existential unforgeable in the random oracle model. We also present an extended construction whose trust level is the same as that of a traditional signature scheme. Keywords: Certificateless, signature scheme, bilinear pairing.

1

Introduction

The concept of identity-based cryptography (IBC) was formulated by Shamir in 1984 [15] to achieve implicit certification. In IBC, each user has his own identity (ID). ID is used as a certified public key, thus certificate can be omitted in authenticating the public key. However, since all private keys of the users are generated by a trusted third party (TTP) called private key generator (PKG), private key escrow problem is inherent in the system. To solve the inherent key escrow problem in IBC, a new paradigm called certificateless public key cryptography (CLPKC) was introduced by Al-Riyami and Paterson [1] in 2003. Many certificateless public key encryption (CLPKE) schemes [1,13,6,2,4,16] have been proposed since CLPKC was introduced whereas there are relatively few certificateless signature (CLS) schemes [1,12,11] in the literature. The current trend in e-commence has increased the dependence of both organization and individual on the sensitive information stored and communicated electronically using the computer systems. This has spurred a need to guarantee the confidentiality, authenticity and integrity of data and user. Thus we see the importance of proposing CLS scheme to guarantee the authenticity without using certificate. 

The authors acknowledge the Malaysia IRPA grant (04-99-01-00003-EAR).

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 322–331, 2006. c IFIP International Federation for Information Processing 2006 

An Efficient Certificateless Signature Scheme

323

The first CLS scheme was proposed by Al-Riyami and Paterson in [1] but there is no security proof provided. Besides, their CLS scheme has been proven insecure in their defined model by Huang et al. [11]. They showed an attack that can successfully forge a certificateless signature by replacing the public key of the signer. They also fixed the scheme in the same paper. Unfortunately, the fixed scheme required more pairing computations as compared to the original scheme proposed in [1]. Yum and Lee proposed a generic construction of CLS based on an identity-based signature (IBS) scheme and a traditional public key signature scheme in [17] which is a different approach in constructing CLS. The merit of the above approach is that the resulting CLS scheme can achieve the same trust level as that of a traditional signature scheme. Li, Chen and Sun [12] proposed another CLS based on bilinear pairing by referring to the work of Cha and Cheon [5]. In [12], the signing algorithm of the proposed scheme is very simple and does not involve any pairing computation, but the verification algorithm requires four expensive pairing computations. This inspires us to come out with a more efficient CLS scheme which requires lesser bilinear pairing computations. Our Contributions. We outline some results we achieve below. 1. EFFICIENCY. Our proposed scheme is more efficient than those schemes proposed in [1,12,11] because lesser bilinear pairing computations are required. Besides, our public key length is shorter. 2. SECURITY. We provide a detailed security proof based on the computational Diffie-Hellman assumption. Schemes [12] and [11] did not provide the complete security proofs while scheme [1] did not provide any security proof. 3. TRUST LEVEL. Our extended construction achieves the same trust level as that of a traditional signature scheme as was proposed in [17], which is better than those schemes proposed in [12,11]. Organization. The remainder of the paper is organized as follows. In Section 2, we introduce some preliminaries which will be referred later. In Section 3, we review the definition, the security model and the attack model of CLS. In Section 4, we propose our CLS. In Section 5, we present its security analysis. In Section 6, we present an extended construction which achieves trust level 3. Finally, we conclude this paper in Section 7.

2

Preliminaries

In this section, we present some mathematical problems which help in realizing CLS. Bilinear pairing is an important primitive for many cryptographic CLPKE schemes [1,13,6,2,4,16] and CLS schemes [1,12,11]. We describe some of its key properties below. Notation: Throughout this paper, (G1 , +) and (G2 , ·) denote two cyclic groups of prime order q. A bilinear map , e : G1 × G1 → G2 satisfies the following properties:

324

W.-S. Yap, S.-H. Heng, and B.-M. Goi

1. Bilinearity: For all P, Q, R ∈ G1 , e(P + Q, R) = e(P, R)e(Q, R) and e(P, Q + R) = e(P, Q)e(P, R). 2. Non-degeneracy: e(P, Q) = 1. 3. Computability: There is an efficient algorithm to compute e(P, Q) for any P, Q ∈ G1 . Note that a bilinear map is symmetric such that, e(aP, bP ) = e(bP, aP ) = e(P, P )ab for a, b ∈ Zq∗ . Definition 1. Computational Diffie-Hellman Problem (CDHP): The CDHP in (G1 , G2 , e) is such that given (P, aP, bP ) with uniformly random choices of a, b ∈ Zq∗ , find abP . The CDH assumption states that there is no polynomial time algorithm with a non-negligible advantage in solving the CDHP. Our security proofs will yield reductions to the CDHP in groups generated by generator LG. To make statements about the security of our scheme, we will assume that there is no polynomial time algorithm with a non-negligible advantage in solving the CDHP in groups generated by LG.

3 3.1

Certificateless Signature Scheme Definition

We now review the definition of a CLS [1]. A certificateless signature scheme is a digital signature scheme comprised of the following seven algorithms: 1. Setup is a probabilistic algorithm that takes security parameter k as input and returns the system parameters, params and master-key. 2. Partial-Private-Key-Extract is a deterministic algorithm that takes params, master-key and an identifier for entity A IDA ∈ {0, 1}∗ as inputs. It returns a partial private key DA . 3. Set-Secret-Value is a probabilistic algorithm that takes as input params and outputs a secret value xA . 4. Set-Private-Key is a deterministic algorithm that takes params, DA and xA as inputs. The algorithm returns a (full) signing key SA . 5. Set-Public-Key is a deterministic algorithm that takes params and xA as inputs and outputs a public key PA . 6. Sign is a probabilistic algorithm that accepts a message m ∈ M , a user identity IDA , params and SA to produce a signature σ. 7. Verify is a deterministic algorithm that takes a signature σ, message m, params, IDA and PA as inputs and outputs true if the signature is correct, or ⊥ otherwise. Definition 2. We say that a certificateless signature scheme is correct if the following condition holds. If σ = Sign(m, IDA , SA , params) and S = (σ, m, IDA , PA , params), then Verify(S) = true.

An Efficient Certificateless Signature Scheme

3.2

325

Adversarial Model

As defined in [1], there are two types of adversaries with different capabilities. In CLS, we assume Type I Adversary, AI acts as a malicious key generator centre (KGC) while Type II Adversary, AII acts as a dishonest user. CLS Type I Adversary: Adversary AI does not have access to master-key, but AI may replace public keys. CLS Type II Adversary: Adversary AII does have access to master-key, but cannot replace public keys of entities. Both types of adversary may request public keys, extract partial private and private keys and make sign queries. Here are several natural restrictions on both types of adversary: 1. A cannot extract the private key for the challenge identity IDch at any point. 2. During the attack, A cannot make a sign query on the forged message, m for the combination of identity (IDch , Pch ). Besides, AI cannot both replace the public key for IDch and extract the partial private key for IDch . Similarly, AI cannot request the partial private key for any identity if the corresponding public key has already been replaced. The standard notion of security for signature scheme is the security against existential forgery on adaptive chosen message attacks [10]. The formal security model was presented neither in [1] nor [12]. We follow the one defined in [11] here. A CLS is secure against existential forgery on adaptive chosen message and ID attacks against adversary, A if no polynomial time algorithm A has a nonnegligible advantage against a challenger C in the following game: Setup: The challenger, C takes a security parameter k and runs the Setup algorithm. It gives A the resulting system parameters params. If A is of Type I, then the challenger keeps master-key to itself, else it gives master-key to A. Attack: A issues a sequence of requests, each request being either a partial private key extraction, a private key extraction, a request for a public key, a replace public key command or a sign query for a particular entity. These queries may be asked adaptively, but are subjected to the rules on adversary behaviors defined above. Forgery: Finally, A outputs a signature σ on message m signed by a user who holds IDch and public key Pch . The only restriction is that (m, IDch , Pch ) does not appear in the set of previous sign queries. A wins the game if Verify(σ, m, IDch , Pch ) is true. The advantage of A is defined as the probability that it wins.

4

Proposed CLS Scheme

In this section, we show how to combine the techniques used in [1,5,6,16] with the elegancy of bilinear pairing to construct an efficient CLS scheme. Our verif y

326

W.-S. Yap, S.-H. Heng, and B.-M. Goi

algorithm requires two pairing computations only while four and five pairing computations are required in [12] and [11] respectively. Besides, messages signing is fast since it involves no pairing computation. The proposed CLS scheme is constructed by the following seven algorithms: 1. Setup: Given a security parameter k, the algorithm works as follows: (a) Run LG to output descriptions of groups G1 and G2 of prime order q and a pairing e : G1 × G1 → G2 . (b) Choose an arbitrary generator P ∈ G1 . (c) Select a random s ∈ Zq∗ , and set P0 = sP . (d) Choose a cryptographic hash function H1 : {0, 1}∗ → G1 and H2 : {0, 1}∗ × G1 → Zq∗ .

2.

3. 4. 5. 6.

7.

The system parameters are params = G1 , G2 , e, q, P, P0 , H1 , H2 . The message space is M = {0, 1}∗. The master-key is s ∈ Zq∗ . Set-Partial-Private-Key: Given params and master-key, this algorithm works as follows: Compute QA = H1 (IDA ) ∈ G1 and output a partial private key, DA = sQA ∈ G1 . Set-Secret-Value: Given params, select a random value xA ∈ Zq∗ where xA is the secret value. Set-Private-Key: Set private key SA = (xA QA + DA ). Set-Public-Key: Given params and the secret value xA , this algorithm computes PA = xA P ∈ G1 . Sign: Given params, IDA , message m and private key SA , the algorithm works as follows: (a) Compute QA = H1 (IDA ) ∈ G1 . (b) Choose a random value, r ∈ Zq∗ and set U = rQA ∈ G1 . (c) Set h = H2 (m||U ) ∈ Zq∗ . (d) Compute V = (r + h)SA . (e) Set σ = (U, V ) as the signature of m. Verify: Given signature σ, IDA , m and PA , this algorithm works as follows: (a) Compute QA = H1 (IDA ) ∈ G1 . (b) Compute h = H2 (m||U ) ∈ Zq∗ . (c) Check whether P, P0 + PA , U + hQA , V  is a valid Diffie-Hellman tuple, i.e. by verifying whether e(P, V ) = e(P0 + PA , U + hQA ). If not, then reject the signature else accept it.

In a CLS, Setup and Partial-Private-Key-Extract are performed by a KGC. A partial private key DA is given to a user A by the KGC through a secure channel. CLS can solve the inherent key escrow problem which suffered by IBS since Set-Secret-Value, Set-Private-Key and Set-Public-Key are executed by the user A itself. In order to generate a signature, the user A needs to run Sign algorithm with input SA , m, IDA and params. Finally, the receiver can verify A’s signature by running Verify algorithm with input σ, m, IDA and params. It is clear that the user identifier ID used in the Sign algorithm will provide the non repudiation of signature.

An Efficient Certificateless Signature Scheme

5

327

Analysis of the Proposed Scheme

In this section, we analyze the correctness, the performance and the existential unforgeability of our proposed scheme. 5.1

Correctness

The correctness of the proposed scheme can be easily verified with the following: e(P, V ) = e(P, (r + h)(DA + xA QA ) = e(P, (r + h)(sQA + xA QA ) = e((s + xA )P, (r + h)QA = e(P0 + PA , U + hQA ). 5.2

Performance

There are three major cost operations in constructing cryptographic schemes, namely, Pairing (p), Scalar Multiplication (s) and Exponentiation (e). The pairing operations are expensive compared with scalar multiplication and exponentiation. Table 1 shows the comparison of the existing CLS schemes and our proposed scheme in terms of the public key length and efficiency of Sign and Verify algorithms (we do not consider the pre-computation here). We can see that our scheme is the most efficient scheme in terms of the number of pairing operations required and the length of public key. Table 1. Comparison of the CLS Schemes Schemes

AP2003[1] LCS2005[12] HMSZ2005[11] Proposed scheme

Sign 1p+3s Verify 4p+1e Public Key Length 2 points

5.3

2s 4p+2s 2 points

2p+3s 5p+1e 2 points

2s 2p+3s 1 point

Security

We now present the security analysis of our proposed scheme. The proof of Theorem 1 is provided. We prove the security in the random oracle model [3]. Theorem 1. The proposed CLS scheme is existential unforgeable against the AI adversary in the random oracle model under the CDH assumption in G1 . Proof. (Theorem 1) Let B be a CDH attacker. Suppose that B is given an instance (q, P, aP, bP ). Let AI be a forger that breaks the proposed signature scheme under adaptive chosen message attack. We show how B can use AI to solve the CDH problem, that is to compute abP . First, B sets P0 = aP where P0 denotes the KGC’s public key. B then gives (q, P, P0 ) to AI .

328

W.-S. Yap, S.-H. Heng, and B.-M. Goi

Next, B randomly selects an index I such that 1 ≤ I ≤ qH1 , where qH1 denotes the maximum number of queries to the random oracle H1 . B also sets PI = xP where x is selected at random from Zq∗ . Let PI serve as user I’s original public key. Adversary B then works by interacting with AI in a chosen message attack game as follows: H1 queries: B maintains a list of tuples IDi , Qi , yi , xi , Pi  which is denoted as H1list . The list is initially empty, and when AI queries H1 on input IDi ∈ {0, 1}∗, B responds as follows: 1. If IDi has appeared on the H1list , then B responds with H1 (IDi ) = Qi ∈ G1 . 2. If IDi has not appeared on the list and IDi is the I-th distinct H1 query made by AI , then B outputs H1 (IDI ) = QI = bP and adds the entry

IDI , QI , ⊥, x, PI  to the H1list where QI = bP and PI = xP . Else, B picks yi , xi ∈ Zq∗ at random and responds with H1 (IDi ) = Qi = yi P ∈ G1 . B then adds IDi , Qi , yi , xi , Pi  to the H1list where Qi = yi P and Pi = xi P . Notice that with this specification of H1 , the partial private key for IDi with i = I is equal to yi P0 while the public key for IDi with i = I is Pi = xi P , and the private key for IDi with i = I is xi Qi + yi P0 . These can all be computed by B. H2 queries: When AI issues a query on (mi , Ui ) to H2 , B picks a random hi ∈ Zq∗ and returns it as answer. Attack: Now AI launches Phase 1 of its attack by making a series of queries, each of which is either a Partial Private Key Extraction, a Private Key Extraction, a Request for Public Key, a Replace Public Key or a Sign Queries. B replies to these queries as follows: Partial Private Key Extraction: Suppose the query is on IDi with i = I, then B replies with Di = yi P0 (notice that Di = yi P0 = ayi P = aH1 (IDi )). Else if i = I, B aborts. Private Key Extraction: Suppose the query is on IDi . We can assume that the public key for IDi has not been replaced. If i = I, then B replies with xi Qi + Di . Else if i = I, B aborts. Request for Public Key: If the query is on IDi with i = I, then B replies with Pi = xi P by accessing the H1list . Else if i = I, B replies with PI . Replace Public Key: Suppose the query is to replace the public key for IDi with value Pi . If i = I, then B replaces Pi with Pi in the H1list and updates the tuple to IDi , Qi , yi , xi , Pi . Else if i = I, then B replaces Pi with Pi in the H1list and updates the tuple to IDI , QI , ⊥, xI , PI . Sign Queries: Note that at any time during the simulation, equipped with those private keys and partial private keys for any IDi = IDI , AI is able to generate signatures on any message. For IDi = IDI , assume that AI issues a query (mi , PI ) where mi denotes a message and PI denotes a current public key chosen by AI to the signing oracle whose private key is associated with IDI . Upon receiving this, B creates a signature as follows:

An Efficient Certificateless Signature Scheme

1. 2. 3. 4. 5.

329

Select hi , zi ∈ Zq∗ at random. Compute Ui = zi P − hi QI where QI = H1 (IDI ) = bP . Compute Vi = zi (P0 + PI ). Set hi = H2 (mi ||Ui ). Return (Ui , Vi ) as a signature on mi .

It is straightforward to verify that Private Key Extraction and Sign produce valid private keys and signatures respectively. From the above simulation of Partial Private Key Extraction, H1 and H2 , it can be easily seen that the distribution of the simulated outputs are identical to those in the real attack. Forgery: The next step of the simulation is to apply the forking technique formalized in [14]. Let (m, (U, V ), ID, PI ) be a forgery that output by AI at the end of the attack. If AI does not output ID = IDI as a part of the forgery then B aborts (the probability that B does not abort the simulation is O(1/qH1 )). B then replays AI with the same random tape but different choice of the hash function H2 to get another forgery (m, (U, V  ), ID, PI ). Notice that the hash values h = h on (m, U ) for the two choice of H2 . Now a standard argument for the outputs of the forking lemma can be applied as follows: since both are valid signatures, P, P0 + PI , U + hQI , V  and P, P0 + PI , U + h QI , V   are valid Diffie-Hellman tuples. More precisely, we have V = (x + a)(U + hQI ) and V  = (x + a)(U + h QI ). B consequently obtains the following: V − V  = (x + a)(hQI − h QI ) = x(h − h )QI + a(h − h )bP = x(h − h )QI + (h − h )abP Thus, it is not difficult to see that abP = {(V − V  ) − x(h − h )QI )} · (h − h )−1 . This completes our proof.

 

Theorem 2. The proposed CLS scheme is existential unforgeable against the AII adversary in the random oracle model under the CDH assumption in G1 . Due to page limitation, the proof of Theorem 2 will be presented in the full version of the paper.

6

Extended Construction

The public key cryptosystem can be classified into three trust levels referred to the trust assumption of the TTP as defined by Girault [9]. In order to extend our signature scheme to achieve trust level 3, we use the binding technique which ensures that users can only create one public key for which they know the corresponding private key. This technique was first employed in [1] in order to prevent the KGC from issuing two valid partial private keys for a single user.

330

W.-S. Yap, S.-H. Heng, and B.-M. Goi

First, user A must fix its secret value, xA and its public key, PA = xA P . Then, KGC generates the partial private key DA for user A by returning sQA where QA = H1 (IDA ||PA ). However, a drawback of the binding technique is that the user A can no longer choose another secret value xA to generate a new public key PA since the partial private key DA remains the same. This technique has also been used in [17]. Now, the KGC who replaces user’s public key will be implicated in the event of dispute: the existence of two working public keys for an identity can only result from the existence of two partial private keys binding that identity to two different public keys. Thus, only the KGC could have created these two partial private keys since only the KGC has access to the master-key. To adopt this binding technique in our scheme, we should execute Set-SecretValue and Set-Public-Key before executing Set-Partial-Private-Key. This extended version is identical to our proposed CLS scheme above except the differences in the sequence of the execution of the algorithms and that the value QA = H1 (IDA ||PA ) will be used instead.

7

Conclusion

We have presented a more efficient CLS scheme compared with other existing CLS schemes. Our scheme is provably secure in the random oracle model under the CDH assumption. To the best of our knowledge, this scheme has the shortest public key length. By adopting the techniques used in [1,5,6,16], two pairing computations used in authenticating public key can be saved. Besides, we also managed to extend our CLS to achieve trust level 3 by adopting the technique used in [1]. Some future research includes finding a provably secure CLS scheme in the standard model and extending the CLS to ring signature scheme [7] and concurrent signature scheme [8].

References 1. S.S. Al-Riyami and K.G. Paterson. Certificateless Public Key Cryptography. In Proceedings of ASIACRYPT 2003, LNCS 2894, pp. 452-473, Springer-Verlag, 2003. 2. S.S. Al-Riyami and K.G. Paterson. CBE from CL-PKE: A Generic Construction and Efficient Schemes. In Proceedings of PKC 2005, LNCS 3386, pp. 398-415, Springer-Verlag, 2005. 3. M. Bellare and P. Rogaway. Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In Proceedings of CCCS 1993, pp. 62-73, ACM press, 1993. 4. J. Baek, R. Safavi-Naini and W. Susilo. Certificateless Public Key Encryption Without Pairing. In Proceedings of ISC 2005, LNCS 3650, pp. 134-148, SpringerVerlag, 2005. 5. J. Cha and J. Cheon. An Idendity-Based Signature from Gap Diffie-Hellman Groups. In Proceedings of PKC 2003, LNCS 2567, pp. 18-30, Springer-Verlag, 2003.

An Efficient Certificateless Signature Scheme

331

6. Z.H. Cheng and R. Comley. Efficient Certificateless Public Key Encryption. Cryptology ePrint Archive, Report 2005/012, 2005. http://eprint.iacr.org/2005/012. 7. S.S.M. Chow, L.C.K. Hui and S.M. Yiu. Idendity Based Threshold Ring Signature. In Proceedings of ICISC 2004, LNCS 3506, pp. 218-232, Springer-Verlag, 2005. 8. L. Chen, C. Kudla and K.G. Paterson. Concurrent Signatures. In Proceedings of EUROCRYPT 2004, LNCS 3027, pp. 287-305, Springer-Verlag, 2004. 9. M. Girault. Self-Certified Public Keys. In Proceedings of EUROCRYPT 1991, LNCS 547, pp. 490-497, Springer-Verlag, 1991. 10. S. Goldwasser, S. Micali and R. Rivest. A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks. SIAM Journal of Computing, vol. 17, no. 2, pp. 281–308, 1988. 11. X. Huang, W. Susilo, Y. Mu and F. Zhang. On the Security of Certificateless Signature Schemes from Asiacrypt 2003. In Proceedings of CANS 2005, LNCS 3810, pp. 13-25, Springer-Verlag, 2005. 12. X. Li, K. Chen and L. Sun. Certificateless Signature and Proxy Signature Schemes from Bilinear Pairings. Lithuanian Mathematical Journal, Vol 45, pp. 76-83, Springer-Verlag, 2005. 13. Y.R. Lee and H.S. Lee. An Authenticated Certificateless Public Key Encryption Scheme. Cryptology ePrint Archive, Report 2004/150, 2004. http://eprint.iacr.org/2004/150. 14. D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Proceedings of EUROCRYPT 1996, LNCS 1070, pp. 387-398, Springer-Verlag, 1996. 15. A. Shamir. Identity Based Cryptosystems and Signature Scheme. In Proceedings of CRYPTO 1984, LNCS 196, pp. 47-53, Springer-Verlag, 1984. 16. Y. Shi and J. Li. Provable Efficient Certificateless Public Key Encrytion. Cryptology ePrint Archive, Report 2005/287. http://eprint.iacr.org/2005/287. 17. D.H. Yum and P.J. Lee. Generic Construction of Certificateless Signature. In Proceedings of ACISP 2004, LNCS 3108, pp. 200-211, Springer-Verlag, 2004.

Universal Designated Verifier Ring Signature (Proof) Without Random Oracles Jin Li1 and Yanming Wang1,2 1

School of Mathematics and Computational Science, Sun Yat-sen University Guangzhou, 510275, P.R. China [email protected] 2 Lingnan College, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected]

Abstract. This paper first introduces the concept of universal designated verifier ring signature (UDVRS), which not only allows members of a group to sign messages on behalf of the group without revealing their identities, but also allows any holder of the signature (not necessary the signer) to designate the signature to any designated verifier. According to whether the designator has a registered public key, two kinds of UDVRS are proposed. In order to distinguish the two types of UDVRS, we call it UDVRS Proof (UDVRSP) if the designator has not a registered public key, and this protocol is interactive. We give the formal security definitions and notions of UDVRS and UDVRSP. Then, we propose a UDVRS and a UDVRSP scheme, with rigorous security proofs without random oracles. Keywords: Ring signature, Universal Designated verifier, Bilinear Pairings.

1

Introduction

A ring signature scheme [10] allows members of a group to sign messages on behalf of the group without revealing their identities. Different from a group signature scheme (for example, [3]), the group formation is spontaneous and there is no group manager to revoke the identity of the signer. Ring signature schemes could be used for whistle blowing [10], anonymous membership authentication for ad hoc groups [1,6] to keep the anonymity of the signer and can be publicly verifiable. However, consider a situation, where an authority, who has got a secret as well as a ring signature of the secret from a whistleblower of a group, would like to confirm validity of the secret by seeking help from a third party. In this situation, the authority sends the secret to the 

This work is supported by the National Natural Science Foundation of China (No. 60403007 and No. 10571181) and Natural Science Foundation of Guangdong Province, China (No. 04205407).

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 332–341, 2006. c IFIP International Federation for Information Processing 2006 

Universal Designated Verifier Ring Signature

333

third party, and wants to convince the third party that he indeed holds a ring signature on the secret from a whistleblower of the group. However, he does not want to send the signature away. A normal ring signature will not reveal the identity of signer, however, cannot satisfy the scenario. So, we present a new notion UDVRS to solve this problem. The UDVRS allows the signature holder to designate a verifier and generate a designated verifier ring signature such that it can only be verified by the designator. 1.1

Related Work

Ring signature scheme was first formalized by Rivest [10] and the first practical ring signature [14] without random oracles was proposed by Xu, Zhang, and Feng. Very recently, Chow et al. [7] gave a formal security proof to [14]. The concept of designated verifier signature (DVS) was introduced by Jakobsson et al. [9]. These signatures are intended to a specific verifier, who is the only one able to check their validity. The notion of universal designated verifier signature (UDVS) was given by Steinfeld et al. [11]. These are ordinary signatures with the additional functionality that any holder of a signature is able to convert it into a designated verifier specified to any designated verifier of his choice. The first UDVS scheme without random oracles was proposed by Zhang et al. [16]. Very recently, a new notion called universal designated verifier signature proof (UDVS Proof) was proposed by Baek et al. [2] at AsiaCrypt’05. What is the difference between UDVS and UDVS Proof is that the designator does not need a registered public key in UDVS Proof, which is required in UDVS. In order to protect the privacy of signer, the notion of ring signature was combined with deniable authentication [9]. The result is called deniable ring authentication. In deniable ring authentication, only the signer can designate a verifier such that the signature can only be verified by the designator. 1.2

Contribution

In this paper, we first present formally the security model of UDVRS and also construct a UDVRS scheme. Meanwhile, we first present the security definitions and notions of UDVRSP, and construct a UDVRSP scheme in the standard model.

2

Security Model

SYNTAX of UDVRS. A UDVRS consists of 8-tuple of probabilistic polynomial time (PPT) algorithms (CPG, SKG, VKG, RS, RV, DRS, DRV, KR) defined as follows: CPG- The common parameter generation algorithm, on input security parameter 1k , outputs a string params consisting of common parameters of the scheme. SKG- The signer key generation algorithm, on input params, outputs a public key pki and a secret key ski for the user i.

334

J. Li and Y. Wang

VKG- The verifier key generation algorithm, on input params, outputs a public key pkv and a secret key skv . RS- The ring signature generation algorithm, that takes as input a secret key ski , a message m and a set of public keys L including the one that corresponds to the private key ski , returns the signature σ. RV- The ring signature verification algorithm, takes as input a set of L, a message m and σ, returns 1 or 0 for accept or reject, respectively. DRS- The designation algorithm, on input a set of public key set L including the one that correspond to the private key ski , designated verifier’s public key pkv , and a message/signature pair (m, σ), output designated verifier ring signature σ  . DRV- The designated ring signature verification algorithm, on input σ  , designated verifier’s secret key skv and a message m, outputs 1 or 0 for accept or reject, respectively. KR- The key registration algorithm, on input pkv , and proof knowledge of corresponding secret key skv , output a pair (pkv , acc/rej), where acc/rej denotes the public key is valid or not, respectively. The Oracles – RS: The ring signature oracle, on input message m, L, returns a ring signature σ ← RS(ski , L, m) such that RV(L, m, σ) = 1. – DRS: The designation oracle, on input any message m, L, designated verifier public key pkv , first computes σ = RS(ski , m, L), and returns a designated ring signature σ  ← DRS(σ, L, m, pkv ) such that DRV(L,m, σ  , skv ) = 1. – DRV: The designated verifier ring signature verification oracle, on input L, m, σ  , pkv , returns a bit 1 or 0 by running the algorithm DRV. – KR: Key registration oracle, on input (skvi , pkvi ) ← KeyGen(1k ), stores (skvi , pkvi ) as a registered key pair. The correctness requires that valid signatures can always be proved valid. So, we present our detailed security notions for unforgeability, non-transferability, and signer ambiguity for UDVRS in the following. 2.1

Unforgeability

There are two types of unforgeability to consider: Publicly verifiable ring signature unforgeability (PV-unforgeability) and designated verifier ring signature unforgeability (DV-unforgeability). Meanwhile, we also consider the strong version of security model for existential unforgeability [7]. DV-unforgeability always implies PV-unforgeability, because anyone able to forge a normal ring signature can transform it into a designated verifier ring signature. Thus it is enough to consider only DV-unforgeability. DV-unforgeability for UDVRS against adaptive chosen public key attack and message attack is defined as in the following game involving an adversary A.

Universal Designated Verifier Ring Signature

335

– Let L = {P1 , · · · , Pn } be the set of n public keys in which each key is generated as (pki , ski ) ← SKG(1k ). A is given L and the public parameters. – A accesses to RS, DRS, DRV, and KR oracles. The adversary A wins the game if he can output (L, m∗ , pkv∗ , σ ∗ ), such that (L, m∗ , σ ∗ ) and (L, m∗ , pkv∗ , σ ∗ ) are not equal to any answer of RS oracle and DRS oracle, respectively. The advantage of the adversary is the probability that he wins the game. Definition 1. (DV-unforgeability) A UDVRS scheme is DV-unforgeability secure if no PPT adversary has a non-negligible advantage in the above DVunforgeability game. 2.2

Non-transferability

Non-transferability is defined through the following game involving A, S, and D. A is an attacker that tries to brag about its interaction with the signature holder. S is a simulator that simulates the output of A. S is able to access A as a black-box. D is a distinguisher that tries to distinguish whether a given output is of A or of S. – Let L = {P1 , · · · , Pn } be the set of n public keys in which each key is generated as (pki , ski ) ← SPG(1k ). A and S are allowed to access RS oracle. However, after the challenge message m is output, they may not access to RS oracle with respect to this challenge message. – A and S are allowed to access KR oracle and DRV oracle. A is also allowed to access to DRS, which S is not allowed. Finally, A and S return to D their outputs with respect to m. D decides whether this output is of A or of S. The advantage of D is the probability that it guess correctly over 12 . Definition 2. (Non-transferability) A UDVRS scheme is Non-transferability secure against adaptive chosen public key attack and chosen message attack, if there exists S to every A, such that the advantage of every computationally unbounded D is only negligible. 2.3

Signer Ambiguity

In UDVRS, signer ambiguity means that it is hard to tell which signer out of the n possible signers who actually generates a ring signature or a designated verifier ring signature. – Let L = {P1 , · · · , Pn } be the set of n public keys in which each key is generated as (pki , ski ) ← SKG(1k ). Meanwhile, (pkvi , skvi ) ← VKG(1k ) is also generated. (pki , ski ), (pkvi , skvi ) are provided to adversary. – Pick a random 1 ≤ t ≤ n, output a valid ring signature σ ← RS(skt , L, m) such that RV (L,m,σ) = 1.

336

J. Li and Y. Wang

– Any unbounded adversary accepts as inputs σ. The adversary wins the game if he can output t such that t = t who signs the signature. The advantage of the adversary is the probability that he wins the game, over n1 , that he can guess t accurately. Definition 3. (Signer Ambiguity) A UDVRS scheme is said to be unconditionally signer ambiguous if any unbound adversary has a negligible advantage in the above signer ambiguity game.

3

A UDVRS Without Random Oracles

3.1

Preliminaries

Let G1 and G2 be two (multiplicative) cyclic groups of prime order p. Let g1 be a generator of G1 and g2 be a generator of G2 . We also let ψ be an isomorphism from G2 to G1 , with ψ(g2 ) = g1 , and eˆ be a bilinear map such that eˆ : G1 ×G2 → GT with the following properties: 1. Bilinearity: For all u ∈ G1 , v ∈ G2 and a, b ∈ Z, eˆ(ua , v b ) = eˆ(u, v)ab . 2. Non-degeneracy: eˆ(g1 , g2 ) = 1. 3. Computability: There exists an efficient algorithm to compute eˆ(u, v). We introduce the following problem used in [7]: Definition 4 ((q, n)-DsjSDH). The (q, n)-Disjunctive Strong Diffie-Hellman Problem in (G1 , G2 ) is defined as follow: Given h ∈ G1 , g, g x ∈ G2 , distinct ai ∈ Zp and Universal One-Way Hash Functions (UOWHF) Hi (·) for 1 ≤ i ≤ n, distinct nonzero mτ for 1 ≤ τ ≤ q and σi,τ for 1 ≤ i ≤ n, 1 ≤ τ ≤ q, satisfying: n (xai +Hi (mτ )) = h for all τ , output m∗ and (σi∗ , γi ), for 1 ≤ i ≤ n such i=1 σi,τ n ∗ that they satisfy: i=1 σi∗ (xai +Hi (m )+γi ) =h and Hi (m∗ ) + γi = Hi (mτ ) for all i and τ . We say that the (q, n, t, )-DsjSDH assumption holds in (G1 , G2 ) if no t-time algorithm has advantage at least  in solving the (q, n)-DsjSDH problem in (G1 , G2 ). 3.2

The UDVRS Scheme

We construct a UDVRS scheme without random oracles. 1. CPG. Choose bilinear groups (G1 , G2 ) where |G1 | = |G2 | = p. Define a bilinear map eˆ : G1 × G2 → GT with an isomorphism ψ : G2 → G1 . g2 is the generator of G2 , and g1 =ψ(g2 ). h is also a random generator of G1 . Let Hi be universal one-way hash function such that Hi : {0, 1}∗ → Z∗p . Then params=(G1 , G2 , eˆ, g1 , g2 , h, H1 , · · · , Hn ). 2. SKG. For signer i, it picks (xi , yi ) ∈ (Zp )2 and outputs (xi , yi , Xi = g2xi , Yi = g2yi ) as its key pair. The secret key is (xi , yi ) and the public key is (Xi , Yi ) ∈ (G2 )2 .

Universal Designated Verifier Ring Signature

337

3. VKG. For verifier, it picks (xv , yv ) ∈ (Zp )2 and outputs (xv , yv , Xv = g2xv , Yv = g2yv ) as its key pair. The verifier’s secret key is (xv , yv ) and the public key is (Xv , Yv ). 4. RS. Assume the signer wants to form a ring signature on message m of n users {(X1 , Y1 ), · · · , (Xn , Yn )} with his own public key at index t, he signs as follows: a. For i ∈ {1, · · · , n}\t, he picks zi ∈R Z∗p and computes σi = g1zi . b. For i ∈ {1, · · · , n}, he picks ri ∈ Z∗p . Then he computes  H (m) ω=h/( i∈{1,...,n}\t ψ(Xi ·g2ri ·Yi i )zi . c. He computes σt =ω 1/(xt +rt +yt Ht (m)) with his secret keys (xt , yt ). The signature is σ = {(σ1 , r1 ), · · · , (σn , rn )}. 5. RV. On input a set of L={(X1 , Y1 ), · · · , (Xn , Yn )}, a message m and σ = n H (m) {(σ1 , r1 ), · · · , (σn , rn )}, accept if i=1 [ˆ e(σi , (Xi · g2ri · Yi i ))] = eˆ(h, g2 ). 6. DRS. On input the signature σ = {(σ1 , r1 ), · · · , (σn , rn )} on message m, the signature holder generates the designated verifier ring signature σ  = {(σ1 , A1 ), · · · , (σn , An ), B1 , · · · , Bn }, where Ai = g2ri and Bi = eˆ(ψ(Xv ), Yv )ri if the designated verifier public key is (Xv , Yv ). 7. DRV. On input σ  = {(σ1 , A1 ), · · · , (σn , An ), B1 , · · · , B n }, designated vere(σi , (Xi · Ai · ifier’s secret key (xv , yv ) and a message m, accept if ni=1 [ˆ Hi (m) yv Yi ))] = eˆ(h, g2 ) and eˆ(ψ(Xv ), Ai ) =Bi .

4

Security Analysis

The correctness of the scheme is straightforward. Before prove the DV-unforgeability of the UDVRS, we first derive a new ring signature without random oracles from above UDVRS scheme. The system parameters are also {G1 , G2 , eˆ, g1 , g2 , h, H1 , · · · , Hn } as defined in section 3. 1. KeyGen. For user i, on input security parameter 1k , outputs (xi , yi , Xi = g2xi , Yi = g2yi ), where (xi , yi ) ∈ (Zp )2 and (Xi , Yi ) ∈ (G2 )2 are the secret key and public key of user i, respectively. 2. RS. On input a secret key (xt , yt ), a message m and a set of public keys L including the one that corresponds to the private key (xt , yt ), it signs as follows: a. For i ∈ {1, · · · , n}\t, he picks zi ∈R Z∗p and computes σi = g1zi . b. For i ∈ {1, · · · , n}, he picks ri ∈ Z∗p . Then he computes  H (m) ω=h/( i∈{1,...,n}\t ψ(Xi ·g2ri ·Yi i )zi . c. He computes σt =ω 1/(xt +rt +yt Ht (m)) with his secret keys (xt , yt ). The signature is σ = {(σ1 , r1 ), · · · , (σn , rn )}. 3. RV. On input a set of L={(X1 , Y1 ), · · · , (Xn , Yn )}, a message m and σ = n H (m) {(σ1 , r1 ), · · · , (σn , rn )}, return 1 if i=1 [ˆ e(σi , (Xi · g2ri · Yi i ))] = eˆ(h, g2 ). Otherwise, output 0.

338

J. Li and Y. Wang

Theorem 1. The new ring signature scheme is existentially unforgeable if (q, n)DsjSDH assumption holds in bilinear groups, and it also achieves signer-ambiguity against unconditional adversary. The new ring signature is a variant of [7,14]. However, if directly use the ring signature [7,14], it is hard to construct a UDVRS by using the construction method in our paper. The new ring signature without random oracles is different from [7,14] in RS and RV. However, it can also easily be proved to be secure without random oracles from the proof of [7]. Definition 5. (Knowledge of Exponent Assumption[4,16] ) Suppose that an adversary is given a pair (g, h) which is randomly chosen from uniform distribution of G2 and if the adversary is able to generate a pair (x, y) ∈ G2 such that logg x = logh y, then there exists an extractor that extracts logg x. We can get the following security results. For the page limitation, reader can contact the author for full version of this paper if needed. Theorem 2. The UDVRS scheme achieves DV-unforgeability provided that the underlying ring signature is secure and knowledge of exponent assumption holds in bilinear groups. Theorem 3. The UDVRS scheme achieves signer-ambiguity against unconditional adversary. Theorem 4. The UDVRS scheme achieves non-transferability against unconditional adversary.

5

UDVRSP

SYNTAX of UDVRSP. A UDVRSP consists of 6-tuple of poly-time algorithms (CPG, SKG, RS, RV, Transform, IVerify) defined as follows: CPG- The common parameter generation algorithm, on input security parameter 1k , outputs a string params consisting of common parameters of the scheme. SKG- The signer key generation algorithm, on input params, outputs a public key pki and a secret key ski for the user. RS- The ring signature generation algorithm, that takes as input a secret key ski , a message m and a set of public keys L including the one that corresponds to the private key ski , returns the signature σ. RV- The ring signature verification algorithm, takes as input a set of L, a message m and σ, returns 1 or 0 for accept or reject, respectively. Transform- On input signature σ, it picks a secret mask sk  and generates a transformed signature σ  . IVerify- This is an interactive verification protocol between a designator P and a designated verifier V. Common input for P and V are a set of public key L, a transformed signature σ  and a message m. P’s private input is sk  . V does not have any input. The output of this protocol is 1 or 0 depending V accepts or rejects.

Universal Designated Verifier Ring Signature

339

The UDVRSP should satisfy correctness, unforgeability, and signer ambiguity. Definitions of unforgeability and signer ambiguity are the same with the ring signature. Another essential security requirement is resistance against impersonation attack. This can be divided into two categories: Type-1 and Type-2 attacks. In Type-1 attack, an attacker who has obtained a transformed signature participates in the IVerify protocol as a cheating designated verifier and interacts with an honest designator a number of times. The target of the attacker is to impersonate the honest designator to other honest designated verifier. In Type-2 attack, the attacker simply ignores the transformed signature that he has obtained before but tries to create a new transformed signature on his own and use this to impersonate the honest designator to an honest designated verifier in the IVerify protocol. For more details, please refer to [2]. 5.1

The UDVRSP Scheme

The algorithms CPG, SKG, RS, RV are the same with their corresponding algorithms in section 3. - Algorithms CPG, SKG, RS, and RV are the same with corresponding algorithms in section 3. - Transform. On input the signature σ = {(σ1 , r1 ), · · · , (σn , rn )} on message m, the signature holder chooses z ∈ Z∗p and generates the transformed ring signature σ  = {(σ1 , r1 ), · · · , (σn , rn )}, where σi = σiz for 1 ≤ i ≤ n. - IVerify. On input σ  = {(σ1 , r1 ), · · · , (σn , rn )}, both the designator P  H (m) e(σi , (Xi · g2ri · Yi i ))](= and designated verifier V compute R1 = ni=1 [ˆ (ˆ e(h, g2 ))z ), and R2 = eˆ(h, g2 ). Then they interactive as follows: a. b. c. d.

P picks s ∈R Z∗p and sends U = R2s to V. V chooses c ∈R Z∗p . and sends it to P. P computes t=s + cz mod p and sends t to V. V checks that if R2t = U · R1c .

If it holds, output 1. Otherwise, output 0. As mentioned above, the UDVRSP scheme achieves signer-ambiguity and unforgeability from the corresponding properties in the standard ring signature. Definition 6. One More Discrete Logarithm Problem (OMDL Problem[2] ): on x input n+1 challenge elements y1 = g1x1 , · · · , hn+1 = g1 n+1 ∈ (G1 )n+1 , provided to the discrete logarithm oracle at most n times, it is hard to output x1 , · · · , xn+1 for any PPT algorithm. Theorem 5. The UDVRSP scheme is secure against impersonation under Type-1 attack assuming the OMDL problem is hard. Theorem 6. The UDVRSP scheme is secure against impersonation under Type-2 attack assuming the underlying ring signature is secure.

340

6

J. Li and Y. Wang

A Short DVS Without Random Oracles

A DVS consists of three algorithms: the key generation algorithm KeyGen, the designated verifier signature generation algorithm Sign, and the designated verification algorithm Verify. The security requirements of DVS [8] are unforgeability and non-transferability. It is known that DVS can be converted from ring signatures just by setting the size of the ring signature to two-user [8]. So, we construct the first DVS without relying on random oracles from the two-user ring signature in section 4. The system parameters are the same with section 4. 1. KeyGen. For signer, it generates (xs , ys , Xs = g2xs , Ys = g2ys ), where (xs , ys ) ∈ (Zp )2 and (Xs , Ys ) ∈ (G2 )2 are the secret key and public key, respectively. For verifier, it generates (xv , yv , Xv = g2xv , Yv = g2yv ), where (xv , yv ) ∈ (Zp )2 and (Xv , Yv ) ∈ (G2 )2 are its secret key and public key, respectively. 2. Sign. The signer generates a designated verifier signature on message m for the specific verifier as follows: The signer takes a secret key (xs , ys ), then a. The signer picks z ∈R Z∗p and computes σ2 = g1z . b. He also picks r1 , r2 ∈ Z∗p and computes ω=h/(ψ(Xv · g2r2 ·Yv 2 )z . c. He computes σ1 =ω 1/(xs +r1 +ys H1 (m)) . The signature is σ = {(σ1 , r1 ), (σ2 , r2 )}. 3. Verify. On input (Xs , Ys ), (Xv , Yv ), a message m and σ = {(σ1 , r1 ), (σ2 , H (m) H (m) r2 )}, return 1 if eˆ(σ1 , Xs · g2r1 · Ys 1 ) · eˆ(σ2 , Xv · g2r2 · Yv 2 ) = eˆ(h, g2 ). Otherwise, output 0. H (m)

From the existentially unforgeability and non-transferability of the underlying two-user ring signature, we can easily get the following results: Theorem 7. The DVS is existentially unforgeable if (q, n)-DsjSDH assumption holds in bilinear groups. Theorem 8. The DVS achieves unconditional non-transferability.

7

Conclusion

We first propose the notion of UDVRS. It not only allows members of a group to sign messages on behalf of the group without revealing their identities, but also allows the signature holder to designate a verifier. We give a formal and strong UDVRS security model. Then, a provably secure UDVRS scheme without random oracles is proposed in this paper, with rigorous proofs under the security model. To achieve our goal, we also present a variant ring signature scheme of [7,14]. Meanwhile, we also propose the concept of UDVRSP and construct a secure UDVRSP scheme in the standard model. Finally, a DVS without random oracles is first given in this paper.

Universal Designated Verifier Ring Signature

341

References 1. M. Abe, M. Ohkubo, and K. Suzuki. 1-out-of-n Signatures from a Variety of Keys. AsiaCrypt 2002, LNCS 2501, pp. 415-432, Springer-Verlag, 2002. 2. J.Baek, R.S. Naini, and W. Susilo. Universal designated verifier signature proof (or how to efficiently prove knowledge of a signature). AsiaCrypt’05, LNCS 3788, pp. 644-661, Springer-Verlag, 2005. 3. M. Bellare, D. Micciancio, and B. Warinschi. Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. EuroCrypt 2003, LNCS 2656, pp. 614-629, Springer-Verlag, 2003. 4. M. Bellare and A. Palacio. The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols. In Crypt 2004, LNCS 3152, Springer-Verlag, 2004. 5. D.Boneh and X. Boyen. Short Signatures Without Random Oracles. In Eurocrypt 2004, LNCS 3027, pp. 56-73, Springer-Verlag, 2004. 6. E. Bresson, J. Stern, and M. Szydlo. Threshold Ring Signatures and Applications to Ad-hoc Groups. CRYPTO 2002, LNCS 2442, pp. 465-480, Springer-Verlag, 2002. 7. Sherman S. M. Chow, Joseph K. Liu, Victor K. Wei, Tsz H. Yuen. Ring Signatures without Random Oracles. To be appeared at AsiaCCS’06. Available at http://eprint.iacr.org/2005/317. 8. M. Jakobsson, K. Sako, and R. Impagliazzo. Designated Verifier Proofs and Their Applications. EuroCrypt 1996, LNCS 1070, pp. 143-154, Springer-Verlag, 1996. 9. M. Naor. Deniable ring authentication. Crypto 2002, LNCS 2442, pp. 481-498, Springer-Verlag, 2002. 10. R. L. Rivest, A. Shamir, and Y. Tauman. How to Leak a Secret. AsiaCrypt 2001, LNCS 2248, pp. 552-565, Springer-Verlag, 2001. 11. R. Steinfeld, L. Bull, H. Wang, and J. Pieprzyk. Universal designated-verifier signatures. AsiaCrypt 2003, LNCS 2894, pp. 523-542, Springer-Verlag, 2003. 12. R. Steinfeld, H. Wang, and J. Pieprzyk. Efficient Extension of Standard Schnorr/RSA Signatures into Universal Designated-Verifier Signatures. PKC 2004, LNCS 2947, pp. 86-100, Springer-Verlag, 2004. 13. W. Susilo and Y. Mu. Non-Interactive Deniable Ring Authentication. ICISC 2003, LNCS 2971, pp. 386-401, Springer-Verlag, 2004. 14. J. Xu, Z. Zhang, and D. Feng. A Ring Signature Scheme Using Bilinear Pairings. WISA 2004, LNCS 3325, pp. 163-172, Springer-Verlag, 2004. 15. F. Zhang and K. Kim, ID-based blind signature and ring signature from pairings, AsiaCrpt 2002, LNCS 2501, pp. 533-547, Springer-Verlag, 2002. 16. R. Zhang, J. Furukawa, and H. Imai. Short Signature and Universal Designated Verifier Signature Without Random Oracles. ACNS 2005, LNCS 3531, pp. 483498, 2005.

An Identity-Based Signcryption Scheme with Short Ciphertext from Pairings Huiyan Chen1,2 , Shuwang L¨ u1,3 , Zhenhua Liu1 , and Qing Chen3 1

State Key Laboratory of Information Security Graduate School of Chinese Academy of Sciences , Beijing 100049, P.R. China 2 Institute of Electronics, Chinese Academy of Sciences, Beijing 100080 3 Peking Knowledge Security Engineering Center, Beijing 100083 [email protected] Abstract. In this paper, we give a new identity-based signcryption scheme based on pairings. It is secure against adaptive chosen ciphertext and identity attack in the random oracle with the Modified Bilinear Diffie-Hellman assumption [14]. It produces shorter ciphertext than any one of schemes [7],[14] for the same plaintext and adapts to the bandconstrained scenario very well. Keywords: Signcryption, pairings, identity-based cryptography.

1

Introduction

The two fundamental services of public key cryptography are encryption and signing. Encryption provides confidentiality. Digital signatures provide authentication and non-repudiation. Often when we use one of these two services, we would like to use also the other. In 1997, Zheng [1] proposed a novel cryptographic primitive which he called as signcryption. The idea behind signcryption is to simultaneously perform signature and encryption in a logically single step in order to obtain confidentiality, integrity, authentication and nonrepudiation at lower computational cost than the traditional “signature then encryption”approach. In addition, this latter solution also expends the final ciphertext size. Several efficient signcryption schemes [2],[3],[4],[5],[6] have been proposed since 1997. Malone-Lee afterward extended the signcryption idea to identity-based cryptography and firstly presented an identity-based signcryption scheme [8]. Indeed, the concept of identity-based cryptography was proposed in 1984 by Shamir [16]. The idea behind identity-based cryptography is that the user’s public key can be derived from arbitrary string (e-mail address, IP address combined to a user name,...) which identifies him in a non ambiguous way. This greatly reduces the problems with key management. This kind of system needs trusted authority called private key generator(PKG) whose task is to compute user’s private key from user’s identity information. Several identity-based signcryption schemes have been proposed so far, e.g. [7],[9],[10],[11],[12],[13],[14]. 

This work is supported by the National Natural Science Foundation of China (No. 60577039).

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 342–351, 2006. c IFIP International Federation for Information Processing 2006 

An Identity-Based Signcryption Scheme

343

Unfortunately, most of these schemes only operate on plaintexts of less than or equal to some fixed length. In some situations, e.g. bandwidth-constrained scenario, it is desirable to shorten the length of ciphertext. In this paper we propose a new identity-based signcryption scheme which can deal with plaintexts of arbitrary length. For the same plaintext, it produces shorter ciphertext than any one of the schemes [7],[14] and adapts to the bandwidth-constrained scenario very well. The paper will proceed as follow. In section 2, we review some preliminaries used throughout this paper. Our scheme is presented in Section 3. In Section 4, we compare our scheme with others. Section 5 concludes the paper.

2 2.1

Preliminaries Notations

Throughout this paper, we will use the following notations. |q| denotes the length of q in bits. If |q| = 0, q is denoted as φ. Z + denotes the set of natural numbers and {0, 1}∗ denotes the the space of finite binary strings. Let [m]l1 denote the most significant l1 bits of m and [m]l2 denote the least significant l2 bits of m. We denote by a||b the string which is the concatenation of strings a and b. We also denote [x]= y if y ≤ x < y + 1 and y ∈ Z + . a b denotes the bitwise XOR of bit strings a and b. If G is a set, x ∈R G denotes that x is an element randomly selected from G. Zq = {0, 1, . . . , q − 1} 2.2

Bilinear Map and Some Problems

Let G1 be a cyclic additive group generated by P , whose order is a prime q, and G2 be a cyclic multiplicative group with the same order q. The bilinear map is given as e : G1 × G1 → G2 , which satisfies the following properties: (1) Bilinearity:  e(aP, bQ) = e(P, Q)ab for all P, Q ∈ G1 , a, b ∈ Zq (2) Non-degeneracy: There exists P, Q ∈ G1 such that e(P, Q) = 1, in other words, the map does not send all pairs in G1 × G1 to the identity in G2 ; (3) Computability: There is an efficient algorithm to compute  e(P, Q) for all P, Q ∈ G1 . We note that the weil and Tate pairings associated with supersingular elliptic curves can be modified to create such bilinear maps. Definition 1. Let l be a security parameter. Given two groups G1 and G2 of the same prime order q (|q|=l), a bilinear map e :G1 × G1 →G2 and a generator P of G1 , the Decisional Bilinear Diffie-Hellman Problem (DBDHP) in (G1 , G2 , e) is, given (P, aP, bP, cP, h) for unknown a, b, c ∈ Zq , to decide whether h = e(P, P )abc . The Modified Decisional Bilinear Diffie-Hellman Problem (MDBDHP) in (G1 , G2 , e) is, given (P, aP, bP, cP, c−1 P, h) for unknon a, b, c ∈ Zq , −1 to decide whether h = e(P, P )abc .

344

H. Chen et al.

We define the advantage of a distinguisher D against MDBDHP like this: −1 MDBDHP (G1 ,G2 ,P ) Adv D (l)=|P ra,b,c∈RZq [1← D(aP , bP , cP , c−1 P , e(P , P )abc )] −P ra,b,c∈R Zq ,h∈R G2 [1←D(aP , bP , cP , c−1 P , h)]|. Obviously DBDHP is harder than MDBDHP. However, no known existing efficient algorithm can solve MDBDHP, to the best of our knowledge. 2.3

Framework of Identity-Based Signcryption Scheme

Signcryption schemes are made of five algorithms: Setup, Keygen, Signcrypt, Unsigncryp and TPVerify(if public verifiability is satisfied). –Setup: Given a security parameter l, the private key generator(PKG)generates the system’s public parameters params. –Keygen: Given an identity ID, the PKG computes the corresponding private keys sID , dID and transmits them to their owner in a secure way. –Signcrypt: To send a message m to Bob, Alice computes Signcrypt (m, sIDA , IDB ) to obtain the ciphertext σ. –Unsigncrypt: When Bob receives σ, he computes Unsigncrypt (σ, IDA , dIDB ) and outputs the clear text m and ephemeral data temp for public verifiability, or the symbol ⊥ if σ was an invalid ciphertext between identities IDA and IDB . –TPVerify: On input (σ, IDA , m, temp), it outputs  for true or ⊥ for false, depending on whether σ is a valid ciphertext of message m signcrypted by IDA or not . For obvious consistency purposes, we of course require that if σ=Signcrypt(m, sIDA , IDB ), then we have the relation (m, temp) = Unsigncrypt (σ, IDA , dIDB ) and =TPverify(σ, IDA , m, temp). 2.4

Security Notions

Malone-Lee [8] extended notions of sematic security for public key encryption to identity-based signcryption schemes(IBSC). Sherman et al. slightly modified the definitions of these notions. these modified notions are indistinguishability against adaptive chosen ciphertext and identity attacks(IND-IBSC-CCIA) and existential unforgery of identity based signcryption under adaptive chosen message and identity attacks (EUF-IBSC-ACMIA). Now we recall the following definitions. Definition 2. An identity-based signcryption scheme has the IND-IBSC-CCIA property if no adversary has a non-negligible advantage in the following game. (1) The challenger runs the Setup algorithm and sends the system parameters to the adversary (2) The adversary A performs a polynomially bounded number of queries: – Signcrypt query: A produces two identities IDA , IDB and a plaintext m. The challenger computes (sIDA , dIDA ) = Keygen(IDA ) and then Signcrypt(m, sIDA , IDB ) and sends the result to A. – Unsigncrypt query: A produces two identities IDA and IDB , a ciphertext σ. The challenger generates the private key (sIDB , dIDB ) = Keygen(IDB )

An Identity-Based Signcryption Scheme

345

and sends the result of Unsigncrypt(σ, dIDB , IDA ) to A (this result can be the ⊥ symbol if σ is an invalid ciphertext). – Keygen query: A produces an identity ID and receives the extracted private key (sID , dID ) = Keygen(ID). A can present its queries adaptively: every query may depend on the answer to the previous ones. (3) A chooses two plaintexts m0 , m1 (|m0 | = |m1 |) and two identities IDA and IDB on which he wishes to be challenged. He cannot have asked the private key corresponding to IDB in the first stage. (4) The challenger randomly takes a bit d ∈ {0, 1} and computes σ=Signcrypt ( md , sIDA , IDB ) which is sent to A. (5) A asks again a polynomially bounded number of queries just like in the first stage. This time, he cannot make a Keygen query on IDB and he cannot ask the plaintext corresponding to σ.   (6) Finally, A produces a bit d and wins the game if d = d.  The adversary A’s advantage is defined to be Adv(A):=|2P r[d = d] − 1| Definition 3. An identity-based signcryption scheme is said to have the EUFIBSC-ACMIA property if no adversary has a non-negligeable advantage in the following game. (1) The challenger runs the setup algorithm and gives the system parameters to the adversary A. (2) The adversary A performs a polynomially bounded number of queries just like in the previous definition 2. (3) Finally, A produces a new triple (σ ∗ , IDA , IDB ) (i.e. a triple that was not produced by the signcryption oracle), where the private key of IDA was not asked in the first stage and wins the game if the result of Unsigncrypt(σ, IDA , dIDB ) is not the ⊥ symbol. The adversary’s advantage is simply its probability of victory. In this definition, to obtain the non-repudiation property and to prevent a dishonest recipient to send a ciphertext to himself on Alice’s behalf and to try to convince a third party that Alice was the sender, it is necessary for the adversary to be allowed to make a Keygen query on the forged message’s recipient IDB .

3 3.1

Proposed Signcryption Scheme Description of the Scheme

– Setup: Given a security parameter l ∈ Z + , the private key generator(PKG) chooses groups G1 and G2 of prime order q( l = |q| = l1 +l2 , here l1 = [ l+1 2 ], l2 = [ 2l ]), a generator P of G1 , an bilinear map e : G1 × G1 → G2 and cryptographic hash functions H1 :{0, 1}∗→G1 , H2 :G2 →{0, 1}n (here n is the key length of symmetric cipher ), H3 :{0, 1}∗ → Zq∗ , F1 :{0, 1}l2 → {0, 1}l1 , F2 :{0, 1}l1 → {0, 1}l2 . It also choose a secure symmetric cipher (E, D) and a master-key s ∈ Zq∗ , and computes Ppub = sP and g= e(P ,Ppub ). The system’s public parameters are P= {q, G1 , G2 , n,  e, P, Ppub , g, H1 , H2 , H3 , F1 , F2 , E, D}.

346

H. Chen et al.

– Keygen: Given identity ID, the PKG computes QID = H1 (ID) and the private key dID = s−1 QID , sID = sQID . – Signcrypt: To send a message m (|E (·) (m)| ≥ l2 ) to Bob, Alice follows the steps below. 1. Compute QIDB = H1 (IDB ) ∈ G1 . 2. Randomly choose x ∈ Zq∗ , compute k1 =g x , k=H2 ( e(P ,QIDB )x ). 3. Compute c = c1 ||c2 =E k (m), f = F1 (c2 )||(F2 (F1 (c2 )) c2 ). Here if |c| = l2 , c2 = c ; if |c| > l2 , c1 =[c]|c|−l2 , c2 =[c]l2 . 4. Compute r = H3 (k1 ) + f and r0 = H3 (r||c1 ). 5. Compute S = xPpub − r0 sIDA . 6. The ciphertext is σ = (c1 , r, S). – Unsigncrypt: When receiving σ = (c1 , r, S), Bob follows the steps below. 1. Compute QIDA = H1 (IDA ) ∈ G1 and r0 = H3 (r||c1 ). 2. Compute k1 = e(S, P ) e(QIDA , Ppub )r0 . 3. Compute τ = e(S, dIDB ) e(QIDA , QIDB )r0 and k = H2 (τ ). 4. Compute f = r − H 3 (k1 ). 5. Compute c2 = [f ]l2 F2 ([f ]l1 ) and m =Dk (c2 ). 6. Accept σ if and only if [f ]l1 = F1 (c2 ). 7. Given (k, m, σ) to third party. – TPVerify: On receiving (k, m, σ), the third party follows the steps below. 1. Compute r0 = H3 (r||c1 ) and k1 =  e(S, P ) e(QIDA , Ppub )r0 . 2. Compute f = r − H 3 (k1 ). 3. Compute c2 = [f ]l2 F2 ([f ]l1 ). 4. Accept the origin of ciphertext if and only if [f ]l1 = F1 (c2 ). 5. Accept the message authenticity if and only if m =Dk (c2 ). – Remark 1: If |E (·) (m)| < l2 , we need some redundancy to signcrypt message m. For example, we choose a hash function H : {0, 1}∗ → {0, 1}l2 and   set c =E (·) (m)||H(E (·) (m)), then we sign message c by Fangguo Zhang et al’s identity-based signature scheme. Since the length of paper is limited, we don’t discuss it any more here. Throughout this paper, we assume |E (·) (m)| ≥ l2 if message m need to be signcrypted. – Remark 2: In the unsigncryption process, f ∈ Z + is turned into a bit string f . If |f | < l, we will fill (l − |f |) zeros in the left of bit string f . The consistency of this scheme is easy to verify by the bilinear pairing. It is forward-secure, in the sense that only Bob (and PKG) can recover m: knowledge of Alice’s private keys sIDA and dIDA is insufficient to compute k. It is also publicly verifiable because, when verifying the messages origin by TPVerify algorithm, any third party does not depend on any private information. In order to convince someone that Alice is the sender of plaintext m, the receiver just have to forward the ephemeral decryption k to the third party. 3.2

Security Result

Theorem 1. In the random oracle model (the hash functions are modeled as random oracles), if there is an IND-IBSC-CCIA adversary A that succeeds with an

An Identity-Based Signcryption Scheme

347

advantage  when running in a time t and asking at most qH1 H1 queries, at most qE Keygen queries, at most qR H3 queries, qR Signcrypt queries and qU Unsigncrypt queries, then there is a distinguisher B that can solve the MDBDH problem in O(t + ((6qR + 2)qR + 4qU )Te + ((3qR + 1)qR + 2qU )Tpm ) time with an advantage MDBDHP (G1 ,G2 ,P )

Adv B

(l)> ((2[l/2] − qU ) − qU )/(qH1 )2 2[l/2]+1

where Te denotes the computation time of the bilinear pairing, Tpm denote the computation time of exponentiation over G2 Proof. see the appendix. The existential unforgeability against adaptive chosen messages and identity attacks derives from the security of Fangguo Zhang ea al’s identity-based signature scheme [15]. By arguments similar to those in [17], one can show that an attacker that is able to forge a signcrypted message must be able to forge a signature for Fangguo Zhang ea al’s identity-based signature scheme.

4

Comparison of Schemes

Among these schemes [7],[9], [10],[11],[12],[13],[14], only schemes [7],[14] use the more general symmetric cipher and seems to process messages of arbitrary length. So, in table 1 below, we compare our scheme with schemes [7],[14] in terms of the length of the ciphertext which they produce and the number of the dominant operations required by them. In table we use mls, exps, and pcs as abbreviations for point multiplications in G1 , exponentiations in G2 and pairing computations respectively. In table, we denote all the ciphertexts, which are produced by encrypting the plaintext m with symmetric cipher in different and equal length keys and which are of equal length, as c for convenience, since we only consider the ciphertext length not the content of the ciphertext. Table 1. Comparison of Schemes Ciphertext Size |c|∗ =l2 |c|∗ >l2 (c1 = [c]|c|−l2 ) ♣ Libert-Quisquater[10] |c| + |q| + |G1 | |c| + |q| + |G1 | Chow-Yiu-Hui-Chow[15] |c| + |q| + |G1 | |c| + |q| + |G1 | Our scheme |q| + |G1 | |c1 | + |q| + |G1 | Schemes

Efficiency Signcrypt Signcrypt mls exps pcs mls exps pcs 1 2 2‡ 2 4‡ ‡ 1 2 2 2 4‡ † 1 2 1 2 4‡

(∗) c is produced by encrypting plaintext m with symmetric cipher. (†) One pairing is precomputable (‡) Two pairings are precomputable (♣) This scheme has no forward-secure property

5

Conclusion

We proposed a new identity-based signcryption scheme. It produces shorter length ciphertext than any one of schemes [7],[14] for the same plaintext. It has

348

H. Chen et al.

the IND-IBSC-CCIA property in random oracle with assumption that MDBDHP is hard to decide. Additionally, it is an interesting problem to construct an identity-based signcryption schemes which produces shorter length ciphertext than ours for the same plaintext.

References 1. Y. Zheng, Digital Signcryption or How to Achieve Cost (Signature & Encryption) Cost (Signature)+ Cost (Encryption), Advances in Cryptology - Crypto’97, LNCS 1294, Springer, pp.165-179, 1997. 2. Y. Zheng, Identification, Signature and Signcryption using High Order Residues Modulo an RSA Composite, Proc. of PKC’01, LNCS 1992, Springer, pp. 48-63, 2001. 3. Y. Zheng, Signcryption and its applications in efficient public key solutions, Proc. of ISW’97,pp. 291-312, 1998. 4. Y.Zheng, H. Imai, Efficient Signcryption Schemes On Elliptic Curves, Proc. of IFIP/SEC’98, Chapman & Hall, 1998. 5. R. Steinfeld, Y. Zheng, A Signcryption Scheme Based on Integer Factorization, Proc. of ISW’00,pp. 308-322, 2000. 6. B.H. Yum, P.J. Lee, New Signcryption Schemes Based on KCDSA, Proc. of ICISC’01, LNCS2288, Springer, pp. 305-317, 2001. 7. B. Libert and J.-J. Quisquater. New identity based signcryption schemes based on pairings. In IEEE Information Theory Workshop, Paris, France, 2003. 8. J. Malone-Lee, Identity Based Signcryption, available at http://eprint.iacr.org/ 2002/098/. 9. D. Nalla and K. C. Reddy. Signcryption scheme for identity-based cryptosystems. Cryptology ePrint Archive, Report 2003/066, 2002. http://eprint.iacr.org/ 2003/066. 10. R. Sakai and M. Kasahara. Id based cryptosystems with pairing on elliptic curve. In 2003 Symposium on Cryptography and Information Security - SCIS’2003, Hamamatsu, Japan, 2003. See also http://eprint.iacr.org/2003/054. 11. X. Boyen. Multipurpose identity-based signcryption: A swiss army knife for identity-based cryptography. In Advances in Cryptology - Crypto’2003, volume 2729 of Lecture Notes in Computer Science, pages 383-399. Springer-Verlag, 2003. 12. L. Chen and J.Malone-Lee. Improved identity-based signcryption. Cryptology ePrint Archive, Report 2004/114, 2004. http://eprint.iacr.org/2003/114. 13. Noel McCullagh and Paulo S.L.M Barreto Efficient and Forward-Secure IdentityBased Signcryption , available at http://eprint.iacr.org/2004/117. 14. Sherman S.M. Chow, S.M. Yiu, Lucas C.K. Hui, and K.P. Chow. Efficient Forward and Provably Secure ID-Based Signcryption Scheme with Public Verifiability and Public Ciphertext Authenticity. In: Information Security and Cryptology - ICISC 2003, LNCS 2971, pp. 352-369. Springer-Verlag, 2004 15. Fangguo Zhang, Willy Susilo, and Yi Mu. Identity-based Partial Message Recovery Signatures (or How to Shorten ID-based Signatures). Financial Cryptography and Data Security (FC’05), Lecture Notes in Computer Science, Springer Verlag, 2005, pp47-59 16. A. Shamir, identity-based Cryptosystems and Signature Schemes, Advances in Cryptology -Crypto’ 84, LNCS 0196, Springer, 1984. 17. G. Gamage, J. Leiwo, Y. Zheng. Encrypted message authentication by Firewalls, Proc. of PKC’99, LNCS 1560, Springer, pp. 69-81, 1999.

An Identity-Based Signcryption Scheme

349

Appendix: Proof of Theorem 1 The distinguisher B receives a random instance (P, a1 P, a2 P, a3 P, a−1 3 P, h) of the −1 MDBDH problem. Its goal is to decide whether h = e(P, P )a1 a2 a3 or not. B will run A as a subroutine and act as A’s challenger in the IND-IBSC-CCIA game. Here note that we only discuss the case E (·) (m) = l2 , the discussion of the case E (·) (m) > l2 is similar to that of the case E (·) (m) = l2 and is omitted. B needs to maintain lists L1 , L2 , L3 , L4 , and L5 that are initially empty and are used to keep track of answers to queries asked by A to oracle H1 , H2 , H3 , F1 and F2 . We assume that the following assumptions are made. (1) A will ask for H1 (ID) before ID is used in any Signcrypt, Unsigncrypt and Keygen queries. (2) A will not ask for Keygen(ID) again if the query Keygen(ID) has been already issued before. (3) Ciphertext returned from a Signcrypt query will not be used by A in an U nsigncrypt query. At the beginning of the game, B gives A the system parameters with Ppub = a3 P (a3 is unknown to B and plays the role of the PKG’s master key in the game). – H1 queries: When A makes an H1 query on identity, B checks the list L1 , If an entry for the query is found, the same answer will be given to A; otherwise, a value dj from Fq∗ will be randomly chosen and dj P will be used as the answer, the query and the answer will then be stored in the list L1 . The only exception is that B has to randomly choose one of the H1 queries from A, say the ith query, and answers H1 (IDi ) = a2 P for this query. Since a2 P is a value in a random instance of the MDBDH problem, it does not affect the randomness of the hash function H1 . – H2 , H3 , F1 and F2 queries: When A makes queries on these hash functions, B checks the corresponding list. If an entry for the query is found, the same answer will be given to A; otherwise, a randomly generated value will be used as an answer to A, the query and the answer will then be stored in the list. – Keygen queries: When A asks a query Keygen(ID), if ID = IDi , then B fails and stops. if ID = IDi , then the list L1 must contain a pair (ID, d) for some d. The private keys corresponding to ID is dID =da−1 3 P and sID =da3 P which B knows how to compute. – Signcrypt queries: At any time A can perform a Signcrypt query for a plaintext m and identities IDA , IDB (Let IDA , IDB be the identity of the sender and that of the recipient respectively). For case IDA =IDi , B can compute the private key sIDA correspondingly and the query can be answered by a call to Signcrypt (m, sIDA , QIDB ). For the case IDA =IDi and IDB = IDi , B answers Signcrypt (m, sIDA , QIDB ) query as follows. B randomly picks S ∈ G∗1 . Then B randomly choose r0 ∈ Zq and e(S, P ) e(QIDA , Ppub )r0 ). If L3 contains (k1 , ·), B has to repeat the computes k1 =( same process using another r0 until the corresponding (k1 , ·) is not any entry in

350

H. Chen et al.

L3 (Note that: this process repeats at most 3qR times as L3 can contain at most 3qR . B needs to compute two pairings at most for each iteration of the process). Then B computes τ = e(S, dIDB ) e(QIDA , QIDB )r0 , where dIDB is the private decryption key of IDB . B finds k =H2 (τ ) by running the simulation for H2 and computes c =E k (m). Then B finds f1 =F1 (c) by running the simulation forF1 and f2 =F2 (f1 ) by running the simulation for F2 , and computes f =f1  ||f2 c. Then B randomly picks r1 ∈Zq∗ \A ( here A={x−f | L3 contains (x, ·)} {x|L3 contains (·, x)} {k1 − f } ) and puts (k1 ,r1 ) and (r1 +f , r0 ) into L3 . The ciphertext (r1 + f, S) appears to be valid from A’s viewpoint. For case IDA = IDB = IDi , B signcrypts m as follows. B randomly chooses τ ∗ ∈ G2 and k ∗ ∈ {0, 1}n such that entries (τ ∗ , .) and (., k ∗ ) are not in L2 and computes c∗ =E k∗ (m). Then B finds f1∗ =F1 (c∗ ) by running the simulation for F1 , and f2∗ =F2 (f1∗ ) by running the simulation for F2 and computes f ∗ = ∗ ∗ c∗ . B randomly picks S ∗ ∈ G∗1 . Then B randomly choose r0∗ ∈ Zq f1 ||f2 ∗ and computes k1∗ =( e(S ∗ , P ) e(QIDA , Ppub )r0 ). If L3 contains (k1∗ , ·), B has to repeat the same process using another r0∗ until the corresponding (k1∗ , ·) is not any entry in L3 (Note that: B needs to compute two pairings at most for each iteration of the process). Then B randomly r1∗ ∈Zq∗ \A (here A={x−f ∗ |   picks ∗ L3 contains (x, ·)} {x|L3 contains (·, x)} {k1 − f ∗ }) and puts (k1∗ ,r1∗ ) and (r1∗ +f ∗ , r0∗ ) into L3 . B gives the ciphertext σ ∗ =(r1∗ +f ∗ , S ∗ ) to A. As A will not ask for the unsigncryption of σ ∗ , he will never see that σ ∗ is not a valid ciphertext of the plaintext m where IDA = IDB = IDi (since τ ∗ may not equal ∗ e(QIDA , QIDB )r0 ). to e(S ∗ , dIDB ) – Unsigncrypt queries: When A makes a Unsigncrypt query for ciphertext    σ = (r , S ) from IDA to IDB , we consider the two cases below:  For the case IDB = IDi , B always answers A that σ is invalid. So in the following case, B always notifies A the ciphertext is invalid: if the list L3 contains      e(QIDA , Ppub )r0 , y), the list L5 contains an entry ([r −y]l1 , (r , r0 ) and ( e(S , P )     f2 ), there is a probaf2 ), and A previously asked the hash value F1 ([r −y]l2   l1 l1 bility of at most 1/2 that B answered [r −y] (and that σ was actually valid from A’s point of view). The simulation fails if the list L4 contains an entry    f2 , [r −y]l1 ) (as B rejected a valid ciphertext). ([r −y]l2   For the case IDB = IDi , B rejects the ciphertext σ if (r , ·) isn’t be found in     L3 . Otherwise, it finds (r , r0 ) in L3 . B rejects the ciphertext σ if (k1 , ·) is not be     e(S , P ) e(QIDA , Ppub )r0 ). Otherwise, it finds (k1 , found in the list L3 ( here k1 =     r1 ). B rejects the ciphertext σ if ([r −r1 ]l1 , ·) isn’t   be found in L5 . Otherwise, it       l1 finds ([r −r1 ] , f2 ) and computes c =[r −r1 ]l2 f2 . B rejects the ciphertext σ if    the list L4 contains an entry (c , x) with x=[r −r1 ]l1 or the list L4 doesn’t contain       e(QIDA , QIDB )r0 , then (c , [r −r1 ]l1 ). Otherwise, B computes τ = e(S , dIDB )  he searches for an entry (τ , ·) in list L2 ; If no such entry is found, B randomly   picks k ∈ {0, 1}n such that no entry with k already exists in L2 and inserts         f2 ) (τ , k ) in L2 . B can use the corresponding k to find m =Dk ([r −r1 ]l2  and returns m . Apparently, under this case, the probability to reject at least qU qU qU one valid ciphertext doesn’t exceed 2[l/2] (=M ax{ q2Ul , 2[(l+1)/2] , 2[l/2] }).

An Identity-Based Signcryption Scheme

351

By analyzing the two cases above, It is easy to see that, for all queries, the qU probability to reject at least one valid ciphertext does exceed 2[l/2] ( =M ax qU qU { 2[(l+1)/2] , 2[l/2] }). After the first stage, A picks a pair of identities on which he wishes to be challenged. Note that B fails if A has asked an Keygen query on IDi during the first stage. It is easy to see that the probability for B not to fail in this stage is greater than qH1 . Further, with a probability exactly qH2 ( =(qH1 − 1)/ qH2 1 ), A 1 1 chooses to be challenged on the pair (IDj , IDi ) with j = i. Hence the probability that A’s response is helpful to B is greater than (qH1 )2 . Note that if A has 1 submitted an Keygen query on IDi , then B fails because he is unable to answer the question. On the other hand, if A does not choose (IDj , IDi ) as target identities, B fails too. Then A produces two plaintexts m0 and m1 (|m0 |=|m1 |), B randomly picks a bit b ∈ {0, 1} and signcrypts mb . To do so, he sets S ∗ = a1 P and randomly chooses r0∗ ∈ Fq∗ . Suppose IDj = dP , setting S ∗ = a1 P implies (x − r0∗ )da3 = a1 , −1 + r0∗ . Since a1 P and a3 P belong to a random instance of the i.e. x = a1 a−1 3 d MDBDH problem, x is random and this will not modify A’s view. B computes ∗ k1∗ =( e(S ∗ , P ) e(QIDA , Ppub )r0 ). If L3 contains (k1∗ , ·), B has to repeat the same process using another r0∗ until the corresponding (k1∗ , ·) is not any entry in L3 . ∗ B computes τ ∗ =h e(QIDj , a2 P )r0 , where h is B’s candidate for the MDBDH problem, obtains k ∗ = H2 (τ ∗ ) by running the simulation for H2 , and computes for F1 and f2 cb =E k∗ (mb ). Then B finds f1 =F1 (cb ) by running the simulation  =F2 (f1 ) by running the simulation for F2 , and compute f = f1 ||f2 cb . Then B ∗ ∗ A={x−f | L3 contains (x, ·)} {x|L3 contains (·, randomly  ∗ picks r1 ∈Zq \A (here x)} {k1 − f } ) and puts (k1∗ ,r1∗ ) and (r1∗ +f , r0∗ ) into L3 . B sends the ciphertext σ ∗ =(r1∗ +f , S ∗ ) to A. A then performs a second series of queries, B can handle these queries as in  the first stage. At the end, A will produce a bit b for which he believes relation  σ = Signcrypt(mb , sIDj , QIDi ) holds . If b = b , B then answers 1 as the result to the MDBDH problem since he has produced a valid signcrypted message of mb using the knowledge of h. Otherwise, B should answer 0. Taking into account all the probabilities that B will not fail its simulation, the probability that A chooses to be challenged on the pair (IDj , IDi ), and also the probability that A wins the IND-IBSC-CCIA game, we have MDBDHP (G1 ,G2 ,P )

Adv B

(l)> ( +1 2 (1 −

qU ) 2[l/2]

− 1/2)(1/(qH1 )2 ) =

(2[l/2] −qU )−qU (qH1 )2 2[l/2]+1

Regarding the time complexity, it can be verified by counting the number of pairing operations required to answer all queries.

A Strong Identity Based Key-Insulated Cryptosystem Jin Li1 , Fangguo Zhang2,3 , and Yanming Wang1,4 1

3

School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected] 2 Department of Electronics and Communication Engineering, Sun Yat-sen University, Guangzhou, 510275, P.R. China Guangdong Key Laboratory of Information Security Technology, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected] 4 Lingnan College, Sun Yat-sen University, Guangzhou, 510275, P.R.China [email protected]

Abstract. Key-insulated cryptosystem was proposed in order to minimize the damage of secret key exposure. In this paper, we propose a strong identity based (ID-based) key-insulated cryptosystem security model, including ID-based key-insulated encryption (IB-KIE) security model and ID-based key-insulated signature (IB-KIS) security model. Based on the security models, provably secure strong IB-KIE and IBKIS schemes are constructed in order to decrease the damage of user’s secret key exposure. These schemes are secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Furthermore, the schemes remain secure (for all time periods) against an adversary who compromises only the physically-secure device. All the key-insulated encryption and signature schemes in this paper are provably secure in the random oracle model and support random-access key-updates. Keywords: Key-insulated cryptosystem, ID-based, Bilinear pairings.

1

Introduction

The notion of key-insulated public key cryptosystem was first introduced by Dodis et al. [5] to minimize the damage of key exposures. In a certificate-based key-insulated public key cryptosystem, a user begins by registering a single public key pk which remains for the lifetime of the scheme. The secret key associated 

This work is supported by the National Natural Science Foundation of China (No. 60403007 and No. 10571181) and Natural Science Foundation of Guangdong Province, China (No. 04205407) and the Project-sponsored by SRF for ROCS, SEM.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 352–361, 2006. c IFIP International Federation for Information Processing 2006 

A Strong Identity Based Key-Insulated Cryptosystem

353

with a public key is here shared between the user and a physically-secure device. The master key is stored on a physically-secure device and a temporary secret key used to perform cryptographic operations is stored in an insecure device and updated regularly with the help of a physically-secure device that stores a master key. In order to simplify key management procedures of certificate-based public key infrastructures (PKIs), Shamir [11] introduced the idea of ID-based cryptosystem in 1984. In such cryptosystem, the public key of a user is associated with his identity information ID and his private key sID is generated by a trusted third party called Private Key Generator (PKG). However, key exposure problem also exists in ID-based cryptosystem: User may still store his or her private key sID in an insecure place to do cryptographic protocols such as ID-based signature or decryption. To mitigate the damage caused by the private key exposure in ID-based cryptosystem, one way is to construct ID-based key-insulated cryptosystem [10] that allows each user in this system update his or her private key periodically while keep the public key the same. In ID-based key-insulated cryptosystem, the user’s master key s∗ID is stored on a physically-secure device and a temporary secret key used to perform cryptographic operations is stored in an insecure device and updated regularly with the help of a physically-secure device. The lifetime of the protocol is divided into distinct periods 1, · · · , N . At the beginning of each period, the user interacts with the secure device to derive a temporary secret key which will be used to decrypt messages sent during that period. We denote by siID the temporary key for ID at period i, which is stored on an insecure device and will be used to perform cryptographic operations such as signing and deciphering for the time period i. On the other hand, the public key ID used to encrypt messages does not change at each period. We call a scheme ID-based (t, N )-key-insulated if an adversary who compromises the insecure device of an identity ID up to t < N periods cannot break the remaining N − t periods. Additionally, a scheme is called a strong ID-based (t, N )-key-insulated scheme if an adversary who compromises only the physically-secure device cannot break the scheme at any time periods. As also stated in [5], besides the direct application to minimizing the risk of key exposures across multiple time periods, ID-based key-insulated security may also be used to protect against key exposures across multiple locations, or users. Furthermore, it may also be used for purposes of delegation. Although the IB-KIS security model has been proposed recently [15] by Zhou, the strong secure IB-KIS security model and scheme still have not been formalized and constructed. Contribution. First, we give a more efficient strong IB-KIE scheme. The scheme is ID-based (N − 1, N )-key-insulated encryption scheme. Then, the first strong IB-KIS security model and scheme are also presented. The schemes constructed in this paper have random-access key updates property. That is to say, it is possible to update the secret key of ID from siID to sjID in one step.

354

2 2.1

J. Li, F. Zhang, and Y. Wang

Definitions and Security Model Definition

Definition 1. [IB-KIE] An IB-KIE consists of 7-tuple of poly-time algorithms (Setup, Extract, Gen, Upd∗ , Upd, Enc, Dec) defined as follows: – Setup: is a probabilistic algorithm run by a private key generator (PKG) that takes as input a security parameter 1k . It returns a public key pk, a master key sk. – Extract: the ID-Extraction algorithm, that takes as input ID, master key sk, returns the secret key sID for ID. – Gen: the user key generation algorithm, is a probabilistic algorithm that takes as input the private key sID and the total number of time periods N , outputs user’s master private key s∗ID and user’s initial secret key s0ID . – Upd∗ : the device key-update algorithm, is a probabilistic algorithm that takes as input indices i, j for time periods (1 ≤ i, j ≤ N ) and the master private key s∗ID . It returns a partial secret key si,j ID . – Upd: the user key-update algorithm, is a deterministic algorithm that takes as input indices i, j, a secret key siID , and a partial secret key si,j ID . It returns the secret key sjID for time period j. – Enc: the encryption algorithm, is a probabilistic algorithm which takes as input a public-key pk, a time period i, and a message M . It returns a ciphertext (i, C) for ID at time period i. – Dec: the decryption algorithm, is a deterministic algorithm which takes as input a secret key siID and a ciphertext (ID, i, C). It returns a message M or the special symbol ⊥. We define the following oracles: – EO: The Extraction Oracle, on input ID, a master key sk, output the corresponding secret key sID by running algorithm Extract. – KEO: The Key Exposure Oracle, on input signer ID and i, the oracle first runs Extract(ID) to get sID , and gets (s∗ID , s0ID ) by running algorithm Gen. 0,i 0,i followed by running Upd(0, i, s0ID , sID ) Then run Upd∗ (0, i, s∗ID ) to get sID i i to get sID , returns and stores the value sID . – DO: The Decryption Oracle, on input (ID, i, C), run Extract algorithm to get siID , return DecsiID (i, C). We say that an IB-KIE E is semantically secure against an adaptive chosen ciphertext attack (IND-ID-CCA) if no polynomially bounded adversary F has a non-negligible advantage against the challenger C in the following IND-ID-CCA game. First, C runs Setup of the scheme. The resulting system parameters are given to F . F issues the following queries as he wants: Phase 1 : F queries EO(ID), KEO(ID, i) and DO(ID, i, C) in arbitrary interleave.

A Strong Identity Based Key-Insulated Cryptosystem

355

Challenge: Once the adversary decides that Phase 1 is over it outputs two equal length plaintexts M0∗ , M1∗ , period i and an identity ID∗ on which it wishes to be challenged. The challenger picks a random bit b ∈ {0, 1} and sets C ∗ = Enc(ID∗ , i, Mb∗ ). It sends (ID∗ , i, C ∗ ) as the challenge to the adversary. Phase 2 : F queries more EO(ID), KEO(ID, i) and DO(ID, i, C) in arbitrary interleave. Guess: Finally, the adversary outputs a guess b ∈ {0, 1}. The adversary wins the game if b = b and ID∗ , (ID∗ , i), (ID∗ , i, C ∗ ) has never been queried to EO, KEO and DO, respectively. We refer to such an adversary F as an IND-ID-CCA adversary. We define adversary F ’s advantage in attacking the scheme E as the following function of the security parameter k: AdvE,F (k) = |P r[b = b ] − 12 |. The proof of security for our IB-KIE makes use of a weaker notion of security known as semantic security (also known as semantic security against a chosen plaintext attack or IND-ID-CPA) [2]. Semantic security is similar to chosen ciphertext security except that the adversary is more limited: it cannot issue decryption queries while attacking the challenge public key. Definition 2. We say that the IB-KIE E is semantically secure against an adaptive chosen plaintext attack if for any polynomial time IND-ID-CPA adversary F the function AdvE,F (k) is negligible. Definition 3. An IB-KIE has secure key updates if the view of any adversary F making a key-update exposure at (i, j) can be perfectly simulated by an adversary F  making key exposure requests at periods i and j. Definition 4. An IB-KIE is called (t, n)-key-insulated if the scheme remains secure for the remaining N − t time periods against any adversary F who compromises only the insecure device for t time periods. Definition 5. [IB-KIS] An IB-KIS consists of 7-tuple of poly-time algorithms (Setup, Extract, Gen, Upd∗ , Upd, Sign, Vrfy. – Definition of algorithms Setup, Extract, Gen, Upd∗ and Upd are the same with corresponding algorithms in IB-KIE. – Sign The signing algorithm, on input ID, i and message m, output signature σ. – Vrfy The verification algorithm, on input σ, ID, i and message m, output 1 if it is true; otherwise, output 0. We also define the signing oracle as follows: – SO: The signing Oracle, on input message M , ID, i, and partial secret key siID , output σ as the signature. We define the following game: First, C runs Setup of the scheme. The adversary F can query EO, KEO and SO adaptively. We say F wins the game if it outputs (ID, i, M , σ), such that ID, (ID, i) and (ID, i, m) are not equal to the inputs

356

J. Li, F. Zhang, and Y. Wang

of any query to EO, KEO and SO, respectively. σ is a valid signature of M for identity ID at period i.

3

A Strong ID-Based Key-Insulated Encryption Scheme

Our scheme uses bilinear pairings on elliptic curves. We now give a brief revision on the property of pairings and some candidate hard problems from pairings that will be used later. Let G1 , G2 be cyclic groups of prime order q, writing the group action multiplicatively. Let g be a generator of G1 . Definition 6. A map e : G1 × G1 → G2 is called a bilinear pairing if, for all x, y ∈ G1 and a, b ∈ Zq , we have e(xa , y b ) = e(x, y)ab , and e(g, g) = 1. Definition 7. Bilinear Diffie-Hellman (BDH) Problem: Given a randomly chosen g ∈ G1 , as well as g a , g b , and g c (for unknown randomly chosen a, b, c ∈R Z∗q ), compute e(g, g)abc . We say that the (t, )-BDH assumption holds in G1 if no t-time algorithm has non-negligible advantage  in solving the BDH problem in G1 . 3.1

The Scheme

1. Setup: To generate parameters for the system of time periods N , select a random generator g ∈ G1 , a random x ∈ Z∗q , and set g1 = g x . Next, pick random elements g2 , h, h1 , · · · , hN ∈ G1 , choose cryptographic hash functions H1 : {0, 1}∗ → Zq , H2 : G2 → Zq . The public parameters are params = (g, g1 , g2 , h, h1 , · · · , hN , H1 , H2 ), master key is g2x . 2. Extract: On input a private key g2x , to generate the private key sID for an identity ID, pick a random r ∈ Z∗q and output the private key sID = (g2x H (ID)

3. 4. 5.

6.

·(g1 1 · h)r , g r ). (1) (2) Gen: On input sID , parse it as sID =(sID , sID ), choose a random element (1) (2) η ∈ G1 , set s∗ID = (sID /η, sID ) and s0ID = (η, φ, φ, φ). ∗(1) ∗(2) Upd∗ : On input indices i, j and s∗ID , parse s∗ID as (sID , sID ), choose t ∈R ∗(1) ∗(2) i,j Z∗q and return a partial secret key sID = (sID · htj , sID , g t ). Upd: On input indices i, j, a secret key siID and a partial secret key si,j ID = i(1) i(2) i(3) i(4) j(1) j(2) j    i (u , v , w ), parse sID as (sID , sID , sID , sID ). Output sID =(sID , sID , j(3) j(4) j(1) i(1) i(1) j(2) i(1) sID , sID ), where sID = sID (in fact sID = η for all i), sID = sID · u , j(3) j(4) sID = v  , sID = w and erase (siID , si,j ID ). Enc: On input an index i of a time period, a message M , and an identity ID, pick r ∈R Z∗q and compute C=(A, B, C, D), where A=H2 (e(g1 , g2 )s ) ⊕ M , H (ID)

B = g s , C = (g1 1 · h)s , D = hsi . i(1) i(2) i(3) i(4) i 7. Dec: On input sID = (sID , sID , sID , sID ) and ciphertext C = (A, B, C, D) for an identity ID at period i, compute M =A ⊕ H2 (

i(2)

e(sID ,B)

i(3)

i(4)

e(sID ,C)·e(sID ,D)

).

A Strong Identity Based Key-Insulated Cryptosystem

3.2

357

Correctness

The decryption of the IB-KIE is justified by the following equations: i(2)

e(sID , B) i(3)

i(4)

e(sID , C) · e(sID , D)

3.3

H (ID)

=

e(g1 , g2 )s · e((g1 1

H (ID)

e(g r , (g1 1 = e((g1 , g2 )s ).

h)r , g s ) · e(hti , g s )

h)s ) · e(g t , hsi )

Security Analysis

Theorem 1. The IB-KIE has secure key updates and supports random key updates. Proof. Let F be an adversary who makes a key-update exposure at (i, j). This adversary can be perfectly simulated by an adversary F  who makes key exposure requests at periods i and j. Since F  can get siID and sjID , he can compute j(2) j(1) j(3) j(4)       si,j ID = (u , v , w ), where u = sID /sID , v = sID , w = sID . The proof that the scheme supports random key updates is trivial. Theorem 2. In the random oracle model, suppose the (t ,  )-BDH assumption holds in G1 and the adversary makes at most qH1 , qH2 , qE and qK times queries to hash functions H1 , H2 , private key extraction and key-exposure, respectively, then this ID-based key-insulated encryption scheme is (t, qH1 , qH2 , qE , qK , )semantically secure (IND-ID-CPA), where t < t + (2qE + 4qK )texp and texp is the maximum time for an exponentiation in G1 ,  ≈ qH ·q1H ·qK ·. 1

2

Proof is given in Appendix A. Theorem 3. The IB-KIE is a strong ID-based (N − 1, N )-key-insulated encryption scheme. Proof. Assume an adversary F succeeds to attack the IB-KIE with access to the secure device, we will construct an algorithm C described below solves BDH problem in G1 for a randomly given instance {g, X = g x , Y = g y , Z = g z } and asked to compute e(g, g)xyz . The details are as follows. First, C puts g1 = X as the PKG’s public key and sends it to F . Then C randomly selects an element s∗ID ∈ G21 and gives s∗ID to F . C will answer hash function, extract, key exposure queries as the proof in theorem 2. If F could break the scheme, from the simulation we can infer that C can solve the BDH problem as the proof in theorem 2. Meanwhile, in the proof of theorem 2, the adversary can query key exposure oracle up to N − 1 (i.e. qK = N − 1) different time periods for an identity ID, so it is obvious that the key-insulated encryption scheme is (N − 1, N )-key-insulated. By using the technique due to Fujisaki-Okamoto [7], the scheme can be converted into a chosen ciphertext secure ID-based key-insulated system in the random oracle model.

358

4

J. Li, F. Zhang, and Y. Wang

A Strong ID-Based Key-Insulated Signature Scheme

An IB-KIS consists of 7-tuple of poly-time algorithms (Setup, Extract, Gen, Upd∗ , Upd, Sign, Vrfy. In this section, a strong IB-KIS is proposed based on the scheme in section 3. – Setup: The public parameters are params = (g, g1 , g2 , h, h1 , · · · , hN ), master key is g2x , which is the same with IB-KIE. Define three hash functions as H1 : {0, 1}∗ → Zq and H2 : {0, 1}∗ → G1 . – Algorithms Extract, Gen, Upd∗ and Upd are the same with the corresponding in IB-KIE. – Sign: On input an index i of a time period, a message M , an identity ID, i(1) i(2) i(3) i(4) and siID =(sID , sID , sID , sID ), pick r ∈R Z∗q , output σ = (A, B, C, D), i(2)





i(3)

i(4)



where A = sID [H3 (M, g r )]r , B = sID , C = sID , D = g r ). – Vrfy: On input σ = (A, B, C, D) on message M for an identity ID at ? H (ID) h) ·e(C, hj ) period i, the verifier checks e(g, A) = e(g1 , g2 ) ·e(B, g1 1 ·e(D, H3 (M, D)). Output 1 if it is true. Otherwise, output 0. 4.1

Security Analysis

Theorem 4. If the CDH assumption holds in G1 , then the IB-KIS is secure in the random oracle model. Proof. The proof is given in appendix B. Theorem 5. The IB-KIS is a strong (N −1, N )-IB-KIS, has secure key updates and supports random key updates. From the proof of theorem 1 and 3, the result can be easily deduced.

5

Conclusion

Key-insulated cryptosystem was proposed in order to minimize the damage of secret key exposure and has many other important applications. In order to decrease the damage of secret key exposure in identity based cryptosystem, a strong ID-based (N − 1, N )-key-insulated encryption and a strong ID-based (N − 1, N )-key-insulated signature schemes are proposed. The schemes in this paper are provably secure in the random oracle model and support randomaccess key-updates.

References 1. M. Bellare and S.K. Miner. A Forward-Secure Digital Signature Scheme. Crypto’99, pp. 431-448, Springer-Verlag, 1999. 2. D. Boneh and X. Boyen. Efficient selective-ID identity based encryption without random oracles. EuroCrypt’04, LNCS 3027, pp. 223-238, Springer-Verlag, 2004. 3. Y. Desmedt and Y. Frankel. Threshold cryptosystems. Crypto’89, LNCS 435, pp. 307-315, Springer-Verlag, 1989.

A Strong Identity Based Key-Insulated Cryptosystem

359

4. Y. Dodis, M. Franklin, J. Katz, A. Miyaji, and M. Yung, Intrusion-resilient publickey encryption. CT-RSA’03, LNCS 2612, pp. 19-32, Springer-Verlag, 2003. 5. Y. Dodis, J. Katz, S. Xu and M. Yung. Key-Insulated Public-Key Cryptosystems. EuroCrypt’02, pp. 65-82, Springer-Verlag, 2002. 6. Y. Dodis, J. Katz, S. Xu and M. Yung. Strong Key-Insulated Signature Schemes. PKC’03, LNCS 2567, pp. 130-144, Springer-Verlag, 2003. 7. E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. Crypto’99, LNCS 1666, pp. 537-554, Springer-Verlag, 1999. 8. C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. AsiaCrypt’02, LNCS 2501, pp. 548-566, Springer-Verlag, 2002. 9. M. Girault. Relaxing Tamper-Resistance Requirements for Smart Cards Using (Auto)-Proxy Signatures. CARDIS’98, LNCS 1820, pp. 157-166, Springer-Verlag, 1998. 10. Y.Hanaoka, G.Hanaoka, J.Shikata, H.Imai. Identity-Based Hierarchical Strongly Key-Insulated Encryption and Its Application. AsiaCrypt’05, LNCS 3788, pp. 495-514, Springer-Verlag, 2005. 11. A. Shamir. How to share a secret. Comm. 22(11):612-613, ACM, 1979. 12. A. Shamir. Identity-based cryptosystems and signature schemes. Crypto’84, LNCS 196, pp.47-53, Springer-Verlag, 1984. 13. D.Yao, N.Fazio, Y.Dodis, A.Lysyanskaya. ID Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. CCS’04, pp. 354-363, ACM, 2004. 14. D.H. Yum and P.J. Lee. Efficient Key Updating Signature Schemes Based on IBS. Cryptography and Coding’03, LNCS 2898, pp. 167-182, Springer-Verlag, 2003. 15. Y. Zhou, Z. Cao, Z. Chai. Identity Based Key Insulated Signature. ISPEC’06, LNCS 3903, pp. 226-234, Springer-Verlag, 2006.

Appendix A: Proof of Theorem 2 Proof Suppose an adversary F has an advantage  in attacking the scheme, we build an algorithm C that uses F to solve the BDH problem. Algorithm C is given a random (g, X = g x , Y = g y , Z = g z ) and asked to compute e(g, g)xyz .  Algorithm C publishes params=(g, g1 = X, g2 = Y , h = g1−ω g ω , h1 = g1ω1 , ωk−1 ωk+1 ωN ωk , hk = g , hk+1 = g1 , · · · , hN = g1 ) as the public · · · , hk−1 = g1 parameters, k ∈ [1, N ] is chosen randomly by C. Algorithm C interacts with F as follows: – Hash function query: There are two types of hash function query H1 and H2 . C maintains a list of tuples called the H1list and chooses a random k  ∈ [1, qH1 ]. Initially the list is empty. If the query IDi already appears on the H1list in a tuple (IDi , ai ) then respond with H1 (IDi ) = ai . Otherwise, C chooses ai ∈R Zq and answers H1 (IDi )=ai for 1 ≤ i ≤ qH1 if i = k  . And answers H1 (IDi )=ω if i = k  . At any time algorithm F may issue queries to the random oracle H2 . To respond to these queries, C maintains a list of tuples called the H2list . Each entry in the list is a tuple of the form (Ti , bi ). Initially the list is empty. To respond to query Ti algorithm C does the following: If the query Ti already appears on the H2list in a tuple (Ti , bi )

360

J. Li, F. Zhang, and Y. Wang

then respond with H2 (Ti ) = bi . Otherwise, C just picks a random string bi and H2 (Ti ) = bi and adds the tuple to the list. – EO: If F issues extraction queries IDi , C first find H1 (IDi ) = ai in the H1list , ω

1

returns sIDi = (Y ω−ai , Y ω−ai ) to F as the response if i = k  . It is easy to y verify this is a valid private key: Let r = ω−a (In fact, C doesn’t know the i ω

H (ID )

1

value of r), then sIDi =(g2x (g1 1 i · h)r , g r )=(Y ω−ai , Y ω−ai ). Otherwise, the process stops and C fails. – KEO: If F issues key exposure queries (IDi , j), C first computes sIDi = (Y

ω ω−ai

,Y

1 ω−ai

) and then returns (Y

ω ω−ai

htj , Y

1 ω−ai

, g t ) to F as the response 



1

if i = k  . If i = k  and j = k, C chooses r ∈ Zq and returns (g ω r , g r , Y ωj ) to F as the response. It is valid key for period j: Let t = − ωyj , then H (IDk )

sIDi =(g2x (g1 1 exits.



· h)r · htj , g r , g t )=(g ω r , g r , Y

− ω1

j

) Otherwise, C fails and

F outputs two messages M0 , M1 and ID at time period j. If ID = IDk and j = k, C picks a random bit b ∈ {0, 1} and responds with the ciphertext  as C = (R ⊕ Mb , Z, Z ω , Z ωk ) for a random R ∈ Zq . The ciphertext is simulated correctly: Let H2 (e(g, g)xyz ) = R, then the ciphertext is (H2 (e(g, g)xyz ) ⊕  H (ID) z h) , hzj )=(R ⊕ Mb , Z, Z ω , Z ωk ). Mb , g z , (g1 1 F issues more private key queries ID and key exposure queries (ID, j), restriction is that ID = IDk and j = k. A responds as before. This completes the description of algorithm C and F outputs guess b with advantage  . If C does not abort, then, C chooses one of the qH2 values T that is sent for H2 -query and outputs as the result to the BDH problem. For F has an advantage  in attacking the scheme, from the simulation we can infer that C can solve the BDH problem with advantage  ≈ qH1 · qH1 · q1K , which is the 1 2 success probability of the events that ID = IDk , j = k and the T is exact value randomly selected from H2 -query.

Appendix B: Proof of Theorem 4 Proof If an adversary A succeeds to attack our scheme, then we can construct an algorithm C described below solves CDH problem for a randomly given instance {g, X = g x , Y = g y } and asked to compute g xy . The details are as follows. The public parameters are the same with the simulation in theorem 2 as  ω params=(g, g1 = X, g2 = Y , h = g1−ω g ω , h1 = g1ω1 , · · · , hk−1 = g1 k−1 , ω ω k+1 hk = g ωk , hk+1 = g1 , · · · , hN = g1 N ), k ∈ [1, N ] is chosen randomly by C. Algorithm C interacts with F as follows: – Hash function query: There are two types of hash function query H1 and H2 . C maintains a list of tuples called the H1list and chooses a random k  ∈ [1, qH1 ]. Initially the list is empty. If the query IDi already appears on the H1list in a tuple (IDi , ai ) then respond with H1 (IDi ) = ai . Otherwise, C

A Strong Identity Based Key-Insulated Cryptosystem

361

chooses ai ∈R Zq and answers H1 (IDi )=ai for 1 ≤ i ≤ qH1 if i = k  . And answers H1 (IDi )=ω if i = k  . To respond to H2 queries, C maintains a list of tuples called the H2list . Each entry in the list is a tuple of the form (Mi , ui , bi ). Initially the list is empty. To respond to query Mi , ui , algorithm C does the following: If the query Mi , ui already appears on the H2list in a tuple (Mi , ui , bi ) then respond with H2 (Mi , ui ) = g bi . Otherwise, C just picks a random string bi ∈ Zq , back patches H2 (Mi , ui ) = g bi , adds the tuple to the list. – The simulation of EO, KEO is the same with the proof in theorem 2. – Signature query: On input (ID, i, M ), C chooses r, r , t ∈ Zq , patches H2 (M, 1 1 H (ID) r t h) hj , g r , g t , Y − c ) to F as the response. It Y − c )=X c and returns ((g1 1 is valid signature from the view of adversary. This completes the description of algorithm C. After the simulation, the adversary outputs a forged ID-based key-insulated signature as (A, B, C, D) for identity IDk , at time period i = k on a message M . Then C can solve CDH problem as follows: From H2 list, C can recover the triple (M, D, b) such that H2 (M D) = g b with probability 1 − 1q (it is the probability that F does not A query H2 random oracle and outputs the correct value) . Then g xy = B ω ·C ω ·D b , that is to say, C solves the CDH problem. The probability that C doesn’t abort in EO,KEO simulation is not less than 1 − qqHE and 1 − qqHK . So, if IB-KIS is 1 1 broken with non-negligible probability  , then CDH problem can be solved with probability (1 − qqHE )· (1 − qqHK )· (1 − 1q ) . Then we can say that under the CDH 1 1 assumption, the IB-KIS is secure.

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE Jin Li1 , Fangguo Zhang2,3 , and Yanming Wang1,4 1

3

School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected] 2 Department of Electronics and Communication Engineering, Sun Yat-sen University, Guangzhou, 510275, P.R. China Guangdong Key Laboratory of Information Security Technology, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected] 4 Lingnan College, Sun Yat-sen University, Guangzhou, 510275, P.R. China [email protected]

Abstract. A new hierarchical identity based (ID-based) cryptosystem is proposed, including hierarchical identity based encryption (HIBE) and signature (HIBS) schemes. The new HIBE scheme can be proved to be secure without relying on the random oracle model. Then, a new public key encryption (PKE) scheme is constructed based on the new HIBE. It is secure against adaptively chosen ciphertext attacks (IND-CCA) and has many attractive properties, such as efficient key generation, short private key, fast encryption, and etc. Performance of the new PKE scheme is better than all the previous PKE schemes converted from IBE, and is competitive with the best provably secure solutions to date. Furthermore, a new HIBS scheme is also constructed, which shares the same parameters with the new HIBE. The new HIBS scheme is more efficient than the previous HIBS. Keywords: Identity based, Public key encryption, Bilinear groups.

1

Introduction

ID-based cryptosystem [21] is a public key cryptosystem where the public key can be an arbitrary string such as an email address. A private key generator (PKG) uses a master secret key to issue private keys to identities that request 

This work is supported by the National Natural Science Foundation of China (No. 60403007 and No. 10571181) and Natural Science Foundation of Guangdong Province, China (No. 04205407) and the Project-sponsored by SRF for ROCS, SEM.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 362–371, 2006. c IFIP International Federation for Information Processing 2006 

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE

363

them. Many Identity-Based signature (IBS) schemes have been proposed such as [2,13,22] since shamir proposed the ID-based notion. However, until 2001, Boneh and Franklin [9] proposed the first practical identity-based encryption scheme, which is provably secure in the random oracle model. However,using a single PKG is not efficient in large scale, so another research direction is hierarchical ID-based cryptosystem [17]. In the hierarchical version, PKGs are arranged in a tree structure, the identities of users (and PKGs) can be represented as vectors. An identity can issue private keys to its descendant identities. All the PKGs in the leaves are responsible for generating private keys for users in the corresponding domain. Related Work. Gentry and Silverberg proposed the first scalable provably secure HIBE [16] in the random oracle model. Canetti, Halevi, and Katz [12] introduced a slightly weaker security model, called selective identity (selective-ID) IBE. In this model the adversary must commit ahead of time (non-adaptively) to the identity it intends to attack. The adversary can still issue adaptive chosen ciphertext and adaptive chosen identity queries. Later, Boneh and Boyen proposed a provably selective-ID secure HIBE [6,7] without random oracles. Recently, Canetti et al. [12] showed a generic method to construct efficient CCA-secure PKE from selective-ID IBE combined with one-time signatures. Later, Boneh and Katz [10] improved the efficiency of the generic construction of PKE [12] by replacing the one-time signatures with message authentication code and key encapsulation. They also showed two instantiations of PKE, denoted by BK-1 scheme and BK-2 scheme, respectively. As also pointed in [10], the BK-2 scheme is more efficient than BK-1. However, the BK-2 scheme relies on the non-standard Decision q-Bilinear Diffie-Hellman Inversion (Decision qBDHI) problem. Decision q-BDHI problem can be informally stated as follows: for G =< g >, GT of large prime order p, and a bilinear pairing eˆ : G × G → GT , q given g,g α , · · · , g α for unknown α ∈ Z∗p , T ∈ GT , there is no probabilistic poly1 nomial time algorithm able to decide if T = eˆ(g, g) α . The Decision q-BDHI assumption which BK-2 based on is very strong, for if the PKE is IND-CCA secure, then q should be greater than the decryption query times. Corresponding to HIBE, the first HIBS was proposed by Chow et al. [14]. The HIBS is provably secure against existential forgery for selective-ID, adaptive chosen-message-andidentity attack (EF-sID-CMIA) and shares the same system parameters and key generation process with [6]. However, the signature generation is inefficient and reduction is not tight for the technique of forking lemma [20] used in their construction. Contributions 1. We propose a new HIBE scheme. It can be proved to be selective-ID secure without relying on the random oracle model. 2. A very efficient PKE scheme is constructed based on the new HIBE, which is the main contribution of this paper. Our new PKE scheme is as efficient as the best PKE [10] converted from IBE. Moreover, the new PKE is based

364

J. Li, F. Zhang, and Y. Wang

on Decision 1-BDHI (not q-BDHI as [10]), which is independent with the decryption query times. So, the new PKE scheme is better than BK-2 and its performance is competitive with the best provably secure solutions to date [18]. 3. A corresponding HIBS scheme is also constructed, which shares the same parameters with the new HIBE. The new HIBS is very efficient: The signature generation only needs two exponentiation regardless of the hierarchy depth. It does not rely on the forking lemma [20] and it has a very tight security reduction. Organization. The next section presents the HIBE security model and briefly explains the bilinear pairing and some problems related to pairings. Section 3 gives the new HIBE construction and security analysis. section 4 is the new PKE construction. In section 5, a new HIBS shares the same parameters with HIBE in section 3 is constructed. Its security analysis and efficiency are also given in this section. The paper ends with some concluding remarks.

2 2.1

Preliminaries Security Model

Definition 1. (HIBE) An -level HIBE ( -HIBE) scheme handling identities of hierarchy depth consists of four algorithms: (Setup, Der, Enc, Dec). The algorithms are specified as follows: – Setup. On input a security parameter 1k , the PKG generates msk and param where msk is the randomly generated master secret key, and param is the corresponding public parameter. – Der. On input an identity vector ID = (I1 , . . . , Ik ), where all Ik ∈ Z∗p and k < , and the private key SID|k−1 for its parent identity ID|k−1 = (I1 , . . . , Ik−1 ), it returns the corresponding private key SID . – Enc. On input ID, a message M , and a random value s, it outputs a ciphertext C. – Dec. On input the C and private key SID , it outputs M if C is a valid ciphertext. Otherwise, it outputs ⊥. We define the following oracles: – Extraction Oracle EO: The Key Extraction Oracle with input ID will output the corresponding secret key SID . – Decryption Oracle DO: The Decryption Oracle with input C will output a M if C is a valid ciphertext. Otherwise, it outputs a distinguished symbol ⊥. Canetti et al. [12] defined a security notion for HIBE as chosen ciphertext for selective-ID, adaptive chosen identity and chosen ciphertext attacks (INDsID-CCA). Its formal definition is based on the following IND-sID-CCA game involving an adversary A.

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE

365

– Init: The adversary A outputs an identity ID∗ , which will be used to challenge A. – Setup: Take a security parameter 1k and run Setup to generate common public parameters params and the master secret key msk. params is sent to A. – A queries EO and DO, restriction is that ID∗ or any prefix of ID∗ does not appear in any query to EO. – Challenge: A outputs an identity ID∗ , and two equal length plaintexts m0 ,m1 for challenge ciphertext. Choose a random b ∈ {0, 1} and send the challenge ciphertext C=Enc(ID∗ , mb ) to A. – A continues to query EO and DO, restriction is that ID∗ or any prefix of ID∗ , and challenge ciphertext C have not been queried to EO and DO, respectively. – Finally, A outputs a guess bit b . k We say that A wins the game if b =b. The advantage Advcca A (1 ) of A is 1 defined as the probability that it wins the game over 2 . k Definition 2. An -HIBE scheme is secure if Advcca A (1 ) is negligible for any probabilistic polynomial time (PPT) adversary A.

A weaker notion called selective identity secure against chosen plaintext attacks (IND-sID-CPA) is similar to IND-sID-CCA, except that the adversary cannot ask DO after the challenge ciphertext is given. 2.2

Pairings and Problems

Let G, GT be cyclic groups of prime order p, writing the group action multiplicatively. Let g be a generator of G. Definition 3. A map eˆ : G × G → GT is called a bilinear pairing if, for all x, y ∈ G and a, b ∈ Zp , we have eˆ(xa , y b ) = eˆ(x, y)ab , and eˆ(g, g) = 1. Definition 4. (DHI problem) The Diffie-Hellman Inversion (DHI) problem is 1 that, given g, g α ∈ (G)2 for unknown α ∈ Z∗p , to compute g α . We say that the (t, )-DHI assumption holds in G if no t-time algorithm has the non-negligible probability  in solving the DHI problem. Definition 5. (Decision BDHI problem) The Decision Bilinear Diffie-Hellman Inversion (Decision BDHI) problem is that, given g,g α ∈ (G)2 for unknown 1 α ∈ Z∗p , T ∈ GT , to decide if T = eˆ(g, g) α . We say that the (t, ) Decision BDHI assumption holds in G if no t-time algorithm has the probability at least 12 +  in solving the Decision BDHI problem for nonnegligible . In fact, Boneh et al. [6] actually also defined a problem called q-BDHI. When q = 1, Decision 1-BDHI is exactly the definition of Decision BDHI problem. It was also shown in [23] that DHI problem is equivalent to BDH problem. Obviously, Decision BDHI is a weaker version of Decision q-BDHI Problem when q > 1.

366

3

J. Li, F. Zhang, and Y. Wang

A New HIBE Scheme

Let G be a bilinear group of prime order p. Given a pairing: eˆ : G × G → GT . Setup. To generate system parameters, the algorithm selects a random generator g, h1 , . . ., h ∈ (G)+1 , picks a random α ∈ Zp , and sets g1 = g α . The system 1 parameters param = (g, g1 , h1 , . . . , h ) and the master key is g α . Meanwhile, l functions are also defined as Fj (x) = g x hj for 1 ≤ j ≤ . Der. To generate a private key for ID =(I1 , . . . , Ik ), where k ≤ , the algorithm picks random r1 , r2 , · · · , rk ∈ (Zp )k and returns SID = (a0 , a1 , . . . , ak ), 1 k where a0 = g α i=1 (Fi (Ii ))ri , a1 = g1r1 , · · · , ak = g1rk . In fact, the private key for ID can also be generated as SID = (a0 (Fk (Ik ))rk , a1 , . . . , ak−1 , g1rk ) by its parent ID|k−1 = (I1 , . . . , Ik−1 ) with secret key SID|k−1 = (a0 , a1 , . . . , ak−1 ). Enc. To generate the ciphtertext on a plaintext M ∈ GT with respect to ID, pick s ∈R Zp∗ , output ciphertext C = (A, B, C1 , · · · , Ck ), where A = eˆ(g, g)s · M , B = g1s , C1 = (F1 (I1 ))s , · · · , Ck = (Fk (Ik ))s . key SID = (a0 , a1 ,. . . ,ak ) Dec. On input ciphertext C = (A, B, C1 ,· · · ,Ck ), private  for ID=(I1 , · · · , Ik ), output the plaintex M = A·

3.1

k i=1

eˆ(ai ,Ci ) . eˆ(a0 ,B)

Correctness and Efficiency Analysis

Correctness is obvious. We show the efficiency analysis as follows: The new HIBE system is the first HIBE based on the Decision BDHI assumption, and it is as efficient as [6]. Boneh et al. [7] also gave a HIBE with constant ciphertext, however, it is based on a non-standard and not well-studied assumption called q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption. 3.2

Security Result

Theorem 1. Assume the (t, ) Decision BDHI assumption holds, then the new -HIBE is (t , qE , )-sID-CPA secure, where qE is the extraction times and t < t − Θ( qE texp ), in which texp is the maximum time for an exponentiation in G. Proof. Suppose for contradiction that there exists an adversary A breaks the scheme, then we show there exists an algorithm C that, by interacting with A, solves the decision Decision BDHI problem. Our algorithm C described below solves Decision BDHI problem for a randomly given instance {g, X = g α , T } and 1 asked to decide if T = eˆ(g, g) α . The details are as follows. Init: A first outputs target identity ID∗ = (I1∗ , · · · , Ik∗ ) ∈ Zkp of depth k ≤ l. C ∗ appends random elements (Ik+1 , · · · , Il∗ ) ∈ Zl−k such that ID∗ is an vector of p ∗ length l. Hence, from here we assume that ID is a vector of length l.

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE

367

Setup: Algorithm C generates the system parameters by picking α1 , · · · , αl ∈ Zp ∗ at random and defines g1 = X, hi = g −Ii g1αi for i = 1, 2, · · · , l. The system parameters params= (g, g1 , h1 , h2 , · · · , hl ) are sent to A. The corresponding master 1 key, which is unknown to C, is g α . Extraction query: Let ID=(I1 , · · · , Im ) be the identity for private key query, where t ≤ l. Assume n is the minimum value such that In = In∗ . C computes the simulated private key for ID as follows: Pick r1 , · · · , rn−1 , rn , rn+1 , · · · , rm ∈ Z∗p .   − αn ri Output the simulated private key SID = (g In −In∗ (Fn (In ))rn m i=1,i=n (Fi (Ii )) , r

r



1

r

g1r1 , · · · , g1n−1 , g1n g In −In∗ , g1n+1 , · · · , g1rm ). The correctness of the private key can be verified as follows: 1 Let rn = rn − (In −I ∗ )α (which is not known to C), then g

(g

∗ In −In

r

 αn rn

g1 )

 rn

=g

1 − In −I ∗

n 1 α

Fn (In )rn . So, (g

αn ∗ n −In

−I

r

1 α

n+1 n , g g1n−1 , g1 g , · · · , g1rm )=(g 1 is a valid private key from the view of A.

k

 rn

Fn (In )

n − Inα−I ∗

m

n

i=1,i=n

ri i=1 (Fi (Ii )) ,



Fn (In )rn =g

n − Inα−I ∗

n

Fi (Ii )ri , g1r1 , · · · ,

a1 = g1r1 , · · · , ak = g1rk )

Challenge: After received (m0 , m1 , ID∗ =(I1∗ , · · · , Ik∗ )) for challenge ciphertext, C picks a random bit b ∈ {0, 1}, r ∈R Zp∗ , and outputs the challenge ciphtertext as C = (T r · mb , g r , g α1 r , · · · , g αm r ). The challenge ciphertext is correct 1 if T = eˆ(g, g) α : Let s = αr (which is unknown to C), then Fi (Ii∗ )s =g αi r and C = (ˆ e(g, g)s · mb , g1s , F1 (I1∗ )s , · · · , Fk (Ik∗ )s )=(T r · mb , g r , g α1 r , · · · , g αk r ). A can continue to query EO on ID and the only restriction is that ID is not a prefix or equal to ID∗ . After the simulation, if the adversary outputs a guess bit b . If b = b, then C 1 1 decide that T = eˆ(g, g) α . Otherwise, T = eˆ(g, g) α . It is easy to verify that if the advantage of A is , then C can also have an advantage  to the Decision BDHI problem. 3.3

Chosen Ciphertext Security

Canetti et al. [12] showed an generic mehtod to build an IND-sID-CCA secure -HIBE from an IND-sID-CPA secure ( + 1)-HIBE. In combination with the above construction, we obtain a IND-sID-CCA secure -HIBE.

4

An Efficient CCA Secure Public Key Encryption

Recently, Canetti, Halevi, and Katz [12] showed a general method for constructing CCA-secure encryption schemes from an IND-sID-CPA IBE in the standard model, which was later improved by Boneh and Katz [10]. A public-key encryption scheme PKE is a triple of PPT algorithms: Key generation algorithm (Gen, encryption algorithm Enc and decryption algorithm Dec).

368

J. Li, F. Zhang, and Y. Wang

In order to design a CCA-secure PKE from IBE, it requires a message authentication code and an encapsulation scheme. We view a message authentication code as a pair of PPT algorithms (Mac; Vrfy). The authentication algorithm Mac takes as input a key and a message M , and outputs a string tag. The verification algorithm Vrfy takes as input the same key, a message M , and a string tag, output 1 if it is valid; otherwise, it outputs 0. We only require the message authentication code is secure against a one-time chosen-message attack. Meanwhile, the encapsulation scheme of [10] is used in our paper. For more details, the reader is referred to [10]. 4.1

The CCA-Secure PKE Scheme

Let G be a bilinear group of prime order p. Given a pairing: eˆ : G × G → GT . G is a pseudorandom generator. H is a hash function assumed to be second-preimage resistant such that H : {0, 1}k1 → {0, 1}k . g is a generator of G and Z = eˆ(g, g). The system public parameters are {G, GT , eˆ, g, Z, H}.  1. Gen. Choose α, α ∈ (Z∗p )2 and set g1 = g α and g  = g α . Meanwhile, choose hash function h from a family of pairwise-independent hash functions such that h: {0, 1}k1 → {0, 1}k . The public key is P K = {g1 , g  , h} and the secret key is SK = (α, α ). 2. Enc. On input public key P K = {g1 , g  , h} and a message M , choose r ∈ {0, 1}k1 , let k  = h(r) and ID = H(r). Pick a random s ∈ Zp and set C = (g1s , g s·ID g s , G(Z s ) ⊕ (M ◦ r)). Output the ciphertext (ID, C, tag = Mack (C)). 3. Dec. To decrypt the ciphertext (ID, C, tag), first parse C = (C1 , C2 , C3 ), t(ID+α )+α−1

pick a random t ∈ Zp and get (M ◦ r) = C3 ⊕ G(ˆ e(C1 C2−tα , g)). Set   k = h(r) and output the plaintext M if Vrfy(k , C, tag) = 1 and H(r) = ID. Otherwise, output ⊥. 4.2

Efficiency Analysis

The new PKE has many attractive properties. First, the key generation requires only two exponentiations in G. Meanwhile, the computations in encryption algorithm are only 3.5 exponentiations (one multi-exponentiation is counted as 1.5 exponentiations), which is the same with [10,18]. In fact, it only requires 2.5 exponentiations in encryption for Z s can be pre-computed. The decryption needs only 1.5 exponentiations and 1 pairing computations. So, computations of key generation, encryption and decryption of the new PKE system are the same with the BK-2 scheme. As noted by Boneh et al. [10], the most efficient PKE converted from IBE is the BK-2 scheme in [10]. From the viewpoint of efficiency, the new PKE is is as efficient as BK-2. However, the BK-2 scheme was based on the strong and non-standard Decision q-BDHI assumption, where q is not less than the number of decryption queries from adversary. Compared to BK-2, the new PKE in this paper is better for it is based on the standard and well-studied Decision

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE

369

BDHI (or Decision 1-BDHI) assumption. In conclusion, the new PKE is the most efficient encryption converted from IBE without random oracles to date and is competitive with the best provably secure solutions [18]. Theorem 2. Assume the underlying IBE scheme is IND-sID-CPA secure, the message authentication code is secure against one-time chosen message attack, and encapsulation scheme used above satisfies computationally binding and hiding, then the new PKE scheme is IND-CCA Secure. The underlying IBE in this PKE construction is IND-sID-CPA secure from theorem 1. Meanwhile, the message authentication code and encapsulation scheme used are the same to [10]. So, the new PKE can be proved to be secure from the generic construction method in [10].

5

An Efficient HIBS

An -level HIBS ( -HIBS ) scheme handling identities of hierarchy depth consists of four algorithms: (Setup, Der, Sign, Verify). Meanwhile, Chow et al. [14] defined the security notion for HIBS as existential forgery for selective-ID, adaptive chosen message-and-identity attack (EF-sID-CMIA). It is referred to [14] for more details. 1. Setup. The parameters (ˆ e, G, GT , g, g1 , h1 , . . . , h ) are the same with HIBE in section 3. Meanwhile, define a hash function H : {0, 1}∗ → G. Meanwhile and l functions Fj (x) = g x hj for 1 ≤ j ≤ l. Then, the system parameters are 1 param = (ˆ e, G, GT , g, g1 , h1 , . . . , h , H) and the master key is g α . 2. Der. The generation of private key for ID = (I1 , . . ., Ik ) is the same with algorithm Der of HIBE in section 3. Let SID = (a0 , a1 , . . . , ak ), where 1 k a0 = g α i=1 (Fi (Ii ))ri , a1 = g1r1 , · · · , ak = g1rk . 3. Sign. For a user with identity ID and private key SID = (a0 , a1 , . . . , ak ), he signs a message M as follows: pick a random s ∈ Zp , compute T = g1s and A = a0 · [H(M, T )]s . Output the signature as σ = (A, T, a1 , . . . , ak ). 4. Verify. After receive a signature σ =(A, T, a1 , . . . , ak ) on message M for  ? e(T, H(M, T )) ki=1 (ˆ e(Fi (Ii ), ai )). OutID=(I1 , · · · , Ik ), check eˆ(g1 , A) = eˆ(g, g)ˆ put 1 if it is true. Otherwise, output 0. 5.1

Efficiency Analysis

The values a1 , . . . , ak in the signature are always the same. So, signature generation requires only two exponentiation operations in G, regardless the hierarchy depth. However, the HIBS [14], requires (l + 2) exponentiation operations for an l-level user, which is very inefficient. 5.2

Security Result

We show that our HIBS scheme is secure against EF-sID-CMIA with very tight security reduction.

370

J. Li, F. Zhang, and Y. Wang

Theorem 3. Assuming the (t, )-DHI assumption holds in G, then our -HIBS scheme is (t , qS , qH , qE ,  )-secure against EF-sID-CMIA , where t ≤ t−Θ((qH + qE + qS )ltexp ) and  ≈ , texp is the maximum time for an exponentiation in G. For the page limitation, the security proof is not given in this paper. Please contact the author for full version of this paper if needed.

6

Conclusion

We propose a new HIBE and HIBS based on Decision BDHI and DHI assumptions, respectively. The new HIBE can be proved to be selective-ID secure against adaptively chosen identity and chosen ciphertext attacks. The new HIBS shares the same parameters with the new HIBE and it is the most efficient HIBS to date. The Most important contribution of this paper is that an efficient PKE scheme is constructed based on the new HIBE. It is well known that the BK-2 scheme [10] is based on the strong and non-standard q-BDHI assumption, which depends on the decryption query times q. The new PKE, however, is based on a better and well-studied Decision BDHI assumption.

References 1. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. Crypto’98, LNCS 1462, pp. 26-45, Springer-Verlag, 1998. 2. M. Bellare, C.Namprempre, and G.Neven. Security Proofs for Identity-based Identification and Signature Schemes. EuroCrypt’04, LNCS 3027, pp. 268-286. SpringerVerlag, 2004. 3. M.Bellare, P.Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, ACM, 1993. 4. D. Boneh and X. Boyen. Short Signatures Without Random Oracles. EUROCRYPT’04, Proceedings, LNCS 3027, pp. 56-73, Springer-Verlag, 2004. 5. D. Boneh and X. Boyen. Secure identity based encryption without random oracles. Crypto’04, LNCS 3152, pp. 443-59, Springer-Verlag, 2004. 6. D. Boneh and X. Boyen. Efficient selective-ID identity based encryption without random oracles. EuroCrypt’04, LNCS 3027, pp. 223-238. Springer-Verlag, 2004. 7. D. Boneh, X. Boyen and E.Goh. Hierarchical Identity based encryption with constant ciphertext. EuroCrypt’05, LNCS 3494, pp. 440-456, springer-Verlag, 2005. 8. D. Boneh, X. Boyen and S. Halevi. Chosen ciphertext secure public key threshold encryption without random oracles. CT-RSA’05, LNCS 3860, pp. 226-243, springer-Verlag, 2006. 9. D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Crypto’01, LNCS 2139, pp. 213-229, Springer-Verlag, 2001. 10. D. Boneh and J. Katz. Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption. CT-RSA’05, LNCS 3376, pages 87-103, springer-Verlag, 2005.

A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE

371

11. X. Boyen, Q. Mei, and B.Waters. Direct Chosen ciphertext security from identitybased techniques. CCS’05. ACM press, 2005. Full version at http://eprint.iacr.org/ 2005/288. 12. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. EuroCrypt’04, LNCS 3027, pp. 207-22, Springer-Verlag, 2004. 13. J.C. Cha and J.H. Cheon, An identity-based signature from gap Diffie-Hellman groups. PKC’03, LNCS 2567, pp. 18-30, Springer-Verlag, 2003. 14. Sherman S.M. Chow, Lucas C.K. Hui, S. Yiu, and K.P. Chow. Secure Hierarchical Identity Based Signature and Its Application. ICICS 2004, LNCS 3269, pp. 480-494, Springer-Verlag, 2004. 15. R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure Against Chosen Ciphertext Attack. Crypto’98, LNCS 1462, Springer-Verlag, pp. 13-25, 1998. 16. C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. AsiaCrypt’02, LNCS 2501, pp. 548-566, Springer-Verlag, 2002. 17. J. Horwitz and B. Lynn. Toward Hierarchical Identity-Based Encryption. EuroCrypt’02, LNCS 2332, pp. 466-481, Springer-Verlag, 2002. 18. K. Kurosawa and Y. Desmedt. A New Paradigm of Hybrid Encryption Scheme. Crypto’04, LNCS 3152, pp. 426-442, Springer-Verlag, 2004. 19. Y. Mu, V. Varadharajan, and K. Nguyen, Delegated decryption, IMA-Crypto Coding’99, LNCS 1746, pp. 258-269, Springer, 1999. 20. D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology, Vol.13, No.3, pp. 361-396, 2000. 21. A.Shamir, Identity-based cryptosystems and signature schemes, Crypto’84, LNCS 196, pp.47-53, Springer-Verlag, 1984. 22. S.Tsujii and T. Itoh. An Id-based cryptosystem based on the discrete logarithm problem. IEEE Journal on Selected Areas in Communication, 7(4):467-473, 1989. 23. F. Zhang, R. Safavi-Naini, W.Susilo. An efficient signature scheme from bilinear pairings and its applications. PKC’04, LNCS 2947, pp. 277-290, Springer-Verlag, 2004.

Energy Comparison of AES and SHA-1 for Ubiquitous Computing Jens-Peter Kaps and Berk Sunar Department of Electrical & Computer Engineering Worcester Polytechnic Institute 100 Institute Road, Worcester, MA 01609, U.S.A. {kaps, sunar}@wpi.edu

Abstract. Wireless sensor networks and Radio Frequency Identifiers are becoming mainstream applications of ubiquitous computing. They are slowly being integrated into our infrastructure and therefore must incorporate a certain level of security. However, both applications are severely resource constrained. Energy scavenger powered sensor nodes and current RFID tags provide only 20 μW to 50 μW of power to the digital component of their circuits. This makes complex cryptography a luxury. In this paper we present a novel ultra-low power SHA-1 design and an energy efficient ultra-low power AES design. Both consume less than 30 μW of power and can therefore be used to provide the basic security services of encryption and authentication. Furthermore, we analyze their energy consumption based on the TinySec protocol and come to the somewhat surprising result, that SHA-1 based authentication and encryption is more energy efficient than using AES for payload sizes of 17 bytes or larger.

1

Motivation

Not long ago, ubiquitous computing was just a buzzword. Technologies like Radio Frequency Identifiers (RFID) and Wireless Sensor Networks (WSN) are a few examples showing that embedded and ubiquitous computing has come a long way from hot idea to mass deployment. Computing devices are now embedded into clothing and other products in the form of RFID tags. WSN are still mainly used by researchers but are expected to migrate into mainstream applications like building, health, and environmental monitoring, military target tracking and so on in the near future. Embedded and ubiquitous computing will soon form a crucial part of our infrastructure. Securing this infrastructure is critical. The most basic security services are privacy, integrity, and authenticity which can be achieved with classic message authentication codes (MAC) and encryption functions. However, WSN nodes and RFID tags impose severe power constraints which make it difficult to realize computationally intensive cryptographic functions. Passive RFID tags are powered by the electro magnetic field from the 

This material is based upon work supported by the National Science Foundation under Grant No. ANI-0133297.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 372–381, 2006. c IFIP International Federation for Information Processing 2006 

Energy Comparison of AES and SHA-1 for Ubiquitous Computing

373

reader and only 20 μW are available to the digital part of the tag1 . Wireless sensor nodes are currently battery powered but battery replacement poses a major hindrance to scaling wireless sensor networks to thousands of nodes and to deploying them in inaccessible places. We envision that the next generation sensor nodes will be powered by scavengers, which collect energy from environmental sources such as light, radiation, vibration, etc. Micro-Electro-Mechanical Systems (MEMS) based power scavengers can be integrated on chip, which will decrease cost, and can produce up to 8 μW of power [1]. Future MEMS-based scavengers are expected to deliver up to 50 μW continously, enough to power an ultra-low power circuit. Power consumption in CMOS devices is the sum of leakage power PLeak , which is caused by the leakage current of each gate, and dynamic power PDyn , caused by switching activity. PLeak is proportional to the circuit size and PDyn is proportional to the clock frequency and switching activity. We observed that at a frequency of 500 kHz, which is used in sensor network implementations [2], leakage power becomes dominant. In order to conserve leakage power we have to reduce the circuit size. A common method to save hardware resources and provide privacy, integrity, and authentication is to use the same cryptographic algorithm for both functions, MAC computation and encryption. SPINS [3] for example, uses RC5 for encryption and in CBC-mode to build a secure MAC. TinySec [4] is cipher independent and was tested with RC5 and Skipjack for encryption and CBC-MAC. The authors of [4] are also considering the Advanced Encryption Standard [5]. Many research papers [3,6,7] analyze encryption algorithms for wireless sensor networks exclusively with reference to speed and code size while only a few [8] address the energy consumption of software based implementations. However, the ultra-low power applications we are envisioning, do not provide enough power for running cryptographic algorithms on general purpose microprocessors.

2

Cryptographic Functions for Ultra-Low Power Applications

AES was selected by the National Institute of Standards and Technology (NIST) as Federal Information Processing Standard FIPS-197 [5] in 2001. Since then, many hardware implementations have been published. Most of them are optimized for speed and only a few are scalable [9,10] from fast to small. The first ultra-low power implementation was reported in [11] followed by [12] by the same group. Both papers analyze the power consumption but not the energy consumption of the circuits. AES is a block cipher with a fixed input size of 128 bits and a key length of either 128 bits, 192 bits, or 256 bits. For our ultra-low power implementation we chose 128 bits. AES applies the same round function ten 1

A simple, passive RFID tag typically consists of an analog and a digital section. The analog section is responsible for powering the tag and wirelessly sending and receiving data. The digital section contains a tiny microcontroller and some memory to store the unique identifier.

374

J.-P. Kaps and B. Sunar

times to its input, also called State, during encryption. The round function consists of four different transformations: SubBytes, ShiftRows, MixColumns, and AddRoundKey, each changing the State by applying linear, non linear and key dependent transformations. SHA-1 is the most widely used secure hash function and was developed by the National Security Agency. Its security level2 is considered to be 280 . Recent attacks on SHA-1 [13] indicate that there might be a potential weakness but no collisions have been found yet. Many implementations of SHA-1 have been reported, most of them optimized for speed [14]. To our knowledge, this is the first ultra-low power implementation of SHA-1. SHA-1 computes a 160-bit hash of messages up to 264 bits in size. Each message needs to be preprocessed by padding the message, appending the message length and splitting it into blocks with a length of 512 bits each. Then, the compression function processes each input block and computes intermediate hash values by iterating over simple functions 80 times. 2.1

Message Authentication Codes

We use HMAC, which is formally described in [15] as HMACk (x) = SHA-1((k ⊕ opad) || SHA-1((k ⊕ ipad) || x)), to build a message authentication code. It uses a 160-bit key K which is padded with 0’s resulting in k. The terms k ⊕ opad and k ⊕ ipad can be precomputed from the 512-bit constants opad and ipad and k. Due to the concatenation ((k ⊕ ipad) || x) the intermediate hash value of (k ⊕ ipad) and (k ⊕ opad) can be precomputed as well. Hence, computation of a MAC requires length(x)/512 + 1 operations of SHA-1. AES can be used in CBC-MAC [16] mode to compute authentication codes. This mode is similar to the Cipher Block Chaining mode [17,18] in that the result from the previous encryption is XORed with the next plaintext block and encrypted again. The computation of a MAC requires length(x)/128 operations. The level of security of AES in this mode is approximately 264 , and not 2128 as one might expect, due to the birthday attack3 . CMAC [19] fixes some security deficiencies of CBC-MAC. It uses two subkeys which can be precomputed. The main MAC computation is very similar to CBC-MAC, only the last step is different. However, this would not add much to the complexity of our CBC-MAC implementation. 2.2

Encryption

To some extent, hash functions like SHA-1 can also be used to perform encryption. The best examples are SHACAL [20] and SHACAL-1 [21]. The security of SHACAL was analyzed in [22] and more recently in [23]. SHACAL defines how the compression function of SHA-1 can be used as a 160-bit block cipher with 2

3

280 operations have to be made on average to find another input such that the resulting hashes are equal, also called a collision. If a sensor node produces one message authentication code per second, it would produce only 232 in 100 years.

Energy Comparison of AES and SHA-1 for Ubiquitous Computing

375

a 512-bit secret key. Shorter keys can be used by padding the key with zeroes but the minimum key size is 128 bits. AES is a block cipher so its usage for encryption is straight forward.

3

SHA-1 Implementation

We assume that one 512-bit block of preprocessed data is stored in memory and available to our SHA-1 unit for reading and writing. The operation of our SHA1 implementation is broken down into three stages. The initial stage comprises the first 16 rounds. Here, the message scheduler reads the message block one Mt per round. The next stage is the computation stage which ends with the 80th round. During both stages, the message scheduler computes Wt , forwards it to the message digest unit and also stores Wt in the external memory. The message digest unit performs the message compression function. The final stage is needed to compute the final hash values from the intermediate hash. 3.1

Message Scheduler

Most implementations in literature use a 16 stage 32-bit wide shift register for this purpose (512 flip-flops). Our message scheduler is a serial design and needs only one 32-bit register to store a temporary value during computation of the new Wt . It scheduler performs the equation Wt = ROT L1 (Wt−3 ⊕ Wt−8 ⊕ Wt−14 ⊕ Wt−16 ) where ⊕ denotes bitwise XOR. Four values have to be read from memory and the result written back to memory in each round. This takes 5 clock cycles, therefore, each round of SHA-1 takes 5 clock cycles. The necessary address computation is done using dedicated hard wired adders to provide +2, +8 and +13 addition modulo 16 for Wt−14 , Wt−8 , and Wt−3 respectively. 3.2

Message Digest Unit

SHA-1 requires five 32-bit working variables (a, b, c, d, e) to which new values are assigned in each round. It can easily be seen from [24] that four out of the five words are shifted in each round (a → b, · · · , d → e) and only determining the new value for a requires computation. Therefore, we view the registers for the working variables as a 5 stage 32-bit wide shift register. Round Function. The round function computes a new value for a and shifts all working variables once per round. The computation for a is a five operand addition modulo 232 where the operands depend on all input words, the rounddependent constant Kt , and the current message word Wt . In order to conserve area and therefore limit the leakage power, we use a single 32-bit adder to perform the four additions and use register e as temporary register. This requires 4 clock cycles per round which is below the need of the message scheduler with 5 clock cycles. Figure 1 shows the block diagram of our implementation of the message digest unit including the round function and the intermediate hash value computation.

a

b

30

ROTL

c

d

Mux

J.-P. Kaps and B. Sunar

Mux

376

e H0

H1

H2

H3

H4

H

Mux

Wt Kt 5 ROTL ft

Mux

+

Fig. 1. Proposed Hardware Architecture of the Message Digest Unit

Intermediate Hash Value Computation. During the final stage, the values of the working variables have to be added to the digest of the previous message blocks, or specific initial values for the first message block. This can be done very efficiently without additional multiplexers or adders by arranging all intermediate hash value registers H0 , H1 , H2 , H3 , and H4 in a 5 stage 32-bit wide shift register, similar to our design for the working variables. Computing the final hash value for one input block takes five clock cycles. This leads to a total of 405 clock cycles for the message digest computation of one block.

4

AES Implementation

For our AES implementation we assume that a message block and the private key are stored in memory. The result of the AES computation is written back to memory. Our 8-bit implementation is inspired by the one reported in [11], however, we restructured the datapath so that the registers are better utilized and the AES computation consumes less clock cycles. In CBC-mode the hash of the previous message block is XORed with the current message block. Therefore, we can not use the external memory to store the intermediate state as we could for our SHA-1 implementation. The same applies to storing the round keys. 4.1

Datapath

Each AES transformation and the key expansion load their operands in a specific order from the state memory or key memory respectively, and write them back. Some transformations require the storage of temporary results. We streamlined this process by grouping the AES transformations into four stages: 1. 2. 3. 4.

Initial AddRoundKey–SubBytes–ShiftRows MixColumns AddRoundKey–SubBytes–ShiftRows FinalAddRoundKey

This grouping enables us to re-use registers and minimize the number of internal memory accesses. It allows us to use a pipelined architecture for stage 1 and 3 which reduces he number of clock cycles by 40 percent. This improvement comes at the cost of only one additional 8-bit register over the minimum possible

Energy Comparison of AES and SHA-1 for Ubiquitous Computing

377

databus

number or 8-bit registers. Furthermore, the memory addressing scheme is simplified. This is a tradeoff between low area and energy consumption. The datapath of our implementation is shown in Fig. 2. It is characterized by the pipelined architecture for stage 1 and 3 as well as the register requirements for stage 2. We used five 8-bit registers, R0 , R1 , R2 , R3 , and R4 . The boxes labeled Keys and Data are the register files for the 128-bit Round Keys and the 128-bit State Memory respectively. This memory is register based and makes extensive use of clock gating to conserve power. Rcon R1

Key Expansion

Enc/H

Keys

R0

R2

SBox R3

Data Mix Column

R4

Fig. 2. Block Diagram of our Implementation of the AES Datapath

4.2

Message Schedule

Initial AddRoundKey–SubBytes–ShiftRows. During this first stage, the 128-bit message block and the secret key are read from main memory. If used in CBCmode, the message is XORed with the previous result. Then the the first AddRoundKey, SubBytes and ShiftRows operations are applied. AddRoundKey–SubBytes–ShiftRows. This stage is run nine times for AES. The round keys for the AddRoundKey operation are computed on the fly. In order not to overwrite an element before its being read, we have to store four elements. leading to our pipeline depth of four: R1 , R2 , R3 , and R4 . Mix Columns. Feldhofer et. al. [11] described a very efficient way for performing the MixColumns operation in an 8-bit architecture. It uses the minimum amount of registers needed for this operation. We used the same method, however we use an additional 8-bit register and are now able to reschedule the order of operations. The additional register (R4 ) is available from the merging of AddRoundKey and ShiftRows operation. Final AddRoundKey. In this stage we perform the final round key computation and AddRoundKey operation. Then the result is written back to memory.

5

Analysis and Comparison

All our designs were described in VHDL and verified by simulation with ModelSim and test vectors from the respective standards [5,24]. Our target library

378

J.-P. Kaps and B. Sunar

is a 0.13μm, VDD = 1.2 V ASIC library from TSMC, which is characterized for power. The final results for power, area, and delay were reported by Synopsys power compiler at the gate level. We would like to emphasize that our contribution is on the algorithmic and architectural level. Implementing our designs using an ultra-low power ASIC library or a full custom chip design will enable higher energy and power savings. Our results are shown in Table 1. Both designs consume a similar amount of area and power. The critical path delay in SHA-1 is more than twice as long as for AES, however, we assume an operating frequency of 500 kHz which is far below their maximum frequency. The total power consumption at 500 kHz of SHA-1 is about 10 % higher than that of AES. Within 534 clock cycles AES can encrypt 128 bits of plaintext. SHA-1 needs 405 clock cycles to compute the hash of 512 bits of data. Table 1. Results for SHA-1 and AES SHA-1 AES Critical Path Delay 5.72 ns 2.19 ns Clock cycles for one operation 405 534 Area (NAND equiv.) 4276 4070 Static Power 23.00 μW 20.23 μW Dynamic Power (at 500 kHz) 3.74 μW 3.60 μW Total Power (at 500 kHz) 26.73 μW 23.83 μW

Feldhofer et.al. presented two related AES designs in [11] and [12] consuming 26.9 μW and 4.5 μW respectively with a 100kHz clock. These numbers are difficult to compare with our design as the results for power consumption are highly technology dependent. The encryption only design in [11] consumes an area of 3595 NAND equiv. and needs 1016 clock cycles. The design in [12] needs 3400 NAND equiv. and 1032 clock cycles. Both designs do not support CBC mode which requires extra hardware. It can easily be seen that our implementation uses 20% more hardware resources than their smallest design while using 48% less clock cycles, i.e. it is almost twice as fast. The slight increase in hardware resources leads to a large decrease in computation time which reduces the energy consumption while still being an ultra-low power circuit. For a fair comparison of AES and SHA-1, we used the same implementation and optimization techniques with the same ASIC library. In order to explore the energy consumption of our AES and SHA-1 implementations we focus on the TinySec [4] protocol. Table 2 shows the results assuming the TinySec packet format and a payload of 29 bytes. Message Authentication Codes. TinySec defines a packet format for authenticated messages that can carry up to 29 Bytes of payload. The MAC is computed over the payload and the packet header which is four bytes long. Table 2 shows that using AES to compute the MAC over 29+4 bytes consumes 76.42 nJ and SHA-1 consumes 43.32 nJ. Even though SHA-1 consumes 10% more power than AES, the running time of AES is larger by a factor of two, leading to the higher energy consumption. Fig. 3 shows the energy consumption for MAC computation

Energy Comparison of AES and SHA-1 for Ubiquitous Computing

379

Table 2. Energy Results for SHA-1 and AES (29 bytes/packet, 500 kHz) MAC Encryption Encryption & MAC AES SHA-1 AES SHA-1 AES SHA-1 Energy (nJ) 76.42 43.32 50.95 43.32 127.36 86.64 Power (μW) 23.85 26.74 23.85 26.74 23.85 26.74 Time (ms) 3.20 1.62 2.14 1.62 5.34 3.24 Energy/bit (nJ) 0.33 0.19 0.22 0.19 0.55 0.37

over different payload sizes, each time assuming a four byte overhead. Until the payload reaches 29 bytes AES consumes less or almost equally as much energy as SHA-1. For payloads of 29 bytes or larger AES has to run more than twice while for SHA-1 two iteration are sufficient, due to its longer input size.

150

Energy Consumption (nJ)

Energy Consumption (nJ)

Encryption. Even though TinySec does not specify an encryption only format we still consider it for comparison purposes. We assume that only the payload has to be encrypted and the packet header is transmitted in the clear. Table 2 shows that the difference in Energy consumption between SHA-1 and AES are less dramatic for encryption than for MAC computation. Fig. 4 shows that SHA1 follows AES closely. This comes from the fact that the input size of AES is 128 bits and of SHA-1 in encryption mode (SHACAL-1) is 160 bits. AES SHA−1

100

50

0 0

10

20

30

40

50

60

150 AES SHA−1

100

50

0 0

10

20

Payload Data (bytes)

30

40

50

60

Payload Data (bytes)

Fig. 3. Energy Consumption of MAC Computation with AES and SHA-1 Depending on Payload Size

Fig. 4. Energy Consumption of Encryption with AES and SHA-1 Depending on Payload Size

250

Energy Consumption (nJ)

AES SHA−1

200

150

100

50

0 0

10

20

30

40

50

60

Payload Data (bytes)

Fig. 5. Energy Consumption of Encryption and MAC Computation with AES and SHA-1 Depending on Payload Size

380

J.-P. Kaps and B. Sunar

Authentication and Encryption. The packet format for Authentication and Encryption specifies a payload of upto 29 bytes and a packet header of eight bytes length. Only the payload has to be encrypted but the MAC is computed over the payload and the message header. Assuming a 29-byte payload, AES consumes almost 1/3 more energy than SHA-1 (see Table 2. For larger payloads the SHA-1 consumes significantly less power (see Fig. 5).

6

Conclusion

This paper presented a novel ultra-low power implementation of SHA-1 and an ultra-low power and low energy AES design. Both circuits consume less than 30 μW of power and could therefore be powered by scavenger circuits. We analyzed the energy consumption of SHA-1 and AES based encryption and message authentication functions. The result of our analysis is that SHA-1 and AES seem to be equally well suited for ultra-low power applications if the payload size is below 17 bytes. For payloads of 17 bytes or above SHA-1 needs significantly fewer iterations than AES and, therefore, has a shorter running time which conserves energy. We want to emphasize that the power consumption of both algorithms is about the same.

References 1. Meininger, S., Mur-Miranda, J., Amirtharajah, R., Chandrakasan, A., Lang, J.: Vibration-to-electric energy conversion. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 9(1) (2001) 64–76 2. Amirtharajah, R., Chandrakasan, A.P.: Self-powered signal processing using vibration-based power generation. IEEE Journal of Solid-State Circuits 33(5) (1998) 687–695 3. Perrig, A., Szewczyk, R., Tygar, J.D., Wen, V., Culler, D.E.: SPINS: security protocols for sensor networks. Wireless Networks 8(5) (2002) 521–534 4. Karlof, C., Sastry, N., Wagner, D.: TinySec: A link layer security architecture for wireless sensor networks. In: Second ACM Conference on Embedded Networked Sensor Systems (SenSys 2004), New York, ACM Press (2004) 162–175 5. National Institute of Standards and Technology (NIST) FIPS Publication 197: Advanced Encryption Standard (AES). (2001) 6. Law, Y., Doumen, J., Hartel, P.: Benchmarking block ciphers for wireless sensor networks. In: IEEE International Conference on Mobile Ad-hoc and Sensor Systems. (2004) 447–456 7. Luo, X., Zheng, K., Pan, Y., Wu, Z.: Encryption algorithms comparisons for wireless networked sensors. In: IEEE International Conference on Systems, Man and Cybernetics. Volume 2. (2004) 1142–1146 8. Prasithsangaree, P., Krishnamurthy, P.: Analysis of energy consumption of RC4 and AES algorithms in wireless LANs. In: GLOBECOM’03. Volume 3., IEEE (2003) 1445–1449 9. Mangard, S., Aigner, M., Dominikus, S.: A highly regular and scalable AES hardware architecture. IEEE Transactions on Computers 52(4) (2003) 483–491

Energy Comparison of AES and SHA-1 for Ubiquitous Computing

381

10. Good, T., Benaissa, M.: AES on FPGA from the fastest to the smallest. In: CHES 2005. Volume 3659 of LNCS., Springer (2005) 427–440 11. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: CHES 2004. Volume 3156 of LNCS., Springer (2004) 357–370 12. Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. Information Security, IEE Proceedings 152(1) (2005) 13–20 13. Wang, X., Yin, Y.L., Yu, H.: Collision search attacks on SHA1. Internet (2005) 14. Grembowski, T., Lien, R., Gaj, K., Nguyen, N., Bellows, P., Flidr, J., Lehman, T., Schott, B.: Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512. In: ISC 2002. Volume 2433 of LNCS., SpringerVerlag (2002) 75–89 15. National Institute of Standards and Technology (NIST) FIPS Publication 198: The Keyed-Hash Message Authentication Code (HMAC). (2002) 16. Stinson, D.R.: Cryptography: Theory and Practice. 3 edn. Volume 36 of Discrete Mathematics and its Appications. Chapman & Hall/CRC (2005) 17. National Institute of Standards and Technology (NIST) FIPS Publication 81: DES modes of operation. (1980) 18. National Institute of Standards and Technology (NIST) FIPS Publication 113: Computer Data Authentication. (1985) 19. National Institute of Standards and Technology NIST SP 800-38B: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. (2005) 20. Handschuh, H., Naccache, D.: SHACAL. Submission to the NESSIE project, Gemplus, F-92447 Issy-les-Moulineaux, France (2000) 21. Handschuh, H., Naccache, D.: SHACAL: a family of block ciphers. Submission to the NESSIE project, Gemplus, F-92447 Issy-les-Moulineaux, France (2001) 22. Handschuh, H., Knudsen, L.R., Robshaw, M.J.: Analysis of SHA-1 in encryption mode. In: CT-RSA 2001. Volume 2020 of LNCS., Springer Verlag (2001) 70–83 23. Saarinen, M.J.O.: Cryptanalysis of block ciphers based on SHA-1 and MD5. In: FSE 2003. Volume 2887 of LNCS. (2003) 36–44 24. National Institute of Standards and Technology (NIST) FIPS Publication 180-2: Secure Hash Standard (SHS). (2002)

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems Cheng-Hao Quan1 , Won-Kee Hong2 , and Hie-Cheol Kim2 1

RFID System Research Team, ETRI, Daejeon, Korea [email protected] 2 School of Information and Communication Eng., Daegu University, Gyeongsan Gyeongbuk, Korea {wkhong, hckim}@daegu.ac.kr Abstract. Lately, the ISO fixed on UHF Gen2 as one of the standard protocols for RFID, called ISO 18000-6 C, along with ISO 18000-6 A/B. It means that the RFID system should provide the multi-protocol support for tag identification and a proper protocol should be chosen depending on the situation. The tag anti-collision algorithm is one of the important research issues to be on top of the protocol’s performance. This paper introduces several anti-collision algorithms for tag identification in the literature and presents the performance comparison and evaluation of those algorithms based on the 96-bit EPCTM (Electronic Product CodeTM ). The performance results show that the collision tracking tree algorithm is found to have the highest performance than any other anti-collision algorithm, identifying 749 tags per second.

1

Introduction

RFID (Radio Frequency IDentification) technology, which identifies electronic tags on objects using RF signal without contact, is spotlighted as a key technology in implementing ubiquitous environment. In the RFID system, tag identification is performed by the reader’s query to a tag attached an object and the tag’s transmission of its identifier to the reader. If there is only one tag in the reader’s identification area tag identification may be simple, but if there are multiple tags in the area they respond to the reader’s query at the same time and, as a result, collisions happen among the tags within the reader’s communication range. Such collisions hinder the reader from accurate tag identification. Specifically, in large-scale electronic supply chain systems that process a large amount of goods in real time, anti-collision algorithm is essential to perform multiple tag identification [1]. Recent researches on RFID system are mainly made for low-cost RFID systems at UHF band that has a long recognition distance and is less influenced by surrounding environment. These researches are focused on system construction but not many of them deal with anti-collision and high-speed identification of multiple tags. They are based on different tag systems with different types of identifiers like 8, 16 and 32-bit identifiers. In order for RFID system to be widely X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 382–391, 2006. c IFIP International Federation for Information Processing 2006 

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems

383

used, standardization of information system stored in tags should be resolved. Owing to the effort toward standardization by EPCglobal led by Auto-ID Center, the EPCTM (Electronic Product CodeTM ), a tag information system is a de facto standard code of RFID [4]. Different from traditional bar codes EPC code allows each individual object to have its unique code system and thus makes it possible to obtain various data such as the location and the condition of the object as well as to manage and utilize the data effectively. An EPC code is composed of four fields - header, manufacturer code, product code and object code - and its size is 96 bit or 128 bit. This paper introduces tree-based memoryless anti-collision algorithms and slot aloha-based anti-collision algorithms based on EPC code with 96-bit identifier in RFID system and evaluate their performance. According to the result of performance evaluation, collision tracking tree algorithm [9], which is developed by out research team and one of tree-based memoryless anti-collision algorithms, is superior to others in the number of queries-responses and the number of bits transmitted, showing 2 ∼ 50 times higher performance than other algorithms in the average number of tags identified per second. This paper is composed as follows. Sect. 2 reviews previous researches on multiple tag identification for identifying multiple tags in the reader’s range. Sect. 3 and 4 explains the basic concept, operating process and examples of tree-based memoryless anti-collision algorithm and slot aloha-based anti-collision algorithm, respectively. Sect. 5 evaluates the performance of existing tree-based memoryless algorithms and slot aloha-based algorithms and presents the results of analysis. Conclusions are made in Sect. 6.

2

Related Work

Anti-collision algorithms for multiple tag identification are largely divided into tree-based deterministic algorithm and slot aloha-based probabilistic algorithms. Deterministic algorithms form a binary tree with tag identifiers expressed in binary bits and identify tags through browsing the nodes in the tree. In this type of algorithms, we can predict the process of tag identification. This type of algorithm is again divided into memory algorithms and memoryless ones. In memory algorithms, the response of a tag is determined by the query to the tag and the current state of the tag and thus each tag must store and manage its state information. Representative memory algorithms are splitting tree algorithm [3] and bit-arbitration algorithm [5]. In memoryless algorithms, on the other hand, the response of a tag is determined only by the query to the tag. This type of algorithms is a good approach for simple implementation of tags as well as for low cost, low power and small size. Representative memoryless algorithms are treewalking algorithm [6], query tree algorithm [8] and memoryless collision tracking tree algorithm [9]. Probabilistic algorithms are based on aloha protocol. Each of tags in a reader’s identification area selects one of given N slots to transmit tag information and sends its identifier. Thus, tag collision can be avoided by time difference among the slots. However, because it is not easy to count the exact

384

C.-H. Quan, W.-K. Hong, and H.-C. Kim

number of tags in the identification area, the optimal number of slots and the time that transmission of tag information are completed should be determined probabilistically. Probabilistic algorithms are again divided into ID-slot algorithms and Bit-Slot ones. In ID-slot algorithms each tag puts its identifier to a slot and sends the slot while in Bit-Slot algorithms each tag creates information composed of special bits, fills a slot with the information and sends it to the reader. Representative ID-slot algorithms are I-Code algorithm [10] and STAC (Slotted Terminating Adaptive Collection) algorithm [1] and a representative Bit-Slot algorithm is anti-collision algorithm [7] using the Bit-Slot mechanism.

3

Tree-Based Memoryless Anti-collision Algorithm

Tree based memoryless anti-collision algorithms can implement tags at a low cost because tags do not need to maintain their state information. Still, these algorithms need a memory to store some bits of an identifier in the reader during the process of tag identification and, for this, they have a memory structure of stack or queue. Here, we have a brief review of representative tree-based algorithms - tree-walking, query tree and collision tracking tree algorithm. In tree-walking algorithm, the reader begins a query to tags using k-bit prefix (B(0,k) ), which is a bit string from the 0th bit (b0 ) to the kth bit (bk ) of a tag identifier for tag-reader communication. Each tag in the area checks the received prefix against its identifier and, if they match with each other, the tag sends the k + 1th bit (bk+1 ) of the tag identifier to the reader. Here, tag responses can be either of two types. First, it is the case that all bits received from tags within reader’s area are ‘0’ or ‘1’. In this case, the reader creates a new prefix (B(0,k+1) ) by adding the received bit value to the existing prefix. Second, received bits contain both ‘0’ and ‘1’. This means that a collision has happened. The reader stores the prefix that had a collision into the stack and at the same time creates a new prefix (B(0,k+1) ) by adding ‘0’. The new prefix is send to the tag in the next query-response process. This process is repeated as many times as the number of bits of the tag identifier until a tag is identified. If a tag is identified, the prefix stored in the stack is retrieved and a new prefix (B(0,k +1) ) is created by adding ‘1’ to the prefix, and using the new prefix a new query-response process is performed. If the stack is empty, it means that the whole tag identification process has been completed and all tags in the area have been identified. In query tree algorithms, tags matching with k-bit prefix (B(0,k) ) sent by the reader send bit strings from the k + 1th to the last of their identifier (B(k+1,l) ) to the reader in all. Here, tag responses can be either of two types. First, only one tag or no tag responds. In this case, a new prefix (B(0,k ) ) is created using a prefix stored in the queue. Second, multiple tags respond together and collisions occur among them. In this case, ‘0’ and ‘1’ are added to the existing prefix and the prefixes are stored in the queue respectively. In addition, a new prefix(B(0,k ) ) is retrieved from the queue and is used in the next query-response. This process is continued until all tags in the area are identified. If the queue is empty, it means that the whole tag identification process has been completed and all tags in the area have been identified.

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems

385

In collision tracking tree algorithms, the reader makes a query to tags using a kbit prefix(B(0,k) ) as a parameter. Each tag in the area checks the received prefix against its identifier and, if they match with each other, the tag sends the reader a bit string (Bk+1,l ) from the k + 1th bit (bk+1 ) to the last bit (bl ) of the tag identifier in order. On receiving identifier information from tags, the reader determines if there is a collision in the received bits. If a collision occurs as ‘0’ and ‘1’ are received at the same time, the reader stops receiving bits and orders the tag to stop the transmission of identifier. If all bits are ‘0’ or ‘1’ the reader continues to receive the remaining bits. If the last bit of identifier information is received without collision, a tag is identified. If a collision occurs, different from tree-walking algorithms or query tree algorithms that add ‘0’ or ‘1’ to the existing prefix, a new prefix is created by adding ‘0’ or ‘1’ to all bits received without collision and is saved to be used as a parameter in the next query-response. If a tag is identified, a new prefix is stored in the stack or the queue to identify another tag in the area. The process is repeated until all tags in the area are identified. If the stack or the queue is empty, it means that the whole tag identification process has been completed and all tags in the area have been identified.

4

Slot Aloha-Based Anti-collision Algorithm

Slot aloha-based anti-collision algorithms are based on aloha protocol, and some of them are I-Code algorithm, STAC algorithm and Bit-Slot algorithm. In I-Code algorithm, a reader cycle, namely, a query-response process is progressed using a frame composed of a number of slots. For tag identification, the reader sends < I, rnd, N > information to tags (I: the range of tag identifier, rnd: seed value for creating a random value, N : the number of slots in the frame). Here, each tag selects a slot from the frame at random, loads its identifier into the slot and sends it to the reader. The reader identifies tags using identifiers loaded into the slots of the frame. This process is repeated until all tags in the area are supposed to have been identified. The identification process has two problems related to the determination of frame size (N ), and the exact guess of completion time of identification. First, if N is too large it causes the waste of time slots, and if it is too small it causes collisions among tags. I-Code algorithm uses the following method to determine N . In each reader cycle, slots in a frame containing responses from tags can be: 1) empty; 2) loaded with one tag identifier; or 3) loaded with multiple tag identifiers. Given frames received by a reader, a slot distribution of those frames based on the classification can be expressed as follows: < c0 , c1 , ck >. Here, c0 is the number of empty slots, c1 is the number of slots loaded with one tag identifier, and ck is the number of slots loaded with multiple tag identifiers. In a reader cycle, the minimum bound of the number of tags in the identification area denoted by n can be calculated by the equation ‘n = c1 + 2ck ’. Depending on the calculated n [10], a new frame size (N ) to be used in the next queryresponse process is determined. Second, probability-based I-Code algorithm is

386

C.-H. Quan, W.-K. Hong, and H.-C. Kim

not easy to know the point of time when tag identification is completed. I-Code algorithm solves the problem by introducing a model based on the homogeneous markov process to tag identification process. In case of STAC algorithm, if an empty slot or a collision slot is detected, the reader stops the transmission of the slot and sends tags the command ‘close slot sequence’ that triggers the transmission of a new slot. This reduces unnecessary overhead and improves performance. In Bit-Slot algorithm, a frame is composed of special bits and the operating process of the algorithm is as follows. In response to the reader’s query, each tag in the area generates a random value of the same size as that of tag identifier and sends it to the reader. The created value has ‘1’ only in one bit and ‘0’ in all the other bits. The reader inspects the bits of the received frame in order. If there is no bit with ‘1’ in the corresponding position, it means that there is no response. Transmission of two or more bits with ‘1’ means a collision. If there is only one bit with ‘1’, the tag is identifiable and the received random value is sent to the tags in the reader’s area. Only the tag that sent the corresponding random value sends its identifier to the reader and the tag is identified. In tag identification, the process of selecting one out of multiple tags in the area is called tag singulation. If tag singulation is finished, the tag sends its identifier to the reader. Different from I-Code or STAC algorithm, Bit-Slot algorithm divides tag identification process into tag singulation and tag identifier transmission, and in tag singulation frame size is the same as the bit length of a tag identifier and a frame is composed of bits.Its tag identification speed is fast because the frame size is small.

5

Performance Evaluation

This section evaluates the performance of tree-based anti-collision algorithms and slot aloha-based anti-collision algorithms examined above. The performance of slot aloha-based anti-collision algorithms is determined by the number of tags in the reader’s area and frame size and is nothing to do with the value of tag identifiers. On the contrary, the tag identification process of tree-based algorithms is determined by the value of tag identifiers. Moreover, the bit length of tag identifier has a significant effect on the performance of the algorithms. Thus, only identifier bit length of 96 bits for slot aloha anti-collision algorithms is considered. Different from existing 8, 16 and 32-bit identifiers, 96-bit EPC is currently promoted as an international standard by EPCglobal. Thus, 96-bit tag identifiers to analyze algorithm performance is used. In this section, we first compare the performance of tree-based anti-collision algorithms for 8, 16 and 32-bit identifier to examine the effect of identifier’s bit length on the performance. The performance of tree-based anti-collision algorithm and slot aloha-based anti-collision algorithm are analyzed based on the following premise. The maximum number of tags within a reader’s area assumed for tree-based anti-collision algorithm is 65,536(216), although this is larger than the practically possible highest level of around 4,000 ∼ 8,000. The number of

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems

387

Fig. 1. Comparison of the number of queries-responses per tag in tree-based memoryless anti-collision algorithm

tags is increased by two times from 2 to 65,536 and, for each number of tags, the number of queries-responses, the number of bits transmitted and the number of tags identified per second are analyzed. The maximum number of tags assumed for slot aloha-based anti-collision algorithm is 2,048. We set the maximum frame size at 512 slots because the number of tags is related to frame size and the available bandwidth is limited in slot aloha-based anti-collision algorithm. The number of tags is also increased by two times from 2 to 2,048. Bit transmission rate used in measuring the number of tags identified per second is assumed to be 80 Kbps. In addition, each query command is assumed to be 8 bit and time to detect and process no-response and collision assumed to be 3 bit unit time [1], [2], [4]. Values used in performance evaluation is the averages of data obtained from experiment repeated 10 times. 5.1

Performance Analysis of Tree-Based Anti-collision Algorithms

Fig. 1 shows the number of queries-responses per tag and the number of bits transmitted per tag in tree-based anti-collision algorithms when the identifier is 8, 16 and 32 bit long. The change in the number of queries-responses per tag shows the following two facts. First, with the increase of identifier bit length, difference in the number of queries-responses per tag grows larger among query tree algorithm, collision tracking tree algorithm and tree-walking algorithm. This suggests that a long tag identifier is inefficient for tree-walking algorithm. Second, with the increase of the number of tags, the number of times of query-response per tag decreased significantly in tree-walking algorithm but not in query tree algorithm and collision tracking tree algorithm. This suggests that tree-walking algorithm is more efficient when the number of tags in a reader’s area is large. Fig. 2 shows a change in the number of bits transmitted per tag. In the figure, collision tracking tree algorithm is superior to the other cases because it does not consider the overhead of collision tracking. Collision tracking tree algorithm that takes overhead into accountassumes that it takes 3 bit unit time to detect and process collision. According to the result of Fig. 2, an appropriate algorithm

388

C.-H. Quan, W.-K. Hong, and H.-C. Kim

Fig. 2. Comparison of the number of bits transmitted in tree-based memoryless anticollision algorithm

should be chosen according to the bit length of tag identifier and the number of tags in the reader’s area, but if the bit length of tag identifier is over 32, the collision tracking tree algorithm should be considered first. The performance of tree-based anti-collision algorithms is mainly determined by the number of queries-responses and the number of bits transmitted. We examine a change in the number of queries-responses and the number of bits transmitted according to the increase in the number of tags when tag identifier is 96 bit long. The number of queries-responses means the number of times of communication between the reader and tags, and each query-response process is counted as one. Fig. 3(a) shows the number of queries-responses per tag in each algorithm. In identifying 96-bit tags in the reader’s area, it is 1.9 in collision tracking tree algorithm and 2.9 in query tree algorithm. It is 88 in tree-walking algorithm, much more than the other algorithms. This is because, in tree-walking algorithm, the query-response process is repeated for each bit of tag identifier and, as a result, the number of times of query-response increases in proportion to the bit length of tag identifier. As in Table 1, 98.92 % of responses does not have collision in tree-walking algorithm. This is because the number of tags in the reader’s area is small compared to the size of the bit space and query-response process is performed for each bit until the tag is identified. On the other hand, query tree algorithm sends the entire tag identifier to the reader but it causes Table 1. Percentage of collision, no-collision, and no-response Tree Walking Collision 1.08 % No-collision 98.92 % No-response -

Query Tree 49 % 35 % 16 %

Collision Tracking 48.10 % 51.90 % -

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems

389

Fig. 3. Performance evaluation of tree-based memoryless anti-collision algorithms

frequent no-responses and collisions. Compared to query tree algorithm, collision tracking tree algorithm reduces the number of queries-responses with collision by 1.54 times and removes no-response queries and, as a result, shows higher performance in the number of queries-responses than query tree algorithm. The number of bits transmitted is calculated by the sum of the number of query bits and response bits as mentioned in Sect. 3. Fig. 3(b) shows the number of bits transmitted per tag in each algorithm. In tree-walking algorithm, it is much larger than that in other algorithms. This is because tree-walking algorithm has a large number of queries-responses and identifies a tag by bit basis through increasing the prefix sent to the tag bit by bit until the tag is identified. 5.2

Performance Analysis of Slot Aloha-Based Anti-collision Algorithm

Fig. 4 shows the result of performance evaluation on slot aloha-based anticollision algorithm. Fig. 4(a) shows a change in the number of frames transmitted according to the increase in the number of tags. As in the Fig. 4(a), the number of frames transmitted increases exponentially when the number of tags is over 512. As in Fig. 4(b), the percentage of collision slots in transmitted frames is 60 % when the number of tags is 512, 91 % when 1,024 and almost 100 % when 2,048. In addition, the percentage of empty slots is over 55 % when the number of tags is less than 64, and the maximum percentage of identified tags is less than 36 % regardless of the number of tags, suggesting that most

Fig. 4. Performance evaluation of slot aloha-based anti-collision algorithms

390

C.-H. Quan, W.-K. Hong, and H.-C. Kim

Fig. 5. Comparison of the number of tags identified per second in anti-collision algorithms

slots are wasted away. Fig. 4(c) shows the number of tags identified per second in a worst case and in an ideal case. The worst case means that the entire frame is transmitted regardless of whether there are empty slots or collisions, and the ideal case means that, out of a frame, only slots loaded with a single tag identifier, with which the tag is identified, are transmitted. The number of tags identified per second is calculated by dividing the number of bits transmitted by bit transmission rate. Excluding cases that collision slots occupy over 60 %, the average number of tags identified per second ranges from 77 up to 190. 5.3

Number of Identified Tags Per Second

Fig. 5 shows the number of tags identified per second in each algorithm according to the number of tags in the reader’s area. Fig. 5(a) shows the number of tags identified per second in tree based anti-collision algorithms. In the whole range of the number of tags it is better in collision tracking tree algorithm showing average 749 than any other tree-based algorithm. Fig. 5(b) shows the number of tags identified per second in slot aloha-based anti-collision algorithms. Bit-Slot algorithm shows 362 on average, the largest number of tags identified among slot aloha-based algorithms. Accordingly, among the anti-collision algorithms analyzed above, collision tracking tree algorithm is found to have the highest performance.

6

Conclusions

This paper introduces several anti-collision algorithms based on EPC code with 96-bit identifier in RFID system, and evaluates their performance. According to the result of performance evaluation, tree-walking algorithm shows the slow-down of performance as the number of queries-responses and the number of bits transmitted increases excessively with the increase in the bit length of tag identifier. In case of query tree algorithm, despite the transmission of the entire tag identifier information, high performance can not be expected because it uses a collision detection technique. I-Code algorithm and STAC algorithm, the tag identification performance of which depends on frame size, are usable only when the number of tags in the area is small but they cannot produce high performance either because of communication overhead resulting from tag collisions or empty slots.

Performance Analysis of Tag Anti-collision Algorithms for RFID Systems

391

Bit-Slot algorithm is superior in performance to I-Code algorithm or STAC algorithm because of its small frame size, but it also has a limitation because the tag identification process is divided into tag singulation and tag identifier transmission. Lastly, collision tracking tree algorithm, which is one of tree-based memoryless algorithms, performs query-response by tracking the exact location of collision and, as a result, shows much higher performance in the number of queries-responses and the number of bits transmitted than other algorithms. According to the result of simulation, collision tracking tree algorithm identified 749 tags on the average per second in identifying a maximum of 65,536 96-bit tags, showing 2 ∼ 50 times higher performance than other algorithms.

References 1. Auto-ID Center (ed.), ”13.56MHz ISM Band Class 1 Radio Frequency Identification Tag Interface Specification: Candidate Recommendation”, Auto-ID Center, 2003 2. EPCglobal (ed.), ”EPCTM Radio-Frequency Identity Protocols Class-1 Generation2 UHF RFID Protocol for Communications at 860 MHz ∼ 960 MHz Version 1.0.9.”, EPCglobal, 2005 3. Hush, D. R., Wood, C., ”Analysis of Tree Algorithms for RFID Arbitration”, in Proc. of Int. Symp. on Information Theory, pp. 107–114, 1998 4. ISO/IEC (ed.), ” Information Technology – Radio-Frequency Identification for Item Management – Part 6: Parameters for Air Interface Communications at 860 MHz to 960 MHz”, ISO/IEC, 2004 5. Jacomet, M., Ehrsam, A., Gehrig, U., ”Contactless identification device with anticollision algorithm”, in Proc. of IEEE Conf. on Circuits, Systems, Computers and Communications, pp.4–8, 1999 6. Juels, A., Rivest, R., Szydlo, M., ”The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”, in Proc. of ACM Conf. on Computer and Communication Security, pp.103–111, 2003 7. Kim, C.-S., Park, K.-L., Kim, H.-C., Kim, S.-D., ”An Efficient Stochastic Anticollision Algorithm using Bit-Slot Mechanism”, in Proc. of Int. Conf. on Parallel and Distributed Processing Techniques and Applications. 2004 8. Law, C., Lee, K.,Siu, K.-Y., ”Efficient Memoryless protocol for Tag Identification”, in Proc. of Int. Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications, pp.75–84, 2000 9. Quan, C.-H., Hong, W.-K., Lee, Y.-D., Kim, H.-C., ”A Study on the Tree basesd Memoryless Anti-Collision Algorithm for RFID Systems”, The KIPS Transactions. Vol. 11. Korean Informantion and Processing Society, Korea, pp.851–862, 2004 10. Vogt, H., ”Efficient Object Identification with Passive RFID Tags”, in Proc. of Int. Conf. on Pervasive Computing, 2002

Perturbative Time and Frequency Allocations for RFID Reader Networks Vinay Deolalikar, Malena Mesarina, John Recker , and Salil Pradhan Hewlett-Packard Labs, Palo Alto CA 94304 {vinayd, mesarina, jrecker, salil}@hpl.hp.com

Abstract. RFID reader networks often have to operate in frequency and time constrained regimes. One approach to the allocation of frequency and time to various readers in such regimes is to perturb the network slightly so as to ease the constraints. We investigate how to perform these perturbations in a manner that is profitable from time and frequency allocation point of view.

1

Introduction

The recent years have witnessed an enormous amount of technical and commercial development of radio frequency identification (RFID) technology. Research attention has quickly followed, with an immediate requirement for algorithms that will enable the deployment of RFID systems in various application scenarios. One of the foremost challenges in any such algorithm is the scheduling problem. Roughly, the scheduling problem asks the question - what is the optimal time sequence for firing the various RFID readers in the network. While the details of this problem are clearly dependent on the application at hand. In this paper, there is a central core of design criteria that pervades all application dependent solutions. We seek to add to this body of knowledge by examining perturbative solutions to the scheduling problem. This aspect of the scheduling problem has hitherto not been investigated in literature. First, let us try to understand the broad constraints that shape any solution to the scheduling problem. The scheduling problem is rendered nontrivial because of two major types of interactions between the readers. The first is collision between readers. Tags lying in the fields of multiple readers can result in collisions, resulting in faulty or missing reads. The second is correlation. Readings of various readers are correlated not just to the event, but to each other. The challenge then is to optimize the functioning of the network across both these interactions. There are two ways to avoid collision between a pair of RFID readers with overlapping fields. The spectral approach to avoiding collision assigns different frequencies to readers that have overlapping fields. However, a prerequisite for this approach to collision avoidance is that the readers and tags must be capable of operating on multiple frequencies. A large number of RFID readers in the 

Contact author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 392–402, 2006. c IFIP International Federation for Information Processing 2006 

Perturbative Time and Frequency Allocations for RFID Reader Networks

393

market today are single frequency. Thus, a frequency allocation scheme is not possible for collision avoidance for these readers. The second method of collision avoidance is time scheduling. In this approach, readers with overlapping fields are fired at different times so that they do not collide. Both of these allocations - spectral and temporal - can be modeled as graph partitioning (or equivalently, as graph coloring) problems. This has already been discussed in the context of frequency allocation. However, in several cases of practical importance, there is not enough resource (frequency or time) for a complete allocation. This might happen, for instance, where the readers have few frequency channels, making optimal frequency allocation impossible. It might also happen in the time domain when tags are moving through the system so quickly that there is not enough time to schedule all the readers up to their saturation time. In such resource constrained cases, we must resort to suboptimal resource allocation. This is the context into which the notion of perturbation of the network is introduced. The idea is to perturb the network slightly so that in the perturbed network, resource allocation is easier. We explore this theme in the rest of the paper. First we collect some results from graph theory.

2

Graph Theoretic Preliminaries

An (undirected) graph G is an ordered pair G = (V, E) where V is a set of vertices or nodes and E is a set of unordered pairs of distinct vertices, called edges. Denote the minimum and maximum degrees of the vertices in G by by δ(G) and Δ(G), respectively. A subset of V is called an independent set if there are no edges between vertices in V . An independent set is said to be maximal if the addition of any more vertices will result in a set that is not independent. Denote the size of the maximum independent set of G by β0 (G). A graph is said to be complete when there is an edge between every pair of vertices in it. A complete subgraph of G is called a clique. The clique number ω(G) is the cardinality of the largest clique in G. If G is the complementary graph of G, then clearly ω(G) = β0 (G). A simple undirected graph G = (V, E) is called bipartite if there exists a disjoint partition of the vertex set V = V1 ∪ V2 , V1 ∩ V2 = ∅ into independent sets V1 and V2 . In general, a graph is called k-partite when its vertex set V can be partitioned into k disjoint independent sets V = V1 ∪ V2 . . . ∪ Vk . Clearly a graph that is k-partite is also l-partite for |V | ≥ l ≥ k. We will denote the minimum k for which a graph G is k-partite by χ(G). This is the same as the chromatic number of G since the notion of partitions is equivalent to colorability. Clearly χ(G) ≥ ω(G). It is not hard to show that χ(G) ≤ 1 + Δ(G). Brooks’ theorem [1] tightens this general result. Theorem 1. If Δ(G) ≥ 2, then χ(G) = Δ(G) unless

394

V. Deolalikar et al.

1. Δ(G) = 2 and G contains a cycle of odd length. 2. Δ(G) > 2 and G contains a clique of size Δ(G) + 1. A cycle in a graph is a sequence of adjacent edges that begins and ends at the same vertex. The length of a cycle is the number of edges it contains. K¨onig’s theorem provides an elegant characterization of bipartite graphs. Theorem 2. A graph is bipartite if and only if it has no cycles of odd length. The girth g(G) of graph G is the length of its shortest cycle. The following counterintuitive result is due to Erd¨ os [6]. Theorem 3. For any positive integers g and k, there exists a graph with g(G) ≥ g and χ(G) ≥ k. In other words, high partiteness does not necessarily result only from short cycles. Of course, this result is only true for the class of non-planar graphs. The chromatic numbers of planar graphs are the subject of the storied four color theorem [10]. Theorem 4. Every planar graph can be colored with 4 colors. Equivalently, χ(G) = 4 for every planar graph. χ(G) = 3 for every planar graph with fewer than four triangles. The following theorem is also due to Erd¨ os [5]. Theorem 5. Consider the function f from graphs to integers such that f (G) is the maximum number of edges among all the bipartite subgraphs of G. Then f (G) >

|E| . 2

Notice that the MAX-CUT problem for a graph G seeks precisely to evaluate f (G). MAX-CUT in general is known to be NP-Hard. The following theorem [3] provides a result on a related function. Theorem 6. Consider the function h from integers to integers such that h(e) is the largest integer having the property that every graph with e edges has a bipartite subgraph with at least h(e) edges. Then √ e −1 + 8e + 1 . h(e) ≥ + 2 8 Now that we have stated the graph theoretic results that we need, we proceed to formulate a graphical model for an RFID network. Given a collection of RFID readers laid out in some topology, we associate to it a G = (V, E) as follows. The vertex set V is in bijection with the set of RFID readers and there is an edge e ∈ E joining v1 and v2 if the RFID readers corresponding to v1 and v2 have overlapping fields. This graph will be called the collision graph for the RFID network. It will be the main subject of analysis for the rest of the paper.

Perturbative Time and Frequency Allocations for RFID Reader Networks

3 3.1

395

The Standard Frequency and Time Allocation Problems Similarities and Differences, and Relation to Graph Coloring

Our model for each RFID reader assumes a fixed time of saturation, which is the time it takes to read its maximum capacity of tags from the tags that lie in its field. Up till this saturation time, a reader will read more tags given more time. After the saturation time, it will not read any more tags even if it is allowed to continue its read. The saturation times may vary with different readers. Let us first revisit the frequency allocation problem for networks of RFID readers. The goal is to allocate frequencies to various readers such that if two readers lie in each other’s interference region, they are given different frequencies. Clearly this problem reduces to coloring a graph where the vertices correspond to readers, with an edge between vertices when the readers lie in each other’s interference region. The graph coloring problem is also at the root of several other allocation problems in wireless communication. The time scheduling problem is subtly different. Here, the goal is to find the optimal sequence for firing the various RFID readers in the network. The constraints on this solution have two origins. The first is reader interference or collision. This precludes the firing of certain sets of readers simultaneously. At this point, this problem looks like the frequency allocation problem, except that the allocation is done along the time axis. Interfering readers are allotted nonoverlapping periods of time so as to avoid collision between them. Thus it may appear that this problem also reduces to the graph coloring problem, with a coloring corresponding to a time scheduling. However, this is not the complete picture, since time scheduling is also affected by the speed at which tags are passed through the network, whereas the frequency allocation problem is not. This brings us to the notion of perfect and imperfect scheduling, which we define next. Definition 1. A scheduling scheme will be called perfect if every RFID reader is given enough time to saturate, each time that it is fired. A scheme will be called imperfect otherwise. Lemma 1. The perfect scheduling problem for readers in a network is isomorphic to the frequency allocation problem, and both of them reduce to the graph coloring problem. In networks with slow moving tags and not many collisions between readers, it may be possible to devise a perfect scheduling scheme. However, in many practical scenarios, we have not found this to be the case. Thus imperfect scheduling schemes must be studied. We began this study in [2] where we constructed optimal scheduling schemes for small configurations of readers with collisions. In this paper, we take a more global picture of the network and ask the question “What can we do to the network to make network - wide scheduling easier?”

396

4

4.1

V. Deolalikar et al.

Working with Resource Constraints: The Perturbative Frequency and Time Allocation Problems The Role Played by the Chromatic Number of the Network Graph

We need the following definitions. Definition 2. The amount of time given to a particular reader for one read period will be referred to, simply, as a period. The amount of time between the start of two successive periods for a particular reader will be called its cycle time, or simply, its cycle. Thus one can think of a cycle that is a window of time that is divided in TDMA fashion into several periods, one for each reader that shares that cycle. One obvious desideratum for operation of reader networks is the ability to fire the RFID readers as frequently as possible without suffering collisions. The primary constraint on the simultaneous firing of a set of RFID readers is that the set of readers that can be fired simultaneously must be an independent set in the graph theoretic sense. Let us assume that all the readers that can be fired simultaneously are fired, followed by the next such set, and so on, till every reader is fired at least once. Then this cycle is repeated. If this scheme is followed, then clearly we can do no better than fire the full set of vertices in one maximal partition of the graph, and then cycle through the partitions till we exhaust them. Under these assumptions, the number of periods that comprise this cycle will be least if the graph is bipartite, i.e., has only two partitions. In this case, the number of periods in each cycle is two. If the graph is bipartite, we fire all the readers in one partition first, followed by all the readers in the complement, and then repeat this short cycle. This observation is important, and means that everything else being equal, collision graphs that are bipartite admit shorter cycles and therefore more read-time slots for each reader in a time window of fixed length. 4.2

The Role Played by the Correlations Between Readers

The picture depicted so far is also incomplete on account of the second interaction between readers in a network, namely, correlation. In other words, physical interference is not the only way two readers are related to one another. Non interfering readers are still related to one another by means of their correlations. At this point we should make more precise what we mean by correlation between readers. Readers read subsets of tags from a box of tags that is in their field. Different readers, in general, read different subsets. The notion of correlation between two readers as a measure of the overlap between the subsets that these two readers read. We next provide intuition as to why this affects the frequency allocation and time scheduling problems. We have already observed that one goal of the allocation scheme is to prevent colliding readers from reading simultaneously. However,

Perturbative Time and Frequency Allocations for RFID Reader Networks

397

that is not the only design constraint. Two non-colliding readers with a high correlation would be scheduled differently than two non-colliding readers with no correlation. This is because in a finite window of time, we wish to maximize the number of distinct reads made by the network. If two readers are highly correlated, it does not make sense in a resource constrained environment to give both of them separate frequencies in the spectral allocation problem, or both of them enough time to saturate in the time scheduling problem since our return on resource investment is scaled down by their cross correlation. Of course, there is a complex interplay here: we have to measure the cost of allowing both to saturate in the particular network topology. This consideration is often shaped significantly by the network topology at hand, and making general statements is difficult. For an evaluation of this tradeoff for certain particular network topologies, see [2]. 4.3

What Is a Perturbation of a Network?

While designing an imperfect scheduling scheme, we have the following tradeoff. We can switch off one of the groups early or we can let it saturate and possibly not give the other group time to read to its saturation limit. One approach that presents itself is to work with a slightly altered network where time allocation might be easier. This leads directly to the notion of perturbation of a network. A network is perturbed by making alterations to it in a clever manner using some prior knowledge of what properties the altered network should possess so that the allocation problems in it are easier than in the original network. Perturbation of a network could be desirable in other contexts as well. In some applications, it may be desirable to run only a subnetwork of the overall network. Here too, the question to be answered would be what subnetwork would be optimal from a resource allocation point of view. At HP Labs, we encountered these situations during practical deployments, but found that they had not been studied in literature. That provided the impetus for the present research. We now formalize the notion of perturbation. Definition 3. Given a RFID network and its associated collision graph G = (V, E), a perturbation of length n is a sequence of steps {Σi }i=1,...,n , with each Σ being one of the following: 1. Two readers whose fields overlap are moved apart so that this overlap vanishes. 2. A reader whose field overlaps with at least one other is switched off. We seek to reduce the problem of perturbation to a study of the subgraphs of the original network graph. We make the following simple observation. The first type of perturbation corresponds to the removal of the edge between these two reader vertices in G, while the second corresponds to the removal of the reader vertex and all its incident edges. Now the perturbative resource allocation problem can be informally stated as follows. How to attain a subnetwork of the original network using the two steps

398

V. Deolalikar et al.

above so that the resulting network is less constrained from a resource allocation point of view. It is a systematic study of this question that is the theme of this paper. We proceed by studying separately the two kinds of perturbations, and how we can perform them in an intelligent fashion to ease the constraints on resource allocation in the network.

5

Perturbation by Displacing Readers

If we are not willing to perform a scheduling algorithm with a longer cycle, then one approach would be to eliminate edges in the collision graph till we arrive at a bipartite collision graph. This leads to the question of how many edges must be removed from the original collision graph to arrive at a bipartite graph. This is the edge deletion bipartization problem. EDGE DELETION BIPARTIZATION: Given a weighted graph G = (V, E), what is

the edge set of minimum weight whose deletion results in a bipartite graph? This problem is NP-complete for general graphs. For planar graphs, it is polynomial time [9]. A general result on the number of edges that will need to be deleted from a triangle free graph to make it bipartite is given by the following theorem due to Erd¨ os et al [7]. Theorem 7. A triangle free graph on n vertices with e edges can be made bipartite by removing at most edges. 4e2 e (2e(2e2 − n3 ) ), e − 2 } Min{ − 2 2 2 n (n − 2e) n This theorem immediately gives us an upper bound on the length of a perturbation consisting only of displacement of readers that will yield a bipartite scheduling. Note that this theorem only assures us of the existence of a certain number of such edges, but does not tell us how to find them. One preliminary approach at finding such edges is provided by Theorem 2. We could try to find the cycles of odd length. In most practical situations, the graphs would not be very densely connected, and it would be relatively easy to find cycles of length 3, 5, and so on for smaller cycle length. We could then delete edges from these cycles in a judicious manner - first the common edges could be deleted, for instance. In Figure 1(a) we illustrate the idea of edge deletion in order to make the collision graph bipartite. Remark 1. The basic idea here is that we could reduce the partiteness of a graph by deleting edges, but we need not go all the way to a bipartite graph. We would, in general, need to delete fewer edges to lower the reduction in the original graph’s partiteness. In other words, making a graph tripartite involves

Perturbative Time and Frequency Allocations for RFID Reader Networks

399

removing lesser (or equal) number of edges than making it bipartite. In general, making a graph k-partite involves reducing lesser number of edges for increasing values of k. This tradeoff is warranted in case, say, a specific application needs the presence of 3 RFID readers near each other, all lying in each other’s collision range, and thus forming a cycle of length 3 which cannot be avoided. This sort of tradeoff is clearly application dependent. Remark 2. In a low correlation regime, a high partite system might be appropriate as one would want input from a large number of readers. Thus in a low correlation regime, we would be biased towards a high partite system when we take the tradeoff decision of deleting edges to move towards a bipartite system. In other words, we are likely to stop this procedure earlier, and halt before we reach a bipartite graph. In a high correlation regime, a low partite system might be more acceptable as one would want a few high correlation readers to fire as often as possible. The reasoning is that other readers likely have high cross-correlation with these few that are fired frequently, and therefore their outputs do not provide us with much additional information.

R

R

R

R

R

R R

R

R

R

ed

(a)

Rd

(b)

Fig. 1. Graph perturbations. a) Edge Deletion: If either of the readers that form the endpoints of the dotted edge are displaced sufficiently, the resulting network is bipartite. b) Node Deletion. If reader Rd is switched off, the resulting network is bipartite.

5.1

A Heuristic Algorithm for Edge Deletion Perturbation

Our proposed algorithm for edge deletion is based on the following heuristic. Edges that correspond to pairs of readers with high cross-correlation with each other can be removed with the least loss of information. There are two ways of arguing for this heuristic. One is that a pair of readers with high cross-correlation is effectively performing as a single reader, and displacing these two readers further apart is likely to render it into a genuine two-reader configuration. The second argument is that if any performance degradation does occur with the displaced reader, this only marginally affects the overall performance since the other reader was highly correlated with the original position of the first reader. Thus we retain access to a highly correlated version of the original information.

400

V. Deolalikar et al.

Thus our edge deletion algorithm is as follows. Algorithm 1. Correlation based edge deletion 1: Weight graph G = (V, E) by w(eij ) = rij where rij is the correlation between the ith and j th readers 2: while G is not bipartite do 3: Run algorithm vertex coloring 4: From Defect of algorithm vertex coloring, identify edge of highest weight 5: From the two RFID readers corresponding to this edge, displace the one with lower correlation with event 6: end while 7: G is bipartite

6

Perturbation by Switching Off Readers

The other approach would be to remove vertices in the collision graph till we arrive at a bipartite collision graph. This leads to the question of how many nodes must be removed from the original collision graph to arrive at a bipartite graph. This is the node deletion bipartization problem. NODE DELETION BIPARTIZATION: Given a graph G = (V, E), what is the smallest

set of nodes whose removal results in a bipartite graph? In Figure 1(b) we illustrate the idea of switching off readers deletion in order to make the collision graph bipartite. This problem is NP-hard for general graphs as well as for planar graphs. Heuristic algorithms exist that run in O(n2 ) [8]. An upper bound for the number of nodes that would have to be deleted is provided by the following theorem of Erd¨ os [5] which tells us that by switching off at most half of the readers, we can arrive at a bipartite network, which can then be scheduled optimally. Theorem 8. Every graph has a bipartite subgraph on half of its vertices. Note that it is not known which readers, when switched off, lead to a bipartite network. However, for small networks, even a brute force search would be feasible. Situations where switching off readers might be a desirable approach include cases where there is high correlation between readers. If there exists a subset of readers which has high correlation with its complement, and which when switched off results in a bipartite network, then this would be a natural candidate to apply this approach. 6.1

A Heuristic Algorithm for Node Deletion Perturbation

We begin with a result by Shearer [12] on triangle free graphs.

Perturbative Time and Frequency Allocations for RFID Reader Networks

401

Theorem 9. Consider the function f from graphs to integers such that f (G) is the maximum number of edges among all the bipartite subgraphs of G. If G is a triangle free graph with e edges on n vertices with degrees {di }i=1,...,n , then 1  e + √ di . 2 8 2 i=1 n

f (G) ≥

We now wish to make a heuristic argument that lies at the center of our proposed algorithm. Firstly, we observe that overlaps between readers are one cause of correlations between them. Now consider a RFID reader that overlaps with a high number of other readers. From the preceding observation it follows that it is likely that a large part of the information supplied by this reader can be obtained from the readings of these other overlapping readers. Everything else being the same, the more the overlaps of a given RFID reader with other readers, the more information about its readings can be obtained from the readings of these overlapping readers. This leads to the intuition that removing readers with a higher number of overlaps leads to less loss of information than removing readers with fewer overlaps. At the same time, the formula for chromatic number in Theorem 9 also suggests that removing the nodes with highest degrees will result in the greatest drop in chromatic number (although the formula only gives a lower bound on chromatic number). With this heuristic, and the formula for lower bounding the chromatic number, we propose the following algorithm. Algorithm 2. Correlation based node deletion 1: while G is not bipartite do 2: Run algorithm vertex coloring 3: From Defect of algorithm vertex coloring, identify node of highest degree 4: Switch off the RFID reader corresponding to this node 5: end while 6: G is bipartite

Remark 3. While in this paper we have looked at perturbing the graph so as to make it bipartite, we observe that it may be profitable to lower the chromatic number, but not necessarily all the way to bipartiteness. In general, it would take a smaller perturbation to produce a smaller drop in chromatic number.

7

Algorithm to Schedule Networks

The end desideratum in scheduling a RFID network is to maximize the number of aggregated reads [2]. This is hard to do. However, the work in this paper and in [2] suggests the following strategy: 1. First check if a perfect scheduling scheme is possible. If so, that is the optimal solution.

402

V. Deolalikar et al.

2. If perfect scheduling is not possible, then use the results of this paper to perturb the network slightly so that scheduling is easier than in the original network. 3. Use the results of [2] to schedule the perturbed network so that local reader topologies give maximized aggregated reads.

8

Conclusion

We have proposed and tackled a hitherto uninvestigated aspect of the operation of RFID (or general active sensor) networks, namely, intelligent perturbation of such networks based on knowledge of their subnetworks. We feel this is an area that needs more research focus, especially as RFID networks become more ubiquitous and support multiple applications in parallel. It is in those scenarios that sharing subnetworks across tasks will assume even more importance. Allocating resources to such subnetworks in an intelligent fashion requires an understanding of the perturbation problem. We have certainly found the insights presented in this paper to be useful in our RFID network test beds at HP Labs.

References 1. R. Brooks, On colouring the nodes of a network. Proc. Cambridge Philos. Soc. 37 (1941) pp. 194 - 197. 2. V. Deolalikar, M. Mesarina, J. Recker, and S. Pradhan, Optimal switching strategies for active sensor networks, USN 2005, LNCS 3823, pp.1025 - 1035. 3. C. Edwards, “Some extremal properties of bipartite subgraphs,” Canad. J. Math. 3 (1973), pp. 475-485. 4. D. Engels, The Reader Collision Problem, Technical Report, available at http://www.autoidcenter.org/research/MIT-AUTOID-WH-007.pdf 5. P. Erd¨ os, “On some extremal problems in graph theory,” Israel J. Math. 3 (1965), pp. 113-116. 6. P. Erdos, “Graph Theory and Probability - II.” Canad. J. Math. 13 (1961), pp. 346-352. 7. P. Erd¨ os, R. Faudree, J. Pach, and J. Spencer, How to make a graph bipartite, J. Comb. Theory (B) 45 (1988), pp. 86-98. 8. M. Goemans and D. Williamson, “Primal-Dual approximation technique for constrained forest problems,” SIAM J. Computing 24 (1995), pp. 296-317. 9. F. Hadlock, “Finding a maximum cut of a planar graph in polynomial time,” SIAM J. Computing 4(3) 1975, pp. 221-225. 10. F. Harary, Graph Theory, Addison-Wesley, 1969. 11. Ewa Malesinska. Graph-Theoretical Models for Frequency Assignment Problems. Ph.D. thesis, Technischen Universitt Berlin, 1997. 12. J. Shearer, “A note on bipartite subgraphs of triangle-free graphs,” Random Structures and Algorithms 3 (1992), pp. 223-226. 13. Waldrop, J., Engels, D.W., Sarma, S.E., ”Colorwave: An Anticollision Algorithm for the Reader Collision Problem”, Communications, 2003. ICC ’03. IEEE International Conference onVolume 2, 11-15 May 2003 Page(s):1206 - 1210 vol.2.

An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm Su-Ryun Lee1 and Chae-Woo Lee2 1

2

Samsung Electronics, Suwon, Korea School of Electrical and Computer Engineering, Ajou University San 5 Wonchon-dong Yeoungtong-gu, Suwon, Korea [email protected], [email protected]

Abstract. In RFID system, one of the problems that we must solve is the collision between tags that may occur when a reader attempts to read a number of tags simultaneously. Most of the popular anti-collision algorithms are based on the ALOHA-type algorithm, which are simple and show good performance when the number of tags to read is small. However, for ALOHA-type algorithms the time required to read the tags generally increases exponentially as the number of tag increases. Thus, they are not very efficient when the number of tags to read is large. In the paper, we propose a new anti-collision algorithm called Enhanced Dynamic Framed Slotted ALOHA (EDFSA) in which the time required to read the tags increases linearly with the number of tags. The proposed algorithm estimates the number of unread tags first and adjusts the number of responding tags or the frame size to give the optimal system efficiency. Simulation results show that the proposed algorithm improves the reading rate of data of the tags by 85∼100% compared to the conventional algorithms.

1

Introduction

Recently RFID (Radio Frequency IDentification) attracts attention as an alternative to the bar code in the distribution industry, supply chain and banking sector. This is because RFID system reads data without close context to the object it intends to read and stores more data than the bar code does. One of the largest disadvantages in RFID system is its low tag identification efficiency by tag collision especially when the number of tags in its readable range is large. Tag collision is the event that the reader cannot identify the data of tag when more than one tag occupy the same RF communication channel simultaneously. For a solution to the problem, the existing methods have to increase data transmission speed by extending frequency bandwidth or tag identification efficiency by minimizing tag collision. However, it is impossible to extend a frequency 

This work was supported in part by the Ubiquitous Autonomic Computing and Network Project, the Ministry of Information and Communication (MIC) 21th Century Frontier R&D Program in republic of Korea.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 403–412, 2006. c IFIP International Federation for Information Processing 2006 

404

S.-R. Lee and C.-W. Lee

bandwidth because usable frequency bands are limited. Therefore we must reduce tag collision for increasing tag identification efficiency. So far, several tag anti-collision algorithms have been proposed. Among them, the most widely used are framed slotted ALOHA algorithm and binary search algorithm. Due to its simple implementation, framed slotted ALOHA algorithm is used frequently [1]. The ISO/IEC 18000-6 describes the parameters for the air interface communications at 860MHz to 960MHz. This standard specifies two tag types; TYPE A and TYPE B [2]. In the standard, the reader uses frequency hopping spread spectrum. To read the data of TYPE A tag, a reader uses the ALOHA Protocol as the tag anti-collision algorithm and PIE (Pulse Interval Encoding), which is a kind of ASK (Amplitude Shift Keying), as the carrier modulation method. To read the data of TYPE B tag, the reader applies Binary tree algorithm as the tag anti-collision algorithm and Manchester coding as the carrier modulation method. The tag transmits its data to the reader by modulating the incident energy and reflecting it back to the reader. The EPC Class 1 Generation 2 discribes the protocols of RFID system operating in the 860∼960MHz frequency range [3]. The EPC Class 1 Generation 2 was adopted as ISO/IEC 18000-6 TYPE C standard. In this standard, the reader uses frequency hopping spread spectrum method to occupy the channel. The communication between the reader and tags in EPC Class 1 Generation 2 is similar to that of the ISO/IEC 18000-6 TYPE A. As the tag anti-collision algorithm the reader uses Slotted Random anti-collision algorithm that is a kind of ALOHA protocols and PIE as the carrier modulation method. As the most RFID systems use passive tags, frame sizes are limited in the framed slotted ALOHA algorithm [1]. In the algorithm, a tag randomly selects a slot number in the frame and responds to the reader using the slot number it selected. In this method, when the number of tags is small, the probability of tag collision is low. Thus the time used to identify the all tags is relatively short. However, as the number of tags increases, the probability of tag collision becomes higher and the time used to identify the tags increases rapidly. This problem is inevitable if the number of tags that attempt to access the fixed number of ALOHA slots increases. To solve this problem, we propose an algorithm that limits the number of responding tags to the number that has the maximum efficiency when there are large number of tags. Therefore, this algorithm improves the efficiency of tag identification and then lineally increases the required time for tag identification even if there are a number of tags. The remainder of this paper is organized as follows. Section 2 introduces a set of framed slotted ALOHA algorithms and points out their weakness. Section 3 proposes and analyzes new anti-collision algorithm called Enhanced Dynamic Framed Slotted ALOHA (EDFSA). Section 4 compares the proposed algorithm with existing algorithm. Finally, section 5 concludes the paper.

2

Previous Work

Slotted ALOHA algorithm is the tag identification method that each tag transmits its serial number to the reader in the slot of a frame and the reader identifies

An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm

405

the tag when it receives the serial number of the tag without collision. A time slot is a time interval that tags transmit their serial number. The reader identifies a tag when a time slot is occupied by only one tag. The current RFID system uses variants of slotted ALOHA known as framed slotted ALOHA algorithms. A frame is a time interval between requests of a reader and consists of a number of slots. This section briefly describes the existing framed slotted ALOHA anti-collision algorithms and compare their performance. 2.1

Basic Framed Slotted ALOHA (BFSA)

The BFSA uses a fixed frame and does not change its size. The reader offers information to the tags about the frame size and the random number which is used to select a slot in the frame. Each tag selects a slot to access using the random number [4]. Figure 1 is an example that shows how BFSA works. In the first read cycle, Tag 1 and Tag 3 simultaneously transmit their serial numbers in Slot 1. Tag 2 and Tag 5 transmit their serial numbers in Slot 2. As those tags are collided each other,Tag 1, 2, 3 and 5 must respond to the next request from the reader. The reader can identify Tag 4 in the first reader cycle because there is only one tag response in the time Slot 3. In the example, the frame size is set to three slots. Since the frame size of the BFSA is fixed, its implementation is simple. However, the efficiency of tag identification is low. For instance, no tag may be identified in a read cycle if there are too many tags because all the slots may be filled with collision. Too many slots will be left idle if large frame size is used when the number of tags is small. 2.2

Dynamic Framed Slotted ALOHA (DFSA)

The DFSA changes the frame size for efficient tag identification. To determine the frame size, it uses the information such as the number of slots used to identify the tag, the number of the slots collided and so on. The DFSA has several versions depending on the methods changing the frame size. Among them, we will briefly explain the two popular methods described in [1]. The first algorithm regulates the frame size using the number of the empty slots, the slots with collision and the slots filled with one tag. When the probability of collision is higher than the upper threshold, the reader increases the frame

Downlink Request

1

2

3

Uplink

Collision Collision 11110101

Tag1

10110010

Tag2 Tag3

1

2

Collision 10110010

3 10110011

10110010 10100011

10100011

10110011

10110011

Tag4 Tag5

Request

11110101 10111010

10111010

Frame

Fig. 1. The process of the BFSA

406

S.-R. Lee and C.-W. Lee

size. If the collision probability is lower than the lower threshold, the reader decreases the frame size. Because the reader starts a read cycle with the minimum frame size, when the number of tag is small it can identify the tags efficiently without increasing the frame size much. When the number of tags is large, the reader changes its frame size so as to decrease the collision probability. The second algorithm starts a read cycle with the initial frame size which is either two or four. If no tag is identified during the previous read cycle, it increases the frame size and starts another read cycle. It repeats this until at least one tag is identified. If a single tag is identified it immediately stops the current read cycle and starts to read another tag with the initial frame size. DFSA can identify the tag efficiently because the reader regulates the frame size according to the number of tags. However, the frame size change alone can not reduce sufficiently the tag collision when there are a number of tags because it can not increase the frame size indefinitely. In the second method, when the number of tags is small, then it can identify all the tag without too much collision. However, if the number of tags is large, it needs exponentially increasing number of slots to identify the tags because it always starts with the initial minimum frame size after identifying a tag, regardless how many tags are unread. 2.3

Advanced Framed Slotted ALOHA (AFSA)

The AFSA estimates the number of tags and determines a proper frame size that improves the efficiency [7][8]. Thus it has better performance than the BFSA. In the AFSA, the number of tags is estimated using the result of a read cycle such as the number of empty slots, slots filled with one tag, and slots with collision. To estimate the number of tags, The AFSA uses an estimation function shown in Equation (1). According to Chebyshev’s inequality, the outcome of a random experiment involving a random variable X is most likely somewhere near the expected value of X. The estimation function uses this property. Thus it measures the difference between the real results and the expected values to estimate the number of tags for which difference becomes minimal [6]. The number of tags is estimated using both the frame size (N ) used in the read cycle and the results of the previous read cycle as a triple of numbers < c0 , c1 , ck > that quantify respectively the empty slots, slots filled with one tag, and slots with collision as Equation (1) [7][8]. ⎛ ⎞ ⎛ ⎞   aN,n c0   0 ⎜ N,n ⎟ ⎝ ⎠ εvd (N, c0 , c1 , ck ) = min ⎝ a1 ⎠ − c1    ck   aN,n ≥2

(1)

N,n In Equation (1), < aN,n , aN,n 0 1 , a≥2 > are respectively the expected number of the empty slots, slots filled with one tag, and slots with collision where N and n respectively denote the frame size and the number of tags. In the AFSA, it was assumed that the tags already read also respond to the reader during other read cycle. Varying the frame size, the AFSA calculates how many slots are need to read 99% of the tags. Then it selects the frame size which

An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm

407

gives the smallest number of slots. Because the AFSA estimates the number of tags and determines the frame size to minimize the collision probability, it is more efficient than the other algorithms. However, the AFSA has the same problem that it can not increase the frame size indefinitely as the number of tags increases. Thus, this algorithm works well if the number of tags is relatively small, however, if the number becomes large it begins to show poor performance [7][8]. Furthermore, this method can not be applied to the tag that is deactivated once it is read.

3

Enhanced Dynamic Framed Slotted ALOHA (EDFSA)

The previous framed slotted ALOHA algorithms change the frame size to increase the efficiency of the tag identification. However, as the number of tags becomes larger than the frame size, the probability of tag collision increases rapidly [5][9]. This problem can not be solved without restricting the number of responding tags approximately the same as the frame size as we will explain later in this paper. In the following subsection, we propose Enhanced Dynamic Framed Slotted ALOHA algorithm which solves this problem. 3.1

Description of the EDFSA

If we can estimate the number of unread tags, we can determine the frame size that will maximize the system efficiency or minimize the tag collision probability. In general, when the number of tags is large, we can reduce the probability of tag collision by increasing the frame size. Because we can not increase the frame size indefinitely, when the number of unread tags is too large to achieve high system efficiency, we must somehow restrict the number of responding tags so that the optimal number of tags responds to the given frame size. When the number of unread tags is too small to achieve the optimal system efficiency, we must reduce the frame size. The system efficiency is defined as the ratio of the slots filled with one tag to the current frame size. If we know the number of unread tags and the frame size, we can calculate the system efficiency. The estimated number of unread tags can be obtained by Equation (1). The EDFSA estimates the number of unread tags first. If the number is much larger than the maximum frame size, to improve collision performance, it divides the unread tags into a number of groups and allows only one group of tags to respond. In the algorithm once the number of tags that should respond is determined, we can calculate the ratio of the responding tags to the total unidentified tags. With that ratio, the reader requests to respond to the all unidentified tags having zero remainder after the modulo operation. In every read cycle, the reader estimates the number of unread tags and calculates the number of groups that gives the maximum throughput during next read cycle. If the frame size is larger than the one that gives the optimal system efficiency, then the reader starts to reduce the frame size so that it can achieve the optimal efficiency with the estimated number of unread tags.

408

S.-R. Lee and C.-W. Lee

When the reader limits the number of responding tags, it transmits the number of tag groups and a random number to the tags when it broadcasts a request. The tag that received the request generates a new number from the received random number and its serial number and divides the new number by the number of tag groups. Only the tags having the remainder of zero respond to the request. When the number of estimated unread tags is below the threshold, the reader adjusts the frame size without grouping the unread tags. It means the reader broadcasts a read request with a frame size, a random number and the number of tags groups of one in this case. After each read cycle, the reader estimates the number of unread tags and adjust its frame size. This repeats until all the tags are read. 3.2

Analysis of the EDFSA

Generally in the framed slotted ALOHA anti-collision method, the system efficiency begins to increase as the the number of responding tags becomes larger and it begins to decrease if the number of responding tags increases more than a certain point. We will derive the optimum number of tags that should respond if the frame size is given. When the reader uses a frame size of N and the number of responding tags is n, the probability that r tags exist in one given slot is a binomial distribution as follows. " #" #" #n−1 1 1 n (2) 1− Bn, N1 (r) = r N N The expected number of read tags during one read cycle is given as follows. " #" #n−1 1 1 N,n a1 = N · Bn, N1 (1) = N · n (3) 1− N N where aN,n denotes the number of slots with r tags with the frame size of N and r n unread tags. Then the system efficiency is calculated as follows. System Efficiency =

the number of slots filled with one tag = aN,n 1 /N current frame size

(4)

We can obtain the number of tags that gives the maximum system efficiency by differentiating Equation (3). d(aN,n ) 1 dn

= (1 − 1/N )n−1 + n(1 − 1/N )n−1 ln(1 − 1/N ) = (1 − 1/N )n−1 {1 + n ln(1 − 1/N )} =0

(5)

Solving the above equation, we can derive the optimal number of responding tags with the frame size of N as follows. $ % 1 n= − (6) ln(1 − 1/N )

An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm

409

When the number of tags is n, the optimal frame size can be derived as follows. N=

1

1 1

1 − e− n

=

en

(7)

1

en − 1

When n is large, using Taylor series we can simplify the above equation as follows. 1 + n1 N = n + 1, n  1 (8) 1 + n1 − 1 The above equation tells us that when the number of tags and the frame size are approximately the same, the system efficiency becomes the maximum [5]. From Equation (8), we can conclude that if we restrict the number of responding tags similar to the frame size we can achieve maximum system efficiency. If the number of unread tags is sufficiently large (i.e., larger than the frame size), we can restrict the tag response by grouping the tags and allowing only one group to respond and this can be done by Modulo operation. The number of groups or the Modulo (M ) is calculated as follows. $

The number of unread tags M= N

% (9)

where N denotes the maximum frame size. In this paper, considering the implementation complexity we assume that the EDFSA uses the power of two (2,4,8, · · ·) for grouping the tags. Then the modulo operation can be simply done using the shift register. Figure 2-(a) shows the system efficiency as the number of tags increase while the frame size is set to N = 256. In the figure we can see that the maximum system efficiency can be achieved when the number of unread tags and the frame size are approximately the same and it is 36.8%. From the figure we can determine a specific number of tag groups which gives better system efficiency than others. When the number of unread tags is near or less than the frame size, we can achieve higher system efficiency if we do no use the Modulo operation and decrease the frame size. Figure 2-(b) shows how system efficiency changes when we vary the frame size. The EDFSA chooses the frame size and the Modulo that give better performance than any other combination of the two may provide. For example, as we see in the figure, the number of tags that produces the same expected system efficiency whether we apply Modulo 2 operation or Modulo 1 operation can be obtained as follows. 256,n/2 a256,n a1 = 1 (10) 256 256 We can rewrite the above equation as follows. n 2

"

1 256

" #" # n2 −1 #" #n−1 1 1 1 =n 1− 1− 256 256 256

(11)

S.-R. Lee and C.-W. Lee 0.4

0.4

0.35

0.35

0.3

0.3

System efficiency

System efficiency

410

0.25 0.2 0.15 0.1

0 0

200

400

600

800

0.2

0.15

0.1

The number of tag groups−1 The number of tag groups−2 The number of tag groups−4 The number of tag groups−8

0.05

0.25

Frame size −16 Frame size −32 Frame size −64 Frame size −128 Frame size −256

0.05

0 0

1000

50

100

The number of tags

150

200

250

300

350

400

The number of tags (n)

(a) System efficiency vs. number of tags

(b) System efficiency vs. frame size

Fig. 2. System efficiencies

Therefore, we obtain n = 354.

(12)

If the number of unread tags is slightly larger than 354, to achieve the optimal system efficiency we must divide the tags into two groups, and for the number of unread tags slightly smaller than 354 we must let every unread tag respond. By doing this, we can always obtain the expected system efficiency between 34.6% to 36.8 %. Table 1 shows example values. Table 1. The number of unread tags vs. optimal frame size and Modulo The number of unread tags Frame Size Number of tag groups (M )

4

708 – 1416

256

4

355 – 707

256

2

177 – 354

256

1

82 – 176

128

1

41 – 81

64

1

20 – 40

32

1

Performance Analysis of the EDFSA

We compare the EDFSA with the BFSA and the first algorithm of the Increase method of the DFSA. In the following, the first algorithm of the increase method of the DFSA is just called ’the Increase method’. We assume that the maximum frame size of each algorithm is 256 slots. We also assume that the BFSA uses the fixed frame size of 256 slots and the Increase method increases frames size from 16 slots to 256 slots. In the Increase method, we assume that the frame size doubles when the number of slots with collisions is more than 70% of the current frame size. We also assume that when the number of empty slots is more

An Enhanced Dynamic Framed Slotted ALOHA Anti-collision Algorithm

The number of slots used

5000

0.35

BFSA(frame size 256) DFSA(Increase) EDFSA

0.3 0.25

System efficiency

6000

411

4000

3000

0.2

0.15

2000

0.1

1000

0 0

BFSA(frame size 256) DFSA(increase) EDFSA

0.05

200

400

600

The number of tags (n)

800

1000

(a) Number of slots used to identify tags

0 0

200

400

600

The number of tags (n)

800

1000

(b) System efficiency vs. number of tags

Fig. 3. Simulation results

than 30% of the current frame size, the reader reduces the current frame size in half. The EDFSA is assumed to have the initial frame size of 128 slots. When no tag is read during a read cycle, we assume that all the tags have been read and finished simulation. From Figure 3, we can observe that as the number of tags increased, for both the BFSA and the increase methods the number of slots needed to read the tags increased exponentially while it increased linearly for the EDFSA. The system efficiency for the BFSA and Increase algorithms were below 20% because most of the slots were wasted by tag collision when the number of tags is large. When the the number of unread tags is small, most of the slots are left idle. In the figure, the Increase method showed better performance than the BFSA because the Increase method can decrease the frame size when the number of unread tags becomes small, while the BFSA maintains its initial frame size of 256 regardless of the number of unread tags. The number of slots used for the EDFSA to read the tags increased linearly as the number of tags did. This is because the EDFSA can partition the tag according to its maximum frame size when the number of unread tags was larger that its maximum frame size and reduces its frame size when the number of unread tags is smaller than the maximum frame size. Ideally the algorithm is able to maintain the system efficiency between 34.6% and 36.8% on the average regardless of the number of unread tags. In the simulation, the system efficiency of the algorithm showed the system efficiency of around 33% which is slightly less than the ideal, because of the initial frame size of 128 which was fixed regardless of the number of tags. From Figure 3 we can also observe that when the number of tags is 1000, the EDFSA exhibits performance improvement of 100% and 85% compared with the BFSA and the Increase methods respectively. If the number of tags is larger we will be able to observe more dramatic performance improvement. Though the simulation results use the number of slots as a performance metric, we believe the overall results will be very similar to the actual time it takes to read the tags because the reader generates a request just once every read cycle

412

S.-R. Lee and C.-W. Lee

and the time of the reader request is very small in the case of using a large frame size [4].

5

Conclusions

In this paper, we proposed an enhanced ALOHA anti-collision algorithm that is simple to implement but very efficient. The system efficiency becomes maximum we we set the frame size and the number of unread tags equal. For the simplicity of implementation, we used the power of two for the frame size and the number of tag groups. Despite the restrictions, we were able to maintain the system efficiency between 34.6 % and 36.8 %. This means that the number of slots needed to read the tags always increases linearly as the number of tags does. Theoretical maximum system efficiency is 36.8 % for framed slotted ALOHA. To verify the effectiveness of our algorithm we ran simulations and found that when the number of tags is 1000, our algorithm showed 85% to 100% the improvement of the reading rate over the other two comparing anti-collision algorithms. In the algorithm though we may improve the performance of the proposed algorithm if we use natural numbers instead of the power of two when selecting the frame size and the number of tag groups. However, the performance improvement is not significant. When we use the number with the power of two, we are achieving the system efficiency of at least 34.6%, while we can do 36.8% if everything is set to optimal. Thus, the algorithm we proposed is simple to implement while achieving the performance close to theoretical maximum.

References 1. K. Finkenzeller.RFID handbook - Second Edition. JOHN WILEY & SONS, (2003) 2. ISO/IEC JTC 1/SC 32/WG 4:Information Technology automatic identification and data capture techniques - Part 6: Parameter for air interference communications at 860MHz to 960MHz, ISO/IEC FDIS 18000-6, November (2003) 3. EPCglobal: EPC Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860MHz - 960MHz, Ver. 1.0.9, Jan. (2005) 4. PHILIPS Semiconductor. I-CODE1 System Design Guide: Technical Report. May (2002) 5. R. Rom and M. Sidi. Multiple Access Protocols/Performance and Analysis. SpringerVerlag, (1990) 47–77 6. W. A. Shewhart and S. S. Wilks. An Introduction to Probability Theory and Its Application - Second Edition. Wiley publications, (1960) 7. H. Vogt.: Multiple Object Identification with Passive RFID Tags. 2002 IEEE International Conference on Systems, Man and Cybernetics. vol:3, October (2002) 8. H. Vogt.: Efficient Object Identification with Passive RFID Tags. Proc. Pervasive 2002. (2002) 98–113. 9. J.E. Wieselthier, A. Ephremides, and L.A. Michels.: An Exact Analysis and Performance Evaluation of Framed ALOHA with Capture. IEEE TRANSACTION ON COMMUNICATIONS, vol:37 February (1989) 125–137

DiCa: Distributed Tag Access with Collision-Avoidance Among Mobile RFID Readers Kwang-il Hwang, Kyung-tae Kim, and Doo-seop Eom Department of Electronics and Computer Engineering, Korea University 5-1ga, Anam-dong, Sungbuk-gu, Seoul, Korea Tel: +82-2-3290-3802, Fax: +82-2-3290-3895 [email protected]

Abstract. Advances in wireless and mobile communication technologies have enabled the development of various RFID-based systems and applications in addition to the extension of the tag reading range of mobile readers. Thus, it has become commonplace that multiple readers concurrently attempt to read tags within ranges of the readers. However, this concurrent access among multiple mobile readers brings about a new problem called reader collision, where a reader’s transmission is interfered by other readers. There have been several studies focusing on solving the reader collision problem. These studies employ time division, frequency division, space division, or the centralized scheduling approach. In this paper, a cooperative, distributed reader collision avoidance algorithm is introduced. In particular, the proposed DiCa (Distributed Tag Access with Collision-Avoidance) is considerably suitable for energy-efficient wireless mobile network environments cooperated with RFID, since the DiCa is capable not only of avoiding collisions, but also changing power states autonomously through simple interaction of adjacent readers.

1

Introduction

Automatic identification (Auto-ID) systems have become commonplace in industries requiring the identification of products at the point of sale or point of service as well as in access control and security applications [1]. Radio Frequency Identification (RFID) is an Auto-ID technique which uses a specific radio frequency to automatically identify data stored on a tag, label or card with a microchip, and tracks each item through a supply chain. A RFID system consists of a RFID reader, and tags, which are generally attached to an object. As the development of foundation technology of RFID progresses rapidly, readers that read information from tags are becoming smaller, cheaper, and more portable. This has enabled the development of the mobile RFID reader, beyond standalone readers. In particular, in recent, it is increased that mobile RFID readers are used in a traditional wireless network. In particular, sensor networks, which construct wireless multi-hop networks with innumerable small devices, due to X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 413–422, 2006. c IFIP International Federation for Information Processing 2006 

414

K.-i. Hwang, K.-t. Kim, and D.-s. Eom

the low cost, small, and distributed characteristics [2], is expected as one of the most suitable network technologies for interacting with RFID. In such a mobile environment, it is commonplace for multiple readers to attempt to concurrently read a tag existing within ranges of both readers. However, this concurrent access among multiple mobile readers brings a new problem called reader collision, where a reader’s transmission interferes with other readers. This reader collision problem [3] is considerably different from tag collision, which was considered a critical issue in traditional RFID systems. In recent years, there have been several studies focusing on solving the reader collision problem. While these studies employ time division, frequency division, space division, or centralized scheduling approaches, in this paper, a cooperative, distributed reader collision avoidance algorithm is introduced. In particular, the proposed DiCa (Distributed Tag Access with Collision-Avoidance) is considerably suitable for energy-efficient wireless mobile network environments cooperated with RFID, since the proposed DiCa (Distributed Tag Access with Collision-Avoidance) is capable of not only avoiding collisions, but also changing power state autonomously through simple interaction between adjacent readers. The remainder of this paper is organized as follows. In section 2, characteristics of mobile readers are described. In section 3, work relating to the reader collision problem is presented. The proposed DiCa is introduced in Section 4. Performance of DiCa is evaluated in terms of throughput and energy efficiency in section 5. Finally, this paper is concluded in section 6.

2

Characteristics of Mobile Readers

In contrast to stationary RFID readers, mobile RFID readers are available to freely read tags by moving the reader’s position. The mobility of the RFID reader has several advantages as follows: coverage extension of readers, facilitation of inventory or stock, and low cost of installment and maintenance. These advantages accelerated the use of mobile readers in various environments. However, mobile readers based on mobility can bring about serious problems of interference among multiple readers within a similar range. Fig. 1 illustrates interference which can be caused when two readers attempt to concurrently read a tag within an overlapping range. A collision by such interference is called reader collision. This reader collision must be avoided because collisions do not occur at the reader, but at the tag. Therefore readers cannot realize the fact that, due to collision, tag data is missed. The more the RF radio range and numbers of reader’s increases, the more collisions occur. Therefore, reader collision should be avoided, as well as anti-collision among tags.

3

Related Work

In this section, work relating to the RFID reader collision problem is illustrated, and several limitations and problems of traditional algorithms are discussed. The first representative algorithm is Colorwave [5] which is a distributed TDMA

DiCa: Distributed Tag Access with Collision-Avoidance

415

Fig. 1. Interference between readers

based algorithm. Each reader of a local RFID network chooses one of the slotted colors in [0, Maxcolors] randomly, and only a reader with a queued request for transmission can transmit data in its color timeslot. If the transmission collides with another reader, the transmission request is discarded, and the reader randomly chooses a new color and reserves this color. If a neighbor has the same color, it chooses a new color and transmits a kick packet. Each reader synchronizes with other readers by continuously tracking the current time slot. The number of Maxcolors varies according to the network situation. Colorwave enables the RFID system to easily adapt to local disturbances, based on local information, such as the installation of a new reader or the presence of a mobile RFID reader. However, Colorwave requires tight time synchronization between readers. Therefore, in Colorwave, overhead of time-slot reselection continuously increases when network topology is changed by reader mobility. Furthermore, Colorwave assumes that a reader is able to detect collisions in the network without being aware of a tag. However, the assumption is not suitable for feasible RFID systems. Q-learning [6] presents online learning algorithms in hierarchical network architecture. In this algorithm, reader collision problem can be solved by learning collision patterns of readers and by effectively assigning frequencies to the readers over time. HiQ algorithm in Q-learning is composed of three basic hierarchical layers: reader, reader-level server, and Q-learning server. The readers transmit collision information to the upper layer server. An individual upper layer server then assigns resources to its readers. However, the hierarchical architecture requires additional managements in overall hierarchy despite a slight change in the lower layer. Therefore, in highly mobile environments, management overhead exponentially increases and, eventually, serious collisions or delay in the network is created. Pulse [4] is similar to the proposed DiCa in that the algorithm attempts to solve the reader collision problem using two separated channels in the RFID

416

K.-i. Hwang, K.-t. Kim, and D.-s. Eom

system. One channel (data channel) is used for reader-tag communication and another (control channel) is used for reader-reader communication. That is, transmission on a control channel will not affect on-going communications on the data channel. The pulse algorithm presents a notification mechanism where a reader transmits a broadcast message called ”beacon” to its neighbors periodically through the control channel, while it is communicating with the tags through the data channel. Although the Pulse is similar to the presented DiCa in that reader collision is avoided by the two independent channels, the Pulse has inherent overhead for broadcasting periodic beacon in all nodes. In addition, the hidden and exposed problems from using two channels are still unsolved. In contrast to previous studies, the proposed DiCa does not require any centralized coordinator or global synchronization. In addition, the DiCa copes well with the hidden and exposed problems by employing variable power control.

4

DiCa: Distributed Tag Access with Collision Avoidance

In this section, a cooperative, distributed reader collision avoidance algorithm is presented. The main design goal of the proposed DiCa (Distributed Tag Access with Collision-Avoidance) is energy-efficiency and compatibility with other access networks, as well as collision avoidance. In particular, the DiCa is distinguished from other reader collision avoidance methods due to its distributed collision avoidance characteristics.

Fig. 2. RFID system architecture cooperated with sensor networks

The network model for the DiCa makes the following basic assumptions: – While sensor nodes are stationary, readers are mobile. – Each reader has two independent communication interfaces: the first is to aggregate information from tags and the second is to access to backbone

DiCa: Distributed Tag Access with Collision-Avoidance

417

START

Send BRD_WHO

Receive BUSY?

Yes

Wait until receive BRD_END

No No

Waiting time Expired? Yes Start to read tags

Yes Receive BRD_WHO during reading tags?

Receive BRD_END?

No

Yes Random Back-off

Send BUSY

No Send BRD_END

END

Fig. 3. Collision avoidance operation of DiCa

network or to communicate with other readers. In other words, the one is data channel and another is control channel. – The sensor network is considered as an access networks(backbone network) as shown in fig. 2. However, in this paper, the design or architecture of the routing protocol or data dissemination protocol for sensor networks is not considered because these topics are beyond the scope of this paper. 4.1

Operation of DiCa

The basic operation rule of DiCa is simple. Each reader contends with others through a control channel. The winner of the contention can read tags first through the data channel, and the other readers wait until the channel is idle. As soon as channel is idle, the other readers begin to read. In order to read tags without collision among readers, mobile readers have to contend repetitively with other readers. This task is achieved by exchanging three types of packets as follows. Fig. 3 illustrates operation of DiCa in a reader system. A mobile reader, wanting to read tags, broadcasts the BRD WHO message to neighbors to identify its presence of readers reading tags in the overlapped location. If another reader exists in the range, the reader will receive the BUSY message. This means the

418

K.-i. Hwang, K.-t. Kim, and D.-s. Eom

Fig. 4. Examples of hidden and exposed node problem

data channel is already occupied by another reader. In this case, the reader should wait until reception of BRD END, which means the data channel is free. However, if the reader does not receive a message over a certain period of time after transmitting BRD WHO, the reader can begin to read, as the data channel is free. BRD WHO BUSY BRD END

4.2

Packet for identifying whether a reader reading tags exists in the same network or not. Signal for answering to the reader that sends a BRD WHO packet. Busy means that a reader is now reading tags. Packet for notifying that the channel is idle after completing reading tags

The Optimization of Communication Range

DiCa uses distributed channel access using two independent communication channels. The distributed algorithm based on contention does not require centralized coordination or global synchronization. However, a contention-based algorithm, in particular, using two independent channels can lead to additional problems: the hidden and exposed node problems. Fig. 4 describes the hidden and exposed node problems. The hidden node problem is illustrated in fig. 4 (a). A collision occurs when the two readers attempt to concurrently read tags within a common set. The control messages cannot reach another reader because of a short control channel radio range.In addition, as presented in Fig. 4 (b), the exposed problem is caused by an excessive control channel radio range. Even though Reader R1 can read a tag without interference, R1 should be blocked until reading of R2 is completed.These two problems demonstrate that it is necessary that the communication range of the control channel is optimized, for minimizing hidden and exposed node problems. This means an optimized communication range can remove collisions from hidden nodes, and unnecessary delay from exposed nodes.

DiCa: Distributed Tag Access with Collision-Avoidance

419

Fig. 5. The optimization of communication range in control channel

In order to avoid collision between readers, reader1 needs to identify all neighbors that can read the same tag. Therefore, R, the communication range in the control channel, must be greater than 2 times r, the communication range in data channel, as presented in Fig. 5. This means, when R 2r, tag reading of reader 1 is reflected to R2 by control channel messages. Thus, the hidden node problem can be solved while the influence of the exposed problem is minimized. In addition, the DiCa considers the fact that each mobile reader can access to wireless backbone networks, specifically sensor networks. As described previously, RFID readers can communicate with the backbone through the control channel. It is important to note that the communication range required to access to the sensor network is considerably different from the range optimized for reader collision avoidance. However, the deployment pattern of sensor nodes is varied according to various environments. Therefore, DiCa supports variable power control of a control channel. This means optimal power intensity is applied only when the reading tag and general power intensity is used for communication with the sensor network.

5

Performance Evaluations

In this section, the proposed DiCa is evaluated in terms of the throughput and energy consumption. In addition to performance evaluation of the DiCa, comparative simulation is conducted. The DiCa is compared to 1-persistent CSMA, ALOHA, and Pulse, which are contention-based multiple access controls. 5.1

Simulation Environments

It is assumed that all readers in the network are capable of communicating with each other. In simulations, the following metrics, throughput (1) and dissipated energy (2), are observed.

420

K.-i. Hwang, K.-t. Kim, and D.-s. Eom

400

400

390 385 380 375

30 Readers 25 Readers 20 Readers 15 Readers 10 Readers 5 Readers

370 365 360 355 350 20

40

60

80

100 120 140 160 180 200 220 240 260

Tag data (bytes) (a) Throughput with respect to varying tag data size

Average throughput (bytes/second)

Average throughput (bytes/second)

395

350 300 250 200 150 100 50 0

DiCa

Pulse

CSMA

ALOHA

(b) Throughput comparison

Fig. 6. Throughput evaluations

 Throughput =

query sent successf ully(by all readers) T otal time

DissipatedEnergy = activetime(s) × current(mA) × voltage(V) 5.2

(1) (2)

Simulation Results

Through simulations, performance variations are observed in terms of throughput and total dissipated energy. In experiments, all readers in the network attempt to read tags concurrently every second and the number of readers is increased from 5 to 30. Firstly, as presented in fig. 6 (a), the throughput, which means the number of successfully received data over all tag data during a unit time, is measured with respect to varying the tag data size (8, 16 - 128 bytes). The result demonstrates that relatively low throughput at small-sized tag data (less than 32bytes) gradually converges to a point, approximately 390bytes/second, as tag data size increases. This is because DiCa requires sufficient time to exchange contention messages in the control channel. However, the smaller the data size, the shorter the reading time of the reader. Therefore, with a small data size, sufficient time to exchange contention messages may not be guaranteed, so the collision possibility between readers increases. However, if the tag data size is greater than 32bytes, the control message exchange time is guaranteed and collision decreases without concern to the number of readers. In addition, it is noticeable that, compared with Pulse, CSMA, and ALOHA, the throughput of DiCa outperforms the other schemes, as demonstrated in fig. 6 (b). DiCa is originally intended to be used in mobile RFID readers. The power of a mobile RFID reader depends on its battery. Therefore, energy efficiency is one of the most important factors for wireless network consisting of mobile RFID readers. Fig. 7 (a) presents cumulative energy consumption with respect to time in each reader. Since DiCa avoids the collisions in a distributed manner among neighboring readers, the energy is proportionally increased with respect to the number

750

421

1800

30 Readers 25 Readers 20 Readers 15 Readers 10 Readers 5 Readers

1000

1600 Average dissipated energy (mJ)

Cumulative dissipated energy (mJ)

DiCa: Distributed Tag Access with Collision-Avoidance

500

250

1400 1200 1000 800 600 400 200

0 30

45

60

75

90

105

120

135

150

165

180

time (second) (a) Cumulative energy consumption with re-spect to time

0

DiCa

Pulse

CSMA

ALOHA

(b) Comparison of consumed energy

Fig. 7. Energy evaluations

of neighboring readers. Nevertheless, under the same condition, compared with other protocols, such as Pulse, CSMA, and ALOHA, DiCa demonstrates better energy efficiency. In particular, as presented in Fig. 7 (b), it appears that DiCa consumes greater energy than CSMA. However, considering only successful tag reading without collisions, DiCa is more energy-efficient since CSMA has a high failure rate because tag reading should be retried repetitively. These retries reveal unnecessary energy consumption in the network.

6

Conclusion

Concurrent access among multiple mobile readers results in reader collision, where a reader’s transmission interferes with other readers. In this paper, a cooperative, distributed reader collision avoidance algorithm is introduced. The proposed DiCa is distinguished from prior studies in that DiCa does not require centralized coordination or global synchronization. In particular, DiCa is suitable for energy-efficient wireless mobile network environments since the proposed DiCa is not only capable of avoiding collisions, but also changing power state autonomously through simple distributed interactions between adjacent readers.

References 1. Sanjay E. Sarma, Stephen A. Weis, Daniel W. Engels, “RFID Systems and Security and Privacy Implications,” Lecture Notes in Computer Science 2523, pp. 454-469, 2003. 2. Rolf Clauberg, “RFID and Sensor Networks,” IBM white paper, 2004. http://www.m-lab.ch/rfid-workshop/ibm paper.pdf. 3. Engels, D.W., Sarma, S.E., “The Reader Collision Problem,” IEEE International Conference, 2002.

422

K.-i. Hwang, K.-t. Kim, and D.-s. Eom

4. Shailesh M.Birari, “Mitigating the Reader Collision Problem in RFID Networks with Mobile Readers,” M.S. Dissertation in Indian Institute of Technology Bombay, 2005. 5. Waldrop J., Engels D.W., Sarma S.E., “Colorwave: An Anti-collision Algorithm for the Reader Collision Problem,” ICC ’03, 2003. 6. Junius K. Ho, “Solving the reader collision problem with a hierarchical q-learning algorithm,” M. S. Dissertation in Massachusetts Institute of Technology, February 2003.

Design and Implementation of a High-Speed RFID Data Filtering Engine* Hyunsung Park and Jongdeok Kim Dept. of Computer Science and Engineering, Pusan National University. Geumjeong-gu, Busan 609-735, Korea [email protected], [email protected]

Abstract. In this paper, we present a high-speed RFID data filtering engine designed to carry out filtering under the conditions of massive data and massive filters. We discovered that the high-speed RFID data filtering technique is very similar to the high-speed packet classification technique which is used in highspeed routers and firewall systems. Actually, our filtering engine is designed based on existing packet classification algorithms, Bit-Parallelism and Aggregated Bit Vector (ABV). In addition, we also discovered that there are strong temporal relations and redundancy in the RFID data filtering operations. We incorporated two kinds of caches, tag and filter caches, to make use of this characteristic to improve the efficiency of the filtering engine. The performance of the proposed engine has been examined by implementing a prototype system and testing it. Compared to the basic sequential filter comparison approach, our engine shows much better performance, and it gets better as the number of filters increases.

1 Introduction RFID is an automatic identification system, which consists of tags attached to target objects and networked readers recognizing those tags. The RFID system does not require line of sight or contact between readers and tags and it is fast as well. With the significant advantages of RFID technology, RFID is being gradually adopted and deployed in a wide area of applications, including supply chain management, retail, anti-counterfeiting, and healthcare. For example, global retail giants, such as WalMart and Tesco, are now pushing their suppliers to integrate the RFID technology into their supply chain. As RFID systems enable us to achieve many good things, such as more efficient inventory managing, greater visibility, easier product tracking and monitoring, we expect that nationwide, even globalwide RFID infrastructure would be built in the near future. However, the amount of tag data to handle in real-time would get heavier as RFID systems get more widely deployed and used. Note that an RFID application concerns only a certain subset of the total captured data. Considering the limited computing and *

This work was supported by the Regional Research Centers Program (Research Center for Logistics Information Technology), granted by the Korean Ministry of Education & Human Resources Development.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 423 – 434, 2006. © IFIP International Federation for Information Processing 2006

424

H. Park and J. Kim

communication resources of RFID systems, delivering all the captured data to all the applications above is neither proper nor feasible. It is inevitable to filter our unwanted data and deliver only wanted data to appropriate applications. As a result, RFID data filtering has emerged one of key challenges in RFID technology and it is now getting more attention. Leading RFID standardization bodies like EPCglobal have defined some basic specifications about RFID data filtering and some major RFID middleware providers incorporate filtering functions into their products. EPCglobal, which is an industry consortium leading the development of industrydriven standards for the Electronic Product Code™ (EPC) to support the use of Radio Frequency Identification (RFID), has released “EPCglobal Reader Protocol” [1]. It describes filtering functions, such as ReadFilter, that can be carried out by a conforming RFID reader. The ReadFilter removes certain tag read events according to the bit-wise patterns negotiated through the reader protocol. Multiple filters can be used and each filter is specified to be either inclusive, meaning that only tags matching the filter shall be reported, or exclusive, meaning that a tag shall only be reported if it does not match the filter. While basic RFID filter specifications are addressed, how to carry out filtering function for massive data and massive filters are not addressed in related documents. Besides, we can hardly find any previous academic research on this massive RFID filtering problem in spite of its importance.

2 RFID Data Filtering and Bit-Parallelism In this section, we introduce the filtering operation defined by EPCglobal. Then we explain the similarity between packet classification and RFID data filtering. 2.1 RFID Data Filtering RFID data filtering consists of simple logical operations based on bit-wise patterns. A filter is specified by using two hexadecimal strings, a filter value ‘V’ and a filter mask ‘M’. In the filter mask (M), all bit positions where the value is important for the filtering are set to 1. In the filter value (V), the desired value of the bit positions defined as relevant in M can be set. A tag ID matches the filter if and only if the result of applying the filter mask on the filter value using a bit-wise AND operation is the same as when applying the filter mask on the tag ID: If (V bitand M) == (A bitand M) then TagIDMatchesTheFilter ()

Example: filter mask M = 1C (00011100), filter value V = 10 (00010000) Because of the setting of M, only the values of bit positions 4-6 are important. Actual tag ID data A = 55 (01010101 in binary) V bitand M = 10 bitand 1C = 00010000 bitand 00011100 = 00010000 = 10 A bitand M = 55 bitand 1C = 01010101 bitand 00011100 = 00010100 = 14 The two values are different, so there is no match.

Design and Implementation of a High-Speed RFID Data Filtering Engine

425

2.2 Packet Classification vs. RFID Data Filtering

An example of a real-life packet classifier in four dimensions is shown in Table 1. Table 2 shows an example of a GID-96 tag’s RFID data filters which are compliant with Tag Data Structure (TDS) [2]. They are recorded with hexadecimal numbers. Table 1. An example of Packet Classification

Rule R1 R2

Destination 164.125.34.164 255.255.255.0 164.125.34.164 255.255.0.0

Source 164.125.34.164 255.255.255.255 164.125.34.164 255.255.252.0

Port eq www

Protocol *

Action Deny

*

udp

Accept

Table 2. An example of RFID data filters

Filter F1 V M F2 V M

Header 35 FF 35 FF

General Manager Number 4AB8012 FFFFC00 2300890 FF80000

Object Class 856001 FFE00 AB6001 FFFFC0

Serial Number 9112ABC90 FFFC00000 0012134AF FFFE00000

Let’s examine these two examples on the point of bit-wise pattern filtering. Even though there is no action column in Table 2, we can say that packet classification and RFID data filtering have the same way of pattern filtering. Instead of an action column, an RFID data filter is specified to be either an inclusive or exclusive filter. “Inclusive” means that only tags matching the filter shall be reported whereas “exclusive” means that a tag shall only be reported if it does not match the filter (i.e., the tag does not match any of the exclusive patterns and matches at least one of the inclusive patterns). Therefore, we conclude that packet classification and RFID data filtering are very similar. Thus, the major concern of this paper is applying packet classification algorithms to RFID data filtering. After studying packet classification algorithms [3, 4, and 5] in previous studies, we applied them to RFID data filtering. 2.3 Bit Vector Generation from Bit-Parallelism

The Bit-Parallelism scheme is a method of divide-and-conquer which divides the whole bit stream into k dimensions and then combines the results. Table 3 is a simple example of this. Note that the wild card (*) performs the same role of filter mask in RFID data filtering. Fig. 1 illustrates the trie construction of simple two dimensional example databases in Table 3. In Fig. 1, from the center point on the top, prefixes slide down to the left by bit 0 or to the right by bit 1 and set its bit position of the bit vector in the destination node. For example, the first filter F1 in Table 3 has 00* in the first dimension (D1); thus, the leftmost node in the trie corresponds to 00* (i.e., slides down to left and left and set 1st bit). By the same procedure, the D1 trie contains a

426

H. Park and J. Kim Table 3. A simple example with 8 filters on two dimensions

Filter F1 F2 F3 F4 F5 F6 F7 F8

D1 00* 10* 11* 0* 0* 0* 00* 1*

D2 11* 11* 10* 10* 01* 0* 00* 0*

node for all distinct prefixes in D1 of Table 3 such as 00*, 10*, 11*, 0*, and 1*. Note that the * affects the lower layers; for example, 1* of F8 in D1 slides down right and sets the 8th bit. Also, its right and left sub node’s 8th bit have to be set (i.e., a recursive procedure). As a result, each node in the trie is labeled with an N-bit long vector (i.e., N is the total number of filters).

Fig. 1. Filtering by Bit-Parallelism Trie

Using two constructed tries in Fig. 1, let’s examine an actual tag ID filtering. When a tag ID arrives with dimensions D1 ,..., Dk , we do a longest matching prefix lookup. For a simple example, tag ID of 8 bits long 00100111 is read in the reader. It consists of two dimensions; D1 having 4 bits and D2 having 4 bits. Those two 4 bit vectors slide down Fig. 1’s tries, respectively. Grey circles are the final bit vector destinations of each dimension as a result of sliding down by bit 0 to the left and bit 1 to the right manner. Then we calculate the bit-wise AND operation with these two bit vectors: 10011110 & 00001101 = 00001100 = {F5, F6} As a result, both F5 and F6 are matched filters for the actual tag ID (00100111). If we take priority into consideration, F5 has higher priority than F6 by convention. However, in this paper, we restrict RFID data filters to inclusive or exclusive without priority. Therefore, if the tag does not match any of the exclusive filters and matches at least one of the inclusive filters, it shall be reported to an upper layer. 2.4 Applying ABV

The ABV (Aggregated Bit Vector) [5] is made by simply aggregating each group of A bits (A is aggregate size) into a single bit (which represents the bit-wise OR

Design and Implementation of a High-Speed RFID Data Filtering Engine

427

operation). In this way, the main goal of an ABV algorithm is reducing the number of bit-wise operations and memory access. In order to do this, there is one big condition that the set bits in the bit vector of each node must be very sparse (i.e., with very few ‘1’ bits in the whole bit vector, the others being ‘0’ bits). Given the above, by examining the aggregate bit vector with large N, we only examine the leaf bit map values for which the aggregate bits are set. In other words, the aggregate vectors allow us to quickly filter out bit positions where there is no match. The goal is to have a scheme that comes close to taking O(log A N ) memory accesses instead of taking O(N ) , even for large N. Therefore, it is important to decide the A value. A is a constant that can be tuned to optimize the performance of the aggregate scheme; a convenient value for A is W (the word size). Fig. 2 illustrates the trie construction of ABV for the example database in Table 3. The parentheses are aggregated bit vectors using an aggregate size A = 3. So, the leftmost leaf node (10011110) produces (111) by OR operation (aggregated with 3 bits, 3 bits and the last 2 bits in order).

Fig. 2. Filtering by ABV Trie

For example, with the same actual tag ID in the previous example, 00100111 is read in the reader. Like the same procedure as in the previous example, grey circles are the final bit vector destinations of each dimension. Then, we can do the bit-wise AND operation with two aggregated bit vectors. Thus, ABV (111) & ABV (011) = 011. The AND operation on the two aggregate vectors yields 011, showing that a possible matching rule must be located only in the last 5 bits (3 bits plus 2 bits). Thus, it is not necessary to retrieve the first 3 bits for each field. Notice that the cost savings are small in this example, but in larger examples they show much bigger gains. However, note that the ABV algorithm may wrongly assume that there might be a matching rule in the corresponding bit positions for all the set bits in the aggregate bit vector. This is because of a false match [5], a situation in which the result of an AND operation on an aggregate bit returns a set bit but there is no valid match in the real bit vector.

3 Cache Based Improvement In this section, we integrate cache to RFID data filtering to achieve an additional improvement. Also, we describe their implementation.

428

H. Park and J. Kim

3.1 Background

We suggest a cache concept to RFID data filtering because we believe they have the following characteristics, especially regarding the RFID system. We assume these two characteristics as the background of our cache-based improvement: • The probability of the same tag detection is very high in the short period of time. • The probability that the matched filter will be rematched is very high during the specified time.

As a simple example of the first assumption, let’s think about the big warehouse. We assume there are RFID readers which read more than 1000 tags of goods per second. The goods which lay currently within the reader’s RF field are detected according to the sensing interval. Therefore, until those goods are moved beyond the RFID reader’s RF coverage, the same tag IDs are detected continuously. As a simple example of the second assumption, we assume a situation of putting goods into the warehouse or taking goods out of the warehouse. Usually, the same kinds of goods are delivered at the same time, which means only their serial numbers are different

Fig. 3. Diagram of filtering flow including tag cache and filter cache

Design and Implementation of a High-Speed RFID Data Filtering Engine

429

(i.e., often the serial number is increased by one). Therefore, the probability that a matched filter will be rematched is very high during the specified time. In summary, all processes based on the above assumptions are illustrated with the flow diagram in Fig.3. First, one sensed tag ID goes through a tag cache. If the tag cache contains that tag ID, the tag cache is able to know whether it was a matched filter or not by extracting its value. If the tag ID doesn’t exist in the tag cache (i.e., new tag ID), the process moves to the filter cache. In the filter cache, filters of the highest probability should be applied first. If there is no matched filter in the filter cache, the filtering process is performed last. 3.2 Using a Tag Cache

As an implementation of the tag cache, we have decided to use a combination of a hash table and a hash map with a linked list. As a hash function, we simply performed parity checking. We counted how many set bit exists in each bit vector. For example, Table 4 shows the parity checking of the source data for a tag cache. The first tag ID (00100011) can be divided into three bit vectors; 3-3-2 (001-000-11). The first bit vector (001) has an odd number of bit 1, so the parity value is ‘1’. Whereas the last bit vector (11) has even number of bit 1, the parity value is ‘0’. Thus, we can get a parity bit vector (100). With the parity column of Table 4, we classified them into the hash buckets of Table 5. This will evenly distribute tag IDs into the hash buckets. In Table 5, we illustrated that each hash buckets refer to a linked list of records as a collision resolution strategy of a hash table. Furthermore, we gave each linked list of records a limit to store (i.e., a queue). Therefore, a bucket which overflows the prefixed queue size should delete its older entry; i.e., the Least Recently Used (LRU) cache. This is true because older data has a lower probability of being sensed again than newly sensed tags (with RFID characteristics we assumed in the background section of this chapter). In our implementation, we decided to use the doubly linked list as a queue. Determining the queue size is another important factor in creating better filtering performance. Table 4. Source data for tag cache

No. 1 2 3 4 5 6 7 8 9 10

Tag IDs 00100011 11110011 10101100 10111011 00011111 10001101 11101011 01010111 10011001 10100101

Match? T T T F T T T T F T

Parity 100 110 000 000 010 101 110 100 101 011

Table 5. Tag Cache using a hash table

Hash B uckets 000 001 010 011 100 101 110 111

key (value) 10101100(T)→10111011(F) 00011111(T) 10100101(T) 00100011(T)→01010111(T) 10001101(T)→10011001(F) 11110011(T)→11101011(T) -

430

H. Park and J. Kim

We consider a duplication problem in Table 5, because duplication makes the cache even useless. Actually, to prevent duplicated tag IDs from appending into the queue of each bucket, we used a LinkedHashMap Class of Java API which implements Map interface. Map interface is an object that maps keys to values. A map cannot contain duplicate keys (i.e., tag ID); each key can map to at most one value [6]. Therefore, we didn’t need to worry about duplication, but had to consider the operation overhead of the LinkedHashMap class in the Java API. In fact, we put off the specific verification of this to future. Note that Map interface enables us to map keys to values. Therefore, stored key contains a boolean value which represents that true is matched tag and false is not matched tag. Thus, when a tag ID enters a tag cache, if the tag cache contains the tag ID (i.e., key), the tag cache is able to know whether it was a matched filter or not by extracting its value without any further processes. 3.3 Using a Filter Cache

As a filter cache, we decided to use a single queue. Therefore, a filter cache is not so different from one array of tag caches. But the elements of the filter cache are filters, not tag ID. Further, if the appropriate queue size is applied, a filter cache complements a tag cache nicely, and vice versa. 3.4 Pseudo Codes for ABV with Cache

In this section, we are going to introduce only the ABV based filtering pseudo codes which includes cache related codes. Because the ABV pseudo codes also imply the principle of Bit-Parallelism, you can refer these pseudo codes without aggregation concept to the pure Bit-Parallelism pseudo codes with cache functions [5]. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Get TagID ( D1 ,..., Dk ) ; HashVal ← HashFunction(TagID) ; if tagCache [ HashVal ].containsKe y (TagID ) then if tagCache [ HashVal ].getValue (TagID ) then postToUppe rApp (TagID ) ; return; else return; else if filterCacheFunc(TagID) then postToUppe rApp (TagID ) ; return; for i ← 1 to k do N i ← longestPrefixMatchNode(Triei , Di ) ; Aggregate ← 11 ... 1 ; for i ← 1 to k do Aggregate ← Aggregate  N i .aggregate ; for i ← 1 to sizeof ( Aggregate ) − 1 do

Design and Implementation of a High-Speed RFID Data Filtering Engine

431

18 if Aggregate [ i ] == 1 then 19 for j ← 0 to A − 1 do 20 if  kl =1 N l .bitVect [ i × A + j ] == 1 then 21 tagCache [ HashVal ]. put (TagID , true ) ; 22 filterCach e. put (i × A + j ) ; 23 postToUppe rApp (TagID ) ; 24 return; 25 tagCache [ HashVal ]. put (TagID , false ) ; 26 return;

4 Evaluation In this section, we perform the evaluation in two ways. The first method is to measure filtering speed to show better performances when Bit-Parallelism based algorithms are used. The other method is measuring CPU usage which can express indirectly how much the filtering operation burden RFID middleware. 4.1 Preparations

First, we introduce the Virtual Reader which generates RFID pseudo tags synthetically. Note that we need synthetically created pseudo tags and a filter database to test the scalability of our scheme because real-life RFID systems are quite small. We have prepared the following items for the evaluation: • Virtual Reader: It generates RFID pseudo tags synthetically. In addition, it can store pseudo tags in a file or transfer them to any other host via TCP/IP. We designed this to behave like an Alien RFID Reader [7]. • EdgeManager: Originally, we designed this in order to control various kinds of commercial readers with one particular manager application. For a simulation, we embedded our high-speed filtering algorithm into the EdgeManager. Therefore it is able to perform RFID data filtering, along with Virtual Readers [8].

Given this, we’d like to emphasize that the pseudo tag generation patterns were a very important factor in our evaluation. As a source of our evaluation, tag generation patterns affected the whole algorithm performance. The following are our tag generation patterns and we combined these patterns to imitate real-life tag IDs more closely. As well, we allowed duplicated tags to be generated by the options to satisfy the RFID characteristics we assumed in the previous chapter. • Random Pattern Generation: The uniform random generation • Common Prefix Pattern Generation: This pattern makes all the pseudo tags include one of the prearranged prefixes. (e.g., Virtual Reader opens the file which contains common prefixes, and then all the generated pseudo tags have to include one of the common prefixes.) The rest of the bits can be made by

432

H. Park and J. Kim

Random or Sequential Pattern Generation to complete the whole 96 bits tags length. • Sequential Pattern Generation: This option enables the pseudo tags to increase their tag IDs by one (i.e., the Serial Number field of the tag is increased by one). 4.2 Filtering Speed Measurement

The following are the evaluation system specifications we have tested: • CPU & Memory: AMD 1GHz and 1GByte main memory • OS: Windows XP for EdgeManager, Redhat Linux for Virtual Reader • Programming language: Java for EdgeManager [6], C for Virtual Reader [9]

In preparation, we created a file which contains 10,000 pseudo tag data generated by the Virtual Reader with options (i.e., a combination of three tag generation patterns) and they are randomly allowed duplication less than 16 times to satisfy the first major characteristic of our assumption. Afterwards, we measured filtering speed through the EdgeManager in each of the following four cases in Fig. 4: 4

7

6

5 Micro Seconds

Speed comparision of filtering 10,000 peudo tags from a file

x 10

Normal filtering Bit-Parallelism based filtering Normal filtering with cache Bit-Parallelism based filtering with cache

4

3

2

1

0 128

256

384

512 640 Number of read filters

768

896

1024

Fig. 4. Speed comparison of filtering 10,000 pseudo tags from a file by increasing 128 filters

As a measuring of filtering time to finish 10,000 pseudo tags from a file, either BitParallelism based or cache based filtering takes much shorter time than normal filtering. However, using both of them make the best performance. 4.3 CPU Usage Measurement

As another way of evaluating our scheme, we measured a CPU usage. We used a CPU usage graph in the Microsoft Windows Operating System (OS) which can show indirectly how much filtering operation burden RFID middleware. We believe this approach is quite reasonable because measuring CPU usage presents quite reliable

Design and Implementation of a High-Speed RFID Data Filtering Engine

433

evaluation data as an OS embedded utility. In addition, Windows OS is very popular so we can approach it very easily. We used our EdgeManager application again. The difference from the former filtering speed measurement is that the source data is not a file but two Virtual Readers. We let each Virtual Reader send 500 tags per second on average in the real time. As a result, Fig.5 shows the CPU usage of the normal filtering, the BitParallelism based filtering and Bit-Parallelism based filtering with cache from the left. We can verify that Bit-Parallelism based filtering with cache used the least CPU resources.

Fig. 5. Filtering comparison graphs in 500 (tags/sec) with 1024 filters

5 Conclusions Our paper has presented a high-speed RFID data filtering engine designed to carry out filtering under massive data with massive filter conditions for the first time. To do this, we extracted the similarity between the RFID data filtering and packet classification. Then, we designed our filtering engine based on the existing packet classification algorithms, Bit-Parallelism and ABV (Aggregated Bit Vector). Further, we also found that there are RFID data specific characteristics - strong temporal relation and redundancy in the RFID data filtering operations. To make use of these characteristics to improve the efficiency of the filtering engine, we incorporated two kinds of caches, tag and filter caches. We verified our scheme through the synthetically generated filter database and implemented them to the prototype applications – Virtual Reader and EdgeManager. Compared to the normal RFID data filtering, our engine shows much better performance, and it gets better as the number of filters increases. As an addition to our conclusion, we’d like to emphasize on the need for system customization. In this paper, there are several factors which need customization. They affect the performance of filtering algorithms and caches a great deal. For example, in the case of applying ABV to RFID data filtering, the filters must have sparsely set bits. Also, in the case of applying a cache to a particular RFID system, the applied RFID system must satisfy two major characteristic we assumed in the previous chapters. In addition, other factors like tag generation patterns and cache size also need to be customized to reach optimal performance.

References 1. “EPCglobal Reader Protocol 1.0, Last Call Working Draft Version of 17,” March 2005. 2. “EPCglobal Tag Data Standards Version1.3 Standard Specification”, September 2005. 3. Pankaj Gupta and Nick McKeown, “Algorithms for Packet Classification”, IEEE Network, Vol. 15, No. 2, pages 24-32, March-April 2001.

434

H. Park and J. Kim

4. T.V. Lakshman and D. Stiliadis, “High-Speed Policy-based Packet Forwarding Using Efficient Multi-dimensional Range Matching,” Proceedings of ACM SIGCOMM, pages 191-202, September 1998. 5. Florin Baboescu and George Varghese, “Scalable Packet Classification,” Proceedings of the 2001 conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 199-210, 2001, University of California, San Diego. 6. Sun Microsystems, “Java API Specification., JavaTM 2 Platform, Standard Edition, v 1.4.2 API Specification,” Sun Microsystems, Inc., 2005. 7. Alien Technology, “Reader Interface Guide ALR-9780 ALR-8780 ALR-9640 Doc. Control #8101938-000 Rev D,” Alien Technology Corporation, Nov 2004. 8. EPCglobal, “The Application Level Events (ALE) Specification, Version 1.0,” February 2005. 9. “The GNU C Library, Edition 0.10, Last Updated 2001-07-06, of The GNU C Library Reference Manual, for Version 2.3.x.,” Free Software Foundation, Inc.,

Authorized Tracking and Tracing for RFID Tags Ming-Yang Chen1, Ching-Nung Yang2, and Chi-Sung Laih1 1

Department of Electrical Engineering, National Cheng-Kung University, Taiwan [email protected], [email protected] 2 Department of Computer Science and Information Engineering National Dong Hwa University [email protected]

Abstract. Radio Frequency Identification (RFID) systems have become popular for identifying not only objects but also persons. For example, in supply chain applications, the company can constantly track the movements of goods. Also, for Body Area Network or Personal Area Work, the tag is used for identifying a person. However, the movements and current locations of goods and a person’s activity profiles are the sensitive information and should be kept secret. This paper develops the interaction protocols between readers and tags to address this privacy issue of protecting tagged objects from tracking and tracing by nonauthorized readers.

1 Introduction Radio Frequency Identification (RFID) technology was first introduced at World War II and used to distinguish where the enemy aircrafts are. Typically, RFID system has three basic components: tags, readers and the central IT system. There are already a large number of RFID applications but recently due to the falling prices, RFID technique plays a more important role for identifying and tracking objects. For example, tags can be implanted into the farmed pigs and pinpoint where they are; monitor the temperature of patients wearing ring-like tags; the retailers can automatically manage the tagged goods in the supply chain and etc. In brief, the unique identifier is used to make a “silent” tracing of a person or an object. The word “silent” means that the tracking and tracing is not noticed by the traced objects and can be carried out directly without their intervention. However, the unique identifier in tags makes the objects to be identified and traced and this will reveal the private profile. In this paper, we design an authorized tracking and tracing to achieve the anonymity (the unauthorized readers cannot trace the tagged objects) and meantime the legal central IT system can trace the movements of tagged objects. The remainder of this paper is organized as follows. In Section 2, we describe previous works and our motivation. In Section 3 we design the proposed schemes. Security analyses and comparison are given in Section 4, and we draw our conclusions in Section 5. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 435 – 444, 2006. © IFIP International Federation for Information Processing 2006

436

M.-Y. Chen, C.-N. Yang, and C.-S. Laih

2 Previous Works and Motivation 2.1 Previous Works In RFID system, the reader retrieves the information of tags and sends back to the backend central IT system. If an attacker intrudes the IT server he can obtain the tracking and tracing profiles of the tagged items and compromise the secrecy. In general, the IT server is rigorously protected but the intruder may use unauthorized readers to scan the tags and successfully trace the tagged items. Authentication protocol instinctively seems to be a good solution to assure the privacy but it cannot solve the tracking and tracing problem. The reason is that a tag will respond some values when an unauthorized reader requests. Even the value is not the tag’s identifier the intruder may trace the specific value and know its location. For example, hash-based and randomized hash-based access controls were proposed in [1-4]. Although the powered tags do not send its identifier or sensitive information, the tagged item is still traced due to the disclosure of a certain value. Hash-chain based protocols were proposed in [5-7] but the unauthorized intruder may trace the specific tag by tracing the hash value. Another hash-based scheme [8] used hash function to protect the identifier but is also useless because the intruder can trace the hash value. 2.2 Motivation Therefore, preventing the tags from being powered by an unauthorized reader is a complete solution for tracing problem. In [9, 10], the authors use electromagnetic waves to interfere and prevent the intended reading. Also, a flexible blocking instead of all-pass or block all was given in [10]. However, RFID is an international defacto standard for identifying objects. By using this hardware solution [9, 10], only certain readers can read the information from tags. If not all readers can scan and read tags, it is against the wide applications of RFID. In this paper we first study the tracking and tracing with different depths. Namely, the authorized reader can read out all information including the identifier and track the tag. The unauthorized reader only receives the public information for this tag, e.g., manufacturer, product type for some commercial services, and the authorized reader can read all information. This gives consideration to two both sides: one is the tracking and tracing with certain limits and the other is the basic services for getting public information of tags. Since many tagged items have the same public information, thus the unauthorized reader cannot track the specific tag. Fig. 1 shows a certain type of RFID tag used in our schemes. The memory of tag is categorized into three fields. Field A stores the public information “a”, the first 60 bits in the identifier EPC-96 tag (a read only memory). Field B, the last 36 bits in EPC-96 tag, stores the unique private information “b” such as the serial number. Field C is an extra memory block and stores some secret parameters.

Authorized Tracking and Tracing for RFID Tags

437

Fig. 1. Three fields in memory of RFID tag: Fields A, B and C, Field A: the public information “a”, Field B: the private information “b”, Field C: secret parameters

3 The Propose Schemes First we define the notations used in this paper: hm(⋅) is performing the hash function m times; “||” is the concatenation of two words; ⊕ is the exclusive OR operation; {} ⋅ K and {} ⋅ −K1 are the encryption and decryption for a symmetric cipher with the secret key K. Note that in our proposed schemes, the low-cost tag performs the easy computation such as hash function and exclusive OR operation. The symmetric encryption/decryption is only required at the reader side. 3.1 Scheme A

Detail steps of Scheme A are shown in Fig. 2. When issued from the dealer (the central IT system), the tags store the EPC code (a, b). Also Field C stores two secret values k0, k1 and a counter value j (the initial value is j=1). The dealer then distributes the secret value k0 to all authorized readers in a secret channel. When requesting, the reader sends a random number x. The powered tag computes Pj = b ⊕ h j (k1 ) ,

R j = h j (k0 , x) , V j +1 = h j +1 (k0 , x) (for verification later), and then sends back (a, j, Pj, Rj⊕k1) to the reader. The counter value increases by 2, i.e., j=j+2 (Note: since V j +1 = h j +1 (k0 , x) h j +1 (k0 , x) will be used in Step (7) for verification). The reader uses k0, j, x to determine k1, and obtains b = Pj ⊕ h j (k1 ) . Then, sends back the EPC code

(a, b) to the central IT system to check the effectiveness of this EPC code. Afterwards, the reader selects a new secret value k2 and responds (b⊕ h j +1 (k0 , x) , k0⊕k2), where the first term is used for verifying whether the reader is authorized or not and the second term is used for updating the previous k1. After the successful verification the k1 is updated by k2 and j is reset to 1; otherwise the value of k1 is unchanged. The unauthorized reader can only obtain the public information when it requests the tag. However, if the tag is continuously scanned by unauthorized readers the invalid verification results in the unchanged k1 but at this time the counter increases and the different value of j make Pj and Rj different. So, the intruder could not trace the value Pj and Rj for this tag. When the tag is powered by an authorized reader, the k1 is updated and j is reset to 1. Scheme A needs to share a secret value k0 between readers and tags. Since all tags share the same k0, thus the secrecy will be compromised by the tag-loss attack which will be discussed in Section 4. A modified scheme without pre-sharing a secret k0 between authorized readers and tags is given in the next sub section.

438

M.-Y. Chen, C.-N. Yang, and C.-S. Laih

(5-3) (a, b)

pre-share k0

(1) Request, (x)

Store k0 , k1 and j in Field C

Initially set j = 1 (2) Computes Pj = b ⊕ h j (k1 ), R j = h j (k0 , x)

(3) (a, j , Pj , R j ⊕ k1 )

(5-1) Uses k0 , j , x to determine k1

(4) j = j + 2

(5-2) Computes b = Pj ⊕ h j (k1 ) (6) Selects k2

and V j +1 = h j +1 ( k0 , x)

(7) (b ⊕ h j +1 (k0 , x), k2 ⊕ k0 )

(8-1) Verif b = (b ⊕ h j +1 (k0 , x)) ⊕ V j +1 (8-2) If vaild, k1 =k2 , reset j = 1;

Fig. 2. Scheme A: the reader and tag pre-share a secret value

3.2 Scheme B

Fig. 3 shows an enhanced scheme without pre-sharing the secret value between readers and tags by using the symmetric cipher at the reader side but it only uses simple hash function and exclusive OR operation at the tag side. The dealer first distributes the secret key K to all the authorized readers. When issuing the tag, the dealer prepares l pairs (ki , ci ) , where ci = {a ki }K , i=1, …, l, and these secret pairs are all different for different tags. Store them in the Field C and the maximum l is according to the memory size of Field C. When requesting, the reader sends a random number x. The powered tag computes Pi = b ⊕ h(a, ki , x) and then sends back (a, Pi, ci) to the reader. Then, increases i by one. The reader decrypts {ci }−K1 = (a || ki ) and

obtains b = h(a, ki , x) ⊕ Pi . Then, like Scheme A, sends back the EPC code (a, b) to the central IT system. Afterwards, the reader selects a new secret value ki′ , encrypts ci′ = {a || ki′}K , and responds (b ⊕ ki , (ki′ ci′) ⊕ h(ki )) . The first term is used for verification of an authorized reader, and the second term is for updating the new secret pair (ki′, ci′) . If pass the verification, then overwrite (ki , ci ) by (ki′, ci′) . When the tag is powered, it always uses the different pair (ki , ci ) for each request. The reason is that if the reader is authorized, the (ki , ci ) will be updated after the successful verification. However, for the unauthorized reader the value i is different for each unauthorized scanning, and thus the unauthorized reader cannot trace the value (a, Pi , ci ) for a tag. In both schemes A and B, if unauthorized readers only scan but do not make the response (Step (7) in Figs. 2 and 3), at this time the tag cannot verify. This situation does not compromise our authorized tracing ability due to Step (4) in Figs. 2 and 3, i.e., “j=j+2” and “i=i+1” (we update i and j immediately after finishing Step (3) no matter the reader responds Step (7) or not).

Authorized Tracking and Tracing for RFID Tags

439

Store ki , ci = {a || ki }K

(5-3) (a, b)

, i = 1, , l , in Field C

(1) Request, (x)

Initially set i = 1 (2) Computes Pi = b ⊕ h(a, ki , x)

(3) (a, Pi , ci )

(4) i = i + 1

(5-1) Uses d to decrypt {ci }K−1 = (a || ki ) (5-2) Computes b = h(a, ki , x) ⊕ Pi (6) Selects ki′ and computes ci′ = {a || ki′}K

(7) (b ⊕ ki , (ki′ ci′) ⊕ h(ki ))

(8-1) Verify b = (b ⊕ ki ) ⊕ ki (8-2) If vaild, overwrite (ki , ci ) by (ki′, ci′)

Fig. 3. Scheme B: readers and tags do not pre-share a secret value by using symmetric encryption/decryption at the reader side

Although we do not need the pre-shared secret value in Scheme B, however the unauthorized tracing resistance ability is only “l” times. After using up all the prestored secret pairs this scheme will repeat to use the same ( ki , ci ) and may be traced according to the reused ci. In fact, some manufactures, e.g., AWID [11] and STMicroelectonics [12], provide tags with the large extra memory. For example, the Prox-Linc MT and SRIX4K have 2K and 4K user-definable bits, respectively. So, suppose the public information a is 32 bits and secret value ki is 32bits. The ciphertext ci={a|| ki}K is 64bits (e.g., by DES encryption). Each pair (ki, ci) needs 96 bits to store. When using 2K and 4K memory for Field C, we have 21 and 42 secret pairs. Typically, 42 secret pairs may have the sufficient resistance for the unauthorized scanning. The detail analysis for the resistance ability of unauthorized requests is given below. Suppose that the authorized requesting probability in the RFID-based environment is pa and the unauthorized requesting probability is pu=(1−pa) and the repeated requests are independent. Therefore a possible requesting sequence within n n

  independent requests is pi ⋅ ⋅ pi , where pi may be pu or pa. Then the probability distribution of Scheme B, the number of unauthorized request §n· x in n independent requests, is DB(x; n, pu)= ¨ ¸ pux pan − x . Thus, when storing l secret © x¹ pairs in tag the resistance ability of unauthorized tracking and tracing is defined as § l §n· · R = ¨ ¦ ¨ ¸ pui pan −i ¸ (Note: the summation of the probabilities for all possible i © i =0 © ¹ ¹ requesting sequence that do not exhaust the secret pairs within n independent requests).

440

M.-Y. Chen, C.-N. Yang, and C.-S. Laih

Example 1: For n=5, l=2 and pa=pu=1/2, the resistance ability R for Scheme B is calculated below. 2 §5· §5· § 5· § 5· R = ¦ ¨ ¸ pui pan − i = ¨ ¸ pa5 + ¨ ¸ pu1 pa4 + ¨ ¸ pu2 pa3 i =0 © i ¹ ©0¹ ©1¹ © 2¹ 5 1 4 2 3 = pa + 5 pu pa + 10 pu pa .

There are 16 sequences in all possible 32 requesting sequences for n=5. When pa=pu=1/2, R=16/32=50%. The average number of secret pairs sent by the reader for making up the balance of secret pairs in the tag for these 16 sequences is: 2

§5·

i=0

© ¹

¦ ¨ i ¸ × (5 − i)

16 = (1× 5 + 5 × 4 + 10 × 3) 16 =3.43.

(Note: the reader does not send anything for the unauthorized request).

…

Considering l=42 (4K bits extra memory) and pa=pu=1/2, the value n=77 can achieve 80% resistance ability. The next scheme enhances Scheme B to achieve the stronger resistance ability for storing same secret pairs in tags. 3.2 Scheme C

Similar to Scheme B, except that the reader should make up a deficiency of l secret pairs when scanned by an authorized reader. Fig. 4 shows Scheme C. In Step (6), the authorized reader prepares i secret pairs, (k1, c1), (k2, c2), …, (ki, ci), where the value i is obtained from Step (3). These i secret pairs are encrypted by XOR-ing h(k0), …, hi (ki ) , respectively, and sent to the tag. The analysis for the resistance ability of unauthorized requests is given below. Scheme C will be out of action only for the l continuous unauthorized requests. For Store ki , ci = {a || ki }K

(5-3) (a, b)

, i = 1, , l , in Field C

(1) Request, (x)

Initially set i = 1 (2) Computes Pi = b ⊕ h( a, ki , x )

(3) (a, i, Pi , ci )

(4) i = i + 1

(5-1) Uses d to decrypt {ci }−K1 = (a || ki ) (5-2) Computes b = h(a, ki , x) ⊕ Pi (6) Selects km′ and computes cm′ = {a || km′ }K m = 1, 2, , i

(7) ( ( b ⊕ ki ),

(km′ cm′ ) ⊕ h m (ki ), m = 1, , i) )

(8-1) Verify b = (b ⊕ ki ) ⊕ ki (8-2) If vaild, overwrite (km , cm ) by (km′ , cm′ )

Fig. 4. Scheme C: enhance the resistance ability of the unauthorized requesting by making up a deficiency of l secret pairs in the tag

Authorized Tracking and Tracing for RFID Tags

441

discussing the case, consider the following specified order ending at the x continuous n - x previous requests x

    unauthorized requests in n independent requests, pi ⋅ ⋅ pi ⋅ pa ⋅ pu ⋅ ⋅ pu , where the probability pi may be pa or pu and the lengths of continuous unauthorized requests in the previous requesting sequence are no larger than l. The probability of above requesting sequence denoted as P(x; n, pu) is the probability that the tag is scanned continuously by unauthorized readers x times at the last x requests, and the previous (n−x) requests have no larger than l continuous requests. The value P(x; n, pu) is shown in the following theorem. Theorem: P(x; n, pu)=

N § · n + 2 n ++ lnl ) + x ( n0 + n1+ nl ) × pu( 1 2 , where ¨ ¸ ¯ pa ( n0 , n1 ,, nl )∈S x © n0 , n1 , , nl ¹

¦

§ l · (n0, n1, …, nl)∈Sx are all possible numbers satisfying n − x = ¨ ¦ (i + 1) × ni ¸ , and © i=0 ¹ N=(n1+ n2+…+ nl). Proof: To derive the theorem, we proceed with a multinomial-like distribution. We define a single authorized request as event E0 with probability p0=pa, one unauthorized request followed by an authorized request as event E1 with probability p1= (pu¯pa), …, l unauthorized requests followed by an authorized request as event El with probability pl= ( pul × pa ) . Let the outcomes for Ei be ni, i∈[0, l],

§ l · and n − x = ¨ ¦ (i + 1) × ni ¸ . Then the probability of the (n−x) previous requesting © i=0 ¹ sequence is calculated as follows. Let Sx be a set include all possible non negative integers (n0, n1, …, nl) § l · satisfying n − x = ¨ ¦ (i + 1) × ni ¸ . If the outcomes n0+ n1+…+ nl=N, then the number © i=0 ¹ N § · of partitions of N items into (l+1) groups is ¨ ¸ and the probability of the n n n , ,  , l ¹ © 0 1 n - x previous requests ­  ½° °  (n−x) previous requesting sequence Prob ® pi ⋅ ⋅ pi ⋅ pa ¾ is: °¯ ¿° n - x previous requests ­  ½° N § · °  nl n0 n1 Prob ® pi ⋅ ⋅ pi ⋅ pa ¾ = ¨ ¸ ¯ p0 ¯ p1 ¯ …¯ pl ¦ , ,  , n n n l ¹ °¯ °¿ ( n0 , n1 ,, nl )∈S x © 0 1 N § · n + 2 n + + lnl ) ( n0 + n1+ nl ) = × pu( 1 2 . ¨ ¸ ¯ pa ¦ , ,  , n n n ( n0 , n1 ,, nl )∈S x © 0 1 l ¹ n - x previous requests ­  ½° N § · °  So, P(x; n, pu) is P(x; n, pu)= Prob ® pi ⋅ ⋅ pi ⋅ pa ¾ ¯ pux = ¨ ¸ ¦ ( n0 , n1 ,, nl )∈S x © n0 , n1 , , nl ¹ ¯° ¿°

¯ pa( 0

n + n1  + nl )

× pu( 1

n + 2 n2 ++ lnl ) + x

.

442

M.-Y. Chen, C.-N. Yang, and C.-S. Laih

The proof is completed.

…

For Scheme C, when storing l secret pairs in tags the resistance ability of unauthorized tracking and tracing is the summation of the probabilities for all possible requesting sequence that the length of continuous unauthorized requests is no more § l · than l, i.e., R = ¨ ¦ P ( x; n, pu ) ¸ . © x=0 ¹ Example 2: For n=5, l=2 and pa=pu=1/2, the resistance ability R of Scheme C is calculated as follows. The probabilities are, respectively, P(2; 5, pu)= pa3 pu2 + p1a pu4 + 2 pa2 pu3 , P(1; 5,

pu)= pa4 pu1 + 3 pa2 pu3 +3 pa3 pu2 and P(0; 5, pu)= pa5 +4 pa4 pu1 +6 pa3 pu2 +2 pa2 pu3 (Detail calculations of all probabilities P(x; n, pu), x=0, 1, 2, please see full version). Thus, the resistance ability R= pa5 +5 pa4 pu1 +10 pa3 pu2 +7 pa2 pu3 + p1a pu4 . When pa=pu=1/2, R=24/32=75%. Consider the number of secret pairs sent by the reader for making up the balance in these 24 sequences. The average number of secret pairs for this § l · § l · example is ¨ ¦ S x × (5 − x) ¸ ¨ ¦ S x ¸ = (13 × 5 + 7 × 4 + 4 × 3) 24 =4.37. (Note: the © x =0 ¹ © x=0 ¹ dealer will send 5(=1+2+2) secret pairs for the requesting sequence ( pa ⋅ pu ⋅ pa ⋅ pu ⋅ pa ) , and 3(=1+2) secret pairs for the requesting sequence

( pa ⋅ pu ⋅ pa ⋅ pu ⋅ pu ) . )

…

From Examples 1 and 2, Scheme C has the strong resistance ability against the unauthorized request (the resistance ability is enhanced from 50% to 75%) and the average number 4.37 is slightly larger than 3.43 in Scheme B.

4 Security Analyses and Comparison Some attacks: reply attack, man in the middle attack and tag-loss attack are applied to examine the security of our proposed schemes. Reply attack: The random number x sent by the readers in our proposed schemes is used for preventing the replay attack. The responses Rj (Step (3) in Scheme A) and Ri (Step (3) in Scheme B and Scheme C) are calculated using the nonce x and thus the values will be different each time. Considering Step (7), Scheme A uses b⊕ h j +1 (k0 , x) , and Schemes B and C use b⊕ki to encrypt the private information b. The nonce x in Scheme A and the ki in Schemes B and C are used only once. Therefore, the proposed scheme can resist the replay attack except that the nonce x is reused. However, the reused number attack can be avoided by choosing the sufficient length of x. Man in the middle attack: Modification may be done in Step (3) and Step (7). First, considering that the intruder modifies the content in Step (3), our proposed schemes check the correctness of the EPC code (a, b) by querying the central IT system. If the response of the central IT system is invalid, then the readers stop proceeding. Second,

Authorized Tracking and Tracing for RFID Tags

443

consider the modification in Step (7). For Scheme A, an intruder may arbitrarily modify the second term in (b ⊕ h(k0 , j + 1), k2 ⊕ k0 ) and meantime pass the verification. Then, the tag XOR-ing the second term to obtain k1′ and overwrites k1. This situation will not compromise the secrecy because the tag computes Pj = b ⊕ h j (k1′) and the intruder does not know k1′ even he had modified the (k2 ⊕ k0 ) . It is evident that in Step (7) of Schemes B and C, the intruder cannot pass the verification since the private information b is encrypted by b ⊕ ki , where ki is used only once. Tag-loss attack: Tags are in general not tamper resistant and therefore all information stored in tags can be retrieved. The attacker could buy a tag manufactured by a specific company. In Scheme A, the attacker has the secret values k0, k1 and thus he can trace all tags with the same k0 according the known R j = h j (k0 , x) in this 4-tuple

(a, j , Pj , R j ⊕ k1 ) (Step (3) in Fig. 2). For Schemes B and C, there are no same secrets shared by different tags like k0 in Scheme A. Even if the attacker retrieves the l secret pairs (ki, ci) in a specific tag he cannot track and trace other tags. In this paper, we design three schemes to avoid the unauthorized tracking and tracing for RFID tags. Each scheme has its advantage. Table 1 summarizes the detail comparison among these three schemes. Table 1. Comparison of the proposed schemes comparison items Scheme A Scheme B Scheme C pre-shared secret values YES NO NO connect to central IT system YES YES YES resistance reply attack YES YES YES for attack man in the middle attack YES YES YES tag-loss attack YES NO YES #1 #3 E/D NO (i+1) 2 #3 Hash 3 (i+1) 2 reader #3 computation XOR 4 (i+2) 3 #2 #3 complexity Hash 3 (i+1) tag 1 #3 XOR 2 (i+2) 2 #4 memory size of tag low high medium#4 #1: symmetric encryption/decryption #2: the computation complexity is evaluated for a successful request and verification #3: the value i is the previous i continuous unauthorized requests #4: for the same resistance ability the secret pairs in Scheme C is less than Scheme B

5 Conclusions In this paper, we divide the EPC code into the public and private information where the public information is privacy-free and used for some commercial services while the private information is a unique serial number of a specific tag. For providing the authorized tracking and tracing, the public information can be scanned by any readers

444

M.-Y. Chen, C.-N. Yang, and C.-S. Laih

but the private information is only retrieved by authorized readers. Scheme A can resist the unauthorized requests and only store a few secrets in memory; however it needs pre-sharing a secret value between authorized readers and tags and also is compromised by tag-loss attack. Schemes B and C do not need sharing a secret value but the resistance ability depends on the number of secret pairs store in tags, and they also require encryption/decryption at the reader side. Moreover, only simple operations: hash functions and exclusive OR operations are used at the tag side for our proposed schemes.

References [1] S. A. Weis, “Security and Privacy in Radio-Frequency Identification Devices,” Master’s thesis, Massachusetts Institute of Technology, Cambridge, MA 02139, May 2003. [2] S. E. Sarma, S. A. Weis, and D. W. Engels, “RFID Systems and Security and Privacy Implications,” In Workshop on Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, volume 2523, pages 454–470, 2002. [3] S. E. Sarma, S. A. Weis, and D. W. Engels, “Radio Frequency Identification: Risks and Challenges,” CryptoBytes (RSA Laboratories), 6(1), Winter/Spring 2003. [4] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” In Security in Pervasive Computing, Lecture Notes in Computer Science, volume 2802 , pages 201–212, 2004. [5] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Cryptographic approach to a privacy friendly tag,” In RFID Privacy Workshop, MIT, 2003. [6] M. Ohkubo, K. Suzuki, and S. Kinoshita, “Efficient Hash-Chain Based RFID Privacy Protection Scheme,” In Ubiquitous Computing (UBICOMP), September 2004. [7] S. Kinoshita, Ohkubo, M., Hoshino, F., Morohashi, G., Shionoiri, O. and Kanai. A, “Privacy Enhanced Active RFID Tag,” In 1st International Workshop on exploiting context histories in smart environments, 2005. [8] D. Henrici and P. Muller, “Hash-based Enhancement of Location Privacy for RadioFrequency Identification Devices using Varying Identifiers,” In Pervasive Computing and Communications (PerCom), IEEE Computer Society, pages 149–153, 2004. [9] A. Juels, R. L. Rivest, and M. Szydlo, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy,” In Computer and Communications Security, pages 103– 111, ACM Press, 2003. [10] A. Juels and J. Brainard, “Soft Blocking Flexible Blocker Tags on the Cheap,” In Workshop on Privacy in the Electronic Society (WPES), 2004. [11] AWID, available at http://www.awid.com. [12] STMicroelectonics, available at http://www.st.com/rfid.

An Energy-Efficient MAC Protocol for Delay-Sensitive Wireless Sensor Networks Changsu Suh, Deepesh Man Shrestha, and Young-Bae Ko R & D Departments, Hanback Electronics Company, Republic of Korea College of Information & Communication, Ajou University, Republic of Korea [email protected], {deepesh, youngko}@ajou.ac.kr

Abstract. In this paper, we propose a new medium access control protocol for wireless sensor networks, named LE-MAC (Latency and Energy aware MAC) that aims to minimize data delivery latency as well as energy consumption. To achieve both goals, we exploit a physical carrier sensing feature in CSMA/CA and combine it with a cross-layer technique. When nodes that are in routing path between source and sink become aware of the traffic based on the carrier signal, they wakeup once more during the sleep period for transmitting data over multiple hops. We evaluated the proposed scheme compared with S-MAC on the ns-2 simulator. The results show that our scheme outperforms S-MAC protocols in balancing the need of low latency and energy consumption.

1

Introduction

The advances in microelectronic mechanical systems have given the way to build miniaturized, low cost sensing and communicating device that can be deployed on the space for collecting perceived physical information. Collection of such intelligent sensors coordinating with each other to transmit sensed data over multiple hops towards the information gathering device called a base station or a sink node forms a wireless sensor networks (WSN). WSNs are becoming increasingly popular for the applications, where a large number of sensors with processing and communication capabilities are deployed. The sensor devices are normally small in size and powered by battery of limited capacity that are difficult to replace or recharge when exhausted [1]. Due to this reason, network lifetime elongation through better energy management has been a primary research issue in WSN. Recently, several energy-efficient MAC protocols have been proposed that periodically turns off the nodes radio for reducing energy consumption caused by unnecessary communication activities. This approach on the other hand has raised another problem of slow data delivery compared to ‘always-on’ protocols. A long delay is highly undesirable 

This research was in part supported by the IT Foreign Specialist Inviting Program and the ITRC (IT Research Center) support program, supervised by IITA(Institute of Information Technology Assessment), the Ministry of Information and Communication (MIC).

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 445–454, 2006. c IFIP International Federation for Information Processing 2006 

446

C. Suh, D.M. Shrestha, and Y.-B. Ko

for time-sensitive applications such as critical situation monitoring and security surveillance. In this paper, we propose a medium access control scheme that minimizes both latency and energy consumption in WSNs. Latency is a common problem in energy-efficient sensor MAC protocols [2][6]. Specially, the contention-based MAC protocols that rely on the carrier sense multiple access/collision avoidance (CSMA/CA) mechanism minimize power consumption by allowing sensor nodes to remain in the ‘sleep mode’ for a long period of time. Nodes periodically wake up for the short duration called ‘listen period’. Those wishing to transmit data contend in the listen period for reserving the medium. If successful, the sender and receiver perform data transfer, while the other nodes switch to sleep state and save energy. If failed, both switch to sleep state and wait for the following listen period. This waiting period throughout the listen/sleep cycle (or a time frame) is termed as sleep delay.

Fig. 1. Data delay of Basic S-MAC [2] in multi-hop environments

To illustrate this problem, we conducted experiment on basic S-MAC [2] with 5 Mica Motes sensor devices[11] arranged in the linear topology as shown in Fig.1. In this experiment, duty-cycle (defined as the fraction of the listen period over a time frame) is set to 10%. We observed that, when the data traffic load is low, a sink node waits for 4s in average for receiving the data from the source i.e. four hops away. This is clearly very long to serve any delay sensitive applications. Increasing the data traffic load almost doubled the latency, which is reflected in Fig.1. These observations motivated us to study the mechanism for reducing latency in the listen-sleep based MAC protocols. In this paper, we propose a scheme named latency and energy aware MAC (LE-MAC) protocol that minimizes sleep delay in multi-hop topologies. We exploit the physical carrier sensing ability of nodes and dynamically adjust their duty-cycle to reduce latency. We also propose a cross-layer technique that conserves energy. We implemented LE-MAC on the ns-2 simulator. The results show that our protocol consistently reduces the latency and the energy consumption, which makes it suitable for delay sensitive WSN applications.

An Energy-Efficient MAC Protocol for Delay-Sensitive WSN Listen

Source

Sleep

Listen

Listen

447 Listen

Sleep

A RTS

RTS

DATA

DATA

Sleep Delay

B CTS

ACK

RTS

CTS

ACK RTS DATA Sleep Delay

C CTS

CTS

Sink

ACK

RTS

D SYNC

SYNC

(a) Basic S-MAC [1]

SYNC

SYNC CTS

(b) Adaptive S-MAC [2]

Fig. 2. Example Scenarios for (a) basic S-MAC and (b) adaptive S-MAC

2

Related Works

In this section, we present a brief survey of energy and latency efficient MAC protocols closest to ours. S-MAC [2,3] is one of the most often cited MAC protocol designed for WSN. The basic operation of S-MAC is shown in Fig.2(a). As shown in this figure, the time frame is divided into the listen and sleep periods. The listen period is further subdivided for transmitting SYNC and RTS/CTS control packets1 . First, SYNC packets are transmitted by CSMA/CA mechanism for achieving synchronization among neighboring nodes. Senders and their corresponding receiver subsequently exchange RTS/CTS packets and continuously remain active to transmit DATA/ACK frames, whereas other neighbors immediately switch to sleep mode for saving energy. For example, in Fig.2(a), after SYNC packets are transmitted, source node A and the intermediate receiver node B exchange RTS/CTS packets, followed by data transmission while nexthop node C switches to sleep state. Since node C is not active, node B is forced to queue the data packets until the next listen/sleep cycle begins, resulting in a sleep delay to incur at node B. In order to solve this problem, the adaptive listening in S-MAC [3] allows nodes overhearing RTS/CTS packets to set up their network allocation vector (NAV) timer and to wake up early even during the sleep period. Hence, in Fig.2(b) node C sets its wake-up timer to receive data from node B in the same cycle, based on the overheard CTS packet. However, node D cannot receive RTS/CTS, thus remains in the sleep mode, which causes sleep delay. This scheme reduces latency in alternate hops, but cannot address multi-hop latency problem. In T-MAC [4], nodes adaptively change duty-cycle and data flows in burst during the variable length active time. After completing transmission, nodes wait for small time period called timeout(TA) and turn to sleep mode if they do not sense any ongoing transmission. [4] proposes future request-to-send (FRTS) scheme for leveraging fast transmission, in which nodes overhearing CTS transmit FRTS packet one more hop further. This scheme reduces sleep delay across 3 hops, however the collision free transmission of FRTS packet is not guaranteed. DSMAC [5] attempts to minimize latency by doubling the duty cycle based on the amount of queued data and the average one-hop 1

The listen period defined in S-MAC source code of TinyOS [13] is as follows: Listen period (115ms) = SYNC time period (41ms) + RTS/CTS time period (74ms).

448

C. Suh, D.M. Shrestha, and Y.-B. Ko

latency. SYNC packets are transmitted by the nodes to inform their neighbors about renewed schedule. SYNC packets can be transmitted only up to one hop, thus this scheme also cannot address the multi-hop latency problem. Other predefined scheduling schemes [6],[7] establish a wake-up period based on the available routing path or the tree structure. These schemes have a problem of missing wake up schedules due to contention among multiple routing paths or sudden errors (e.g. collision). In our scheme, nodes perform wake up based on the traffic information, which adds more robustness against the environment with probable collisions. The problem of reducing latency and limiting energy consumption in WSN is an important area of research. In this context, we present a novel approach of using carrier sensing (CS) signals for reducing sleep delay in multiple hops. The intuition comes from the ability of nodes to hear signals within the CS range, even if they are not interpretable. This range is normally twice the actual receiving range [8],[9]. In the researches related to ad hoc networks, CS mechanisms have been mostly studied for maximizing the data throughput. However, its utilization for reducing latency on the design of MAC protocol for WSN has not been suggested by any previous research.

3

LE-MAC Protocol Overview

As mentioned earlier, the latency in the listen/sleep period based MAC protocols is caused by a sleep delay, due to which continuous packet(s) forwarding is possible across only few hops in one time frame. In our scheme, nodes that are in-route towards the sink and within the CS range of the sender and receiver prepare to wake up in the sleep period and transmit data. This switching of node from sleep state to the active state during the sleep period is named as “traffic aware early wake-up (T-wakeup)”. Depending upon the extent of the CS range, our scheme can transmit data across K-hops in a single listen/sleep period. In what follows, we describe how we schedule T-wakeup for faster data transmission and then explain our cross-layer approach for selective T-wakeup for reducing unnecessary energy consumption. 3.1

Traffic Aware Early Wakeup (T-Wakeup)

In our scheme, nodes first attempt to transmit SYNC packets for synchronization in the listen period like the S-MAC protocol. A node having data packets to send then initiates a RTS packet transmission, expecting to get CTS from the corresponding receiver. Like the adaptive listening mechanism [3], any neighboring nodes overhearing CTS may prepare to wake up during the sleep period, such that the data packets can be received in the same cycle. Thus, in this case, data packets are continuously transmitted only up to two hops. However, note that, during the listen period when the RTS/CTS packets are being exchanged, nodes that are multiple-hops away from the sender/receiver can hear the CS signals and become aware of the ongoing transmission. Such nodes prepare to perform T-wakeup during the sleep period.

An Energy-Efficient MAC Protocol for Delay-Sensitive WSN

449

Fig. 3. Traffic aware wake up for multi-hop transmission in one listen/sleep cycle

In Fig.3, the data packet from source node A is sent to destination node E, through B, C and D. Initially, node A and B exchange RTS/CTS packets in the listen period. Node C overhears CTS from node B and sets its timer to wake up according to the NAV in CTS. Nodes C, D and E at the same time also listen to the CS signal as they exist within the interfering range of nodes A and B. Thus they schedule T-wakeup period for continuously transmitting data beyond two hops as illustrated in Fig.3(a). Fig.3(b) shows continuous transmission of the packet from node A to node C by adaptive listening and then from C to E using our scheme in a one time frame. The number of hops between source and destination node is 5 so basic S-MAC [2] waits for 4 cycles to deliver the data packet, which is reduced to 1 in our proposed scheme. Since a packet is transmitted up to 2 hops by adaptive listening mechanism, t-wakeup period (Ttw ) is scheduled after 2(tbackof f +ttx ) time period. tbackof f denote the average delay due to contention and ttx represents the single-hop transmission time for a fixed length packet. If the nodes sense no activity during Ttw , they switch to sleep state. The length of Ttw is long enough to exchange RTS/CTS packet and expressed as tbackof f +trts +tsif s +tcts +tguard where, tsif s is the short inter-frame space time, trts and tcts are the transmission time for RTS and CTS packets respectively and tguard is the guard time for preventing small synchronization errors. As done in [3], we perform the latency analysis of the basic and adaptive S-MAC and compare with our scheme. For simplicity, we assume that there are no queuing (except in the first hop) and processing delays. Thus, a time frame

450

C. Suh, D.M. Shrestha, and Y.-B. Ko

(Tcycle ) of basic S-MAC is equal to tbackof f + ttx + ts1 . The tbackof f is average delay due to contention, ttx transmitting time of fixed sized data packet across 1-hop and ts1 is the remaining sleep period after data transmission. A possibility that a sensor radio is off during the event causes a new generated data packet to be queued in the source node for some time. We denote this delay as tq1 . In [3], N-hop delay of basic S-MAC is expressed as: D(N ) = tq1 +

N 

Tcycle + (tbackof f + ttx )

i=2

= tq1 + (N − 1)Tcycle + tbackof f + ttx

(1)

Since, tbackof f + ttx = Tcycle - ts1 , eq.(1) can be expressed as: D(N ) = tq1 + (N )Tcycle − ts1

(2)

The Tcycle in adaptive S-MAC is equal to 2(tbackof f + ttx ) + ts2 because a packet can traverse up to 2 hops in one time frame. ts2 is the remaining sleep period after the the 2 hops transmission of a data packet. Thus, N-hop delay in adaptive S-MAC is expressed as: D(N ) = tq1 + (N/2 − 1)Tcycle + 2(tbackof f + ttx )

(3)

Replacing 2(tbackof f + ttx ) by Tcycle − ts2 we get: D(N ) = tq1 + (N/2)Tcycle − ts2

(4)

Our scheme transmits data continuously till Kth hop in one listen/sleep cycle depending upon the extent covered by the carrier signals. So, we express Tcycle in our scheme as the delay over K-hop as follows: Tcycle = Ktbackof f + Kttx + trest

delay

(5)

trest delay is the left-over time after data transmissions, which is small compared to ts1 or ts2 . Using equation(5), we express N-hop delay of LE-MAC as follows: D(N ) = tq1 + (N/K − 1)Tcycle + Ktbackof f + Kttx = tq1 + (N/K)Tcycle − trest delay

(6)

Comparing equation (2), (4) and (6), we observe that the delay in LE-MAC is reduced Kth times. 3.2

Selective T-Wakeup Using a Cross-Layer Technique

Since wireless sensor nodes are normally equipped with an omni-directional antenna, the CS signal spreads in all direction and any node receiving the CS signal performs T-wakeup. If the node within the range is not in the path towards the sink, extra energy will be consumed that increase proportionally with the node density. In our scheme, routing information plays an important role

An Energy-Efficient MAC Protocol for Delay-Sensitive WSN

451

in deciding whether to perform T-wakeup or not. The MAC layer acquires information from the routing agent to know if it is in the routing path towards the sink. For example, Directed Diffusion [10] sets up a unit routing path by reinforcement and each node can learn whether it belongs to the path or not by observing the routing table. Clearly, if the node is included in the path, it performs T-wakeup while other nodes continuously sleep until the next scheduled listen/sleep period.

Fig. 4. Cross layer operations of MAC and Routing

Fig.4 illustrates that only those nodes on the path towards the sink, (node C and D) perform T-wakeup and others remain in the sleep mode and save energy. Note that, in adaptive S-MAC, all neighboring nodes that receive CTS packet wakes up, regardless of whether or not they are in the route causing extra energy consumption. In our scheme, since only those nodes belonging to the routing path wakes up, lesser energy is consumed than the adaptive S-MAC. If multiple routing paths for different flows are established, our scheme consumes more energy because those nodes that have route information of other traffic also perform T-wakeup upon receiving carrier signals. These cases are possible because carrier signals outside the transmission range cannot be decoded. However, the duration for T-wakeup (Ttw ) is very short compared to the total listen/sleep interval, thus trade-off over energy is very small compared with the performance increase in latency and throughput.

4

Performance Evaluation

We implemented our scheme on the ns-2 network simulator [12]. In our simulation model, we use a grid topology that has a fixed 40m distance between two nodes. The transmission range and the CS range are set to 55m and 110m

452

C. Suh, D.M. Shrestha, and Y.-B. Ko

respectively. We use the same power consumption model in the adaptive SMAC[3] and set the switching time for the on-off interface to 2ms, as referred in [14]. The routing protocol uses greedy approach, where sink node first sends the interest packets to the target nodes by greedy flooding [15]. The target nodes then periodically transmit data back to the sink node. The size of the data packet is set to 100 bytes and the duty cycle is 10%. Total simulation time is 400s. We compare our scheme with the modified basic S-MAC with timeout mechanism2 like T-MAC. This reduces an idle listening problem when communication nodes continuously maintain their active states after finishing data transmission. 100

20

Basic S-MAC with TA

90

Total Energy Consumption (mW)

18

End-to-End Latency (Second)

Adaptive S-MAC 16

LE-MAC

14 12 10 8 6 4 2

80 70

Basic S-MAC with TA Adaptive S-MAC LE-MAC

60 50 40 30 20 10

0

0 6x6

7x7

8x8

Network Size

(a)

9x9

10x10

6x6

7x7

8x8

9x9

10x10

Network Size

(b)

Fig. 5. The variation of network size (a) Latency and (b) Total Energy Consumption

In the grid of 9x9sqm, we allocate one source and a sink node on the two opposite corners. For the first simulation, we increased the network size and fixed the packet generation interval as 12s (low traffic load) to analyze the performance when the delivery ratio is same for all protocols. Note that the number of packets arrived at the sink within the simulation time is different for the three protocols when the traffic load is high. Increasing the network size increases the number of hops for the packet to traverse. In Fig.5(a) our scheme shows the lowest latency for all the variations of the network size. The reason is the minimization of the amount of sleep delay in our scheme. Energy consumption of the basic S-MAC as shown in Fig.5(b) is less since there are no extra wakeup period at all. Energy consumed by our scheme is comparative to the basic-SMAC as it activates only those nodes participating in the communication based on the selective T-wakeup. Adaptive S-MAC however causes all CTS receiving nodes to wake up consuming extra energy. Another important factor that affects the latency and energy consumption is the duty-cycle. Duty cycle is defined as the ratio of the listen period (115ms) and the time frame (one cycle) [3]. With a high duty-cycle, the listen/sleep interval is frequent, so the energy consumption increases whereas sleep delay decreases due to short sleep period. In this experiment we increase the duty cycle from 10% 2

The length of interval TA is defined as Tcs + Trts + Tsif s in [4].

An Energy-Efficient MAC Protocol for Delay-Sensitive WSN

End-to-End Latency (Second)

20

453

140

18

Basic S-MAC with TA

16

Adaptive S-MAC

14

LE-MAC

Basic S-MAC with TA Adaptive S-MAC LE-MAC

120

100

12 80

10 60

8 6

40

4 20

2 0

0

10

15

20

25

10

15

Duty cycle

20

25

Duty cycle

(a)

(b)

Fig. 6. The variation of duty cycle: (a) Latency and (b) Total Energy Consumption 90

80

End-to-End Latency (Second)

60

Total Energy Consumption (mW)

Basic S-MAC with TA Adaptive S-MAC LE-MAC

70

50 40 30 20 10

85 80

Basic S-MAC with TA Adaptive S-MAC LE-MAC

75 70 65 60 55

0

50 1

2

3

Number of Traffic Sessions

(a)

4

1

2

3

4

Number of Traffic Sessions

(b)

Fig. 7. The variation of source-sink pairs: (a) Latency, (b) Total Energy Consumption

to 25% in low data traffic. From Fig.6(a), we see that the latency of our scheme in 10% duty-cycle is 50% and 75% lesser than that of the adaptive S-MAC and basic S-MAC. Moreover, the total energy consumption is close to basic S-MAC (Refer to Fig.6(b)). From this result, we verify that LE-MAC is affected less by the duty cycle than others. Cross-layer technique favors the assumption of single source and a sink because no matter how many nodes in the region are influenced by carrier signal only one routing path is available. To compare the performance with multiple routes, we injected 4 traffic sessions using 4 source nodes and one sink node. Each source transmits 15 packets with 12s message inter-arrival time. Fig.7(a) shows that our protocol consistently performs better in terms of latency. In the other hand, energy consumption increases with more traffic sessions because many nodes perform T-wakeup upon sensing a carrier and consume more energy. However, the trade-off over energy is very small as shown in Fig.7(b) (Note that the scale is from 55mW to 90mW) and is likely the marginal overhead compared with the performance increase in latency and throughput.

454

5

C. Suh, D.M. Shrestha, and Y.-B. Ko

Conclusion

In this paper, we propose a novel scheme LE-MAC that considers end-to-end latency as well as energy consumption. By using physical CS and the cross layer technique, LE-MAC performs T-wakeup to continuously transmit data in one listen/sleep cycle. We prove such an improvement in terms of the end-to-end latency and energy consumption through the numeric analysis and simulation study. Our proposed scheme can be useful in various delay-sensitive sensor network applications. A performance comparison with some more recent works, such as WiseMAC or B-MAC, will be one of our future works.

References 1. I. Demirkol, C. Ersoy, and F. Alagoz, “MAC Protocols for Wireless Sensor Networks: a Survey,” in IEEE Communications Magazine, 2005. 2. W. Ye, J. Heidemann, and D. Estrin, “An energy-efficient MAC protocol for wireless sensor networks, ” in IEEE INFOCOM’02, June 2002. 3. W. Ye, J. Heidemann, and D. Estrin, “Medium Access Control With Coordinated Adaptive Sleeping for Wireless Sensor Networks,” in IEEE Trans. on Networking, Vol. 12 No. 3, 493-506, 2004 4. T. V. Dam and K. Langendoen, “An adaptive energy-efficient MAC protocol for wireless sensor networks,” in ACM Sensys’03, Nov. 2003. 5. P. Lin, C. Qiao, and X. Wang “Medium Access Control With A Dynamic Duty Cycle For Sensor Networks,” in IEEE WCNC’04, Mar 2004. 6. G. Lu, B. K., C.S. R., “An adaptive energy efficient and low-latency MAC for data gathering in wireless sensor networks”, in IEEE IPDPS’04, April 2004. 7. M. L. Sichitiu, “Cross-Layer Scheduling for Power Efficiency in Wireless Sensor Networks,” in IEEE INFOCOM’04, Mar. 2004. 8. E.-S. Jung and N. H. Vaidya, “A Power Control MAC Protocol for Ad Hoc Networks,” in ACM MOBICOM’02, Sep. 2002. 9. G. Anastasi, M. Conti, E. Gregori, A Falchi, A. Passarella, “Performance Measurements of Mote Sensor Networks,” in ACM/IEEE MSWiM’04, Oct. 2004. 10. C. Intanagonwiwat et al, “Directed Diffusion: a Scalable and Robust Communication Paradigm for Sensor Networks,” in MOBICOM’00, Aug. 2000 11. Mica Mote, http://www.xbow.com/ 12. The CMU Monarch Project’s Wireless and Mobility Ex-tensions to NS. 13. TinyOS, http://webs.cs.berkeley.edu/tos/ 14. Chipcon Corporation, CC1000 Low Power FSK Tranceiver. 15. B. Karp and H. T. Kung, “GPSR: Greedy Perimeter Stateless Routing for Wireless Sensor Networks,” in ACM MOBICOM’00, Aug. 2000.

A Data-Centric Self-organization Scheme for Energy-Efficient Wireless Sensor Networks SungHyup Lee1 , YoungSoo Choi2 , HeeDong Park3, YoonYoung An2 , and YouZe Cho2, 1

2

Department of Information and Communications Kyungpook National University, Korea [email protected] School of Electrical Engineering and Computer Science Kyungpook National University, Korea {yschoi, yzcho}@ee.knu.ac.kr, [email protected] 3 Department of Computer Engineering Pohang college, Korea [email protected]

Abstract. In this paper, we propose a new self-organization scheme, DICSION (Data-centrIC Self-organizatION), which can improve the energy efficiency and prolong network lifetime of wireless sensor networks. Since a large number of sensor nodes are densely deployed, neighboring nodes may be very close to each other. Therefore, we assume that sensor nodes have a high possibility to collect the duplicate data about the same event. DICSION can considerably reduce the energy consumption because a zone head only can transmit and receive a representative data to base station or neighboring zone heads after zone formation. Our performance evaluation results demonstrate that DICSION outperforms to STEM.

1

Introduction

It is important to prolong network lifetime and improve energy-efficiency in wireless sensor networks consisting of sensor nodes with limited energy resources [1]. Hence, in starting to organize a wireless sensor network, energy efficiency of sensor nodes must be considered to prolong network lifetime [2], [3], [5]. Wireless sensor network is different from ad hoc networks in a number of ways; hence, self-organization schemes of ad hoc networks such as GAF(Geographic Adaptive Fidelity) [6] and Span [7] do not immediately apply to wireless sensor networks. Therefore, we analyze the important characteristics and performance improvement components of previous schemes and propose a new, efficient and constructive self-organization scheme for wireless sensor networks. We also provide a brief overview of major existing schemes. In ASCENT (Adaptive Self-Configuring sEnsor Networks Topologies) [8], the large number 

Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 455–464, 2006. c IFIP International Federation for Information Processing 2006 

456

S. Lee et al.

of nodes deployed in micro-sensor network systems preclude manual configuration, and the environmental dynamics are not able to design pre-configuration. Therefore, nodes have to self-configure to establish a topology that provides communication and sensing coverage under stringent energy constraints. Each node assesses its connectivity and adapts its participation in the multi-hop network topology based on the measured operating region. STEM (Sparse Topology and Energy Management) [9] dramatically improves network lifetime by exploiting the fact that most of the time, the network is only sensing its environment waiting for an event to happen. Previous topology management schemes have focused on selecting which nodes can turn off their radio without sacrificing the capacity of the network. However, by alleviating the restriction of network capacity preservation, STEM can trade off extensive energy savings for an increased latency to set up a multi-hop path. Since sensor nodes consisting of wireless sensor networks are deployed in a vast area, they form randomly distributed, dense networks that have a high density in a particular region. Additionally, because sensor nodes in a highly dense area are very close to each other with respect of distance, they have a high probability to collect the duplicate data. Thus, by the transmission and aggregation of the duplicate data in this environment occurs to unnecessary energy consumption [4]. Therefore, we propose a new self-organization scheme for wireless sensor network called DICSION. It reduces the unnecessary energy consumption that a zone is created with the sensor nodes collecting the duplicate data, and only the zone head (ZH), a representative node in a zone, is responsible for the data transmission and sensing function. The rest of the paper is organized as follows. In Section 2, we present our motivations for research. In Section 3, we explain the details of DICSION. Performance evaluations are presented in Section 4 and the conclusions are in Section 5.

2

Motivation

There are two aspects as motivation for this work; sensor node distribution and casual application. • Sensor node distribution Since a large number of sensor nodes are densely deployed in target environments, neighboring nodes may be very close to each other. In addition,

BS (a)

BS (b)

Fig. 1. The distributed sensor nodes. (a) Uniform distribution. (b) Random distribution.

A DICSION Scheme for Energy-Efficient Wireless Sensor Networks

457

because sensor nodes are unevenly dropped by a plane or helicopter over a sensing field, they create the distributed wireless sensor network as shown in Fig. 1(b). • Casual application We aim to the casual applications such as weather estimation and environmental monitoring which are required in the user-predetermined value range. In Fig. 1(b), because the neighboring sensor nodes adjoin with each other, the sensed data is very similar. Because sensor nodes are very close to each other in some regions, they have a high probability to collect the duplicate data. And some applications for wireless sensor networks need a representative value of a min-max range rather than values of all sensor nodes in a zone. Therefore, we focus on developing a energyefficient self-organization scheme which can fulfill these motivation.

3

DICSION Scheme

The main mechanism for DICSION is as following. First, the sensor nodes exchange the location and sensing information through exchanging the Hello messages. At the end of exchanging the Hello messages, they join in each zone according to the reception of a CH ADV message and the duplicate data detection (3D) algorithm. Second, after the data path setup is achieved between the ZHs of the closest zones (If ZH can not communicate directly with next ZH, it sends the data to next ZH through sensor node close to next ZH), the routing path is created by gradual extension from the source node to the base station (BS). DICSION consists of mechanisms for zone formation, ZH selection, and multi-zone data forwarding. We present the DICSION architecture, as shown in Fig. 2. Fig. 3 shows the zone formation algorithm of the DICSION. The following sections describe all of these mechanisms in detail. 3.1

Zone Formation

We design an algorithm such that there are a certain number of zones, during each round to constitute a good zone formation. Round means that during current ZH is converted to the next ZH like LEACH [11]. When sensor nodes are randomly deployed in target environments, they transmit a Hello message to the neighboring nodes. Then, each sensor node recognizes neighbors by actively transmitting and receiving to the Hello messages including the location information of sensor node and meta data of the initial sensing information. All sensor nodes complete the exchange of the Hello messages and meta data, and then zones are created with sensor nodes that collected duplicate data about the event. In DICSION, sensor nodes make autonomous decisions without any centralized control. Thus, zone formation can be performed without knowing the exact location of any of the sensor nodes in the network. And we developed a

458

S. Lee et al.

3D algorithm for zone formation. The boundary of a zone is decided within the radio range of the ZH. Before sensor nodes are randomly deployed in a sensing field, a BS or user sets a Bi to them for data precision. Next, ZH collects all zone information using Hello message and returns it to all z-members. Thus, the z-members possess the zone information and location information of the neighbors. We assume that only ZH becomes active state and z-member remains in sleep state. Finally, the Data message including the representative data of a ZH is delivered to BS. And sensor nodes automatically update their neighbors by periodically sending and receiving Hello message. The 3D algorithm consists of two steps and the sensor nodes satisfied with two steps belong to the same zone. • Step 1: The sensed data of any sensor node, Xi is defined Ai and the sensed data of Si is defined as Bi where Bi ∈ Ai ± Φ (Φ : user-predetermined range) and Φ is a min-max range to raise for the accuracy of the representative data (not aggregated data). • Step 2: The set of the z-member, Mi , of ZH, Zi , is defined as R ≥ Mi = [Si d(Zi , Si )]where Si represents the sensor nodes with the exception of ZHs. Let d(Zi , Si ) be the distance from Zi to Si and R is radio range of Zi . Fig. 4 shows the state transition and message process of sensor node. In the first time sensor nodes are deployed in target environments, they step into a 1 Sensor nodes in neighbor discovery phase have no neighbor discovery phase(). energy consumption due to only receiving signals. After all sensor nodes have exchanged Hello messages with each other, only ZH elected through ZH selection 2 and the z-members are to be sleep state(). 3 algorithm is to be active state () As a network operation’s time goes on, if the residual energy of ZH falls below a threshold value, Ethreshold , the sleep sensor node having the highest residual energy level among neighbors is transited to the active state through a Wakeup 4 In addition, after the previous ZH receives an message received from its ZH(). 5 Table 1 shows the Ack message from the new ZH, it goes into sleep state(). message types and functions. If re-clustering of LEACH frequently occurs, the processing overhead of this procedure can be significant [11]. Thus, we limit the case to re-formation of

Z-head Z-member Zone

BS

Wireless Sensor Network

Fig. 2. DICSION architecture

A DICSION Scheme for Energy-Efficient Wireless Sensor Networks

459

Sensor node deployment

Neighbor discovery phase

Multi-zone data path setup

pšGšŒ•š–™G•–‹ŒGšˆ›šŒ‹ ~›GZkGˆ“Ž–™›”f

No

Finish self-Organization Yes

Z-head selection

Zone formation process finishes

Fig. 3. The zone formation algorithm of DICSION Initialization

z-member

ZH

1

Idle state (Neighbor discovery phase)

2

3

4

Sleep state

Active state

ge ssa me D N DEC mess age age ess km c A

5

(a)

(b)

Fig. 4. The state transition (a) and message process (b)of a sensor node

DICSION in two conditions. And sensor nodes are keeping their connectivity through periodically mutual communications using Hello messages. • Condition 1: when the residual energy of ZH falls down to the threshold value (Ethreshold ). • Condition 2: when the z-member senses to the different data about the same event within a zone. 3.2

ZH Selection Algorithm

When the neighbor discovery phase terminates, the ZH is randomly selected with a modified probability function of cluster head (CH) selection algorithm in LEACH protocol [11]. The rest of the sensor nodes of the zone, z-members, are to be sleep. In a proposed scheme such as LEACH, sensor nodes elect themselves to

460

S. Lee et al. Table 1. Message types and functions Message types

Functions

Data Neighbor Discovery(ND) Hello DEC Ack Wakeup

It consists of a sensing data and the information of sensor node. It is used for neighbor discovery phase. It is used that sensor nodes exchange with their information about location and state. It is used that ZH notifies sensor nodes of joining or not in its zone. It is a response to DEC message.

It is used for state transition of sensor node. It is used that ZH advertises its information ZH Advertisement(ZH ADV) to z-members and the remaining ZHs.

be ZHs at the beginning of round r + 1(which starts at time t). This probability is chosen such that the expected number of ZHs for this round is k. thus: E[#ZH] =

N 

Pi (t) = k

(1)

i=1

The first time ZH selection is randomly achieved, but for the next ZH selection, we use the energy-priority mechanism that selects a new ZH as a z-member (sleep sensor node) having a highest residual energy in a zone. The z-members periodically determine whether they should become a ZH. Where, N is the total number of nodes in the network. Ensuring that all nodes are ZHs the same number of times requires each node to be a ZH once in N/k rounds. Combining these constraints gives the following for each node i to be a ZH at time t:

k Ci (t) = 1 N (2) Pi (t) = N −k·(rmod k ) 0 Ci (t) = 0 Where, r is the number of rounds that have passed Ci (t) = 0 and if node i has already been a ZH in most recent (r mode N/k) rounds and 1 otherwise. Therefore, only nodes that have not already been ZHs and which presumably have more energy available than nodes that have recently performed this energyintensive function, may become ZHs at round r + 1 [11]. In the next rounds after initial round, ZHs are selected using the energy-priority mechanism described in Eq. (3),(4). A previous ZH is put into sleep state when it receives an Ack message from a new ZH. The z-members determine whether they should become ZH through energy-priority equation: z − members = {Z1 , Z2 , ...........Zn }

(3)

ZHnext = [Zi |maxE Z i ], i = {1, 2, 3....., n}

(4)

A DICSION Scheme for Energy-Efficient Wireless Sensor Networks

461

ZH Z-member ZH N

ZHB ZH A Zone 1

ZH C Zone 2

Zone 3

ˎ

BS Zone N

Fig. 5. Multi-zone data forwarding of DICSION

Where, Zn is the total number of z-members in a zone. The energy priority mechanism is used to elect z-member having a highest residual energy as ZH in a zone through the Wakeup message before the residual energy of a current ZH goes below the threshold value (Ethreshold ). A z-member, Zi, elects itself to be a ZHnext through result of energy-priority function before the initial ZH is to be sleep. ZHs broadcast ZH ADV messages to other ZHs in a network. A ZH ADV message consists of a ZH identifier (ID) and header. Thus, ZHs keep their connectivity to each other through exchanging of ZH ADV messages. 3.3

Multi-zone Data Forwarding

We use a multi-zone data forwarding mechanism as shown in Fig. 5. When the Data message arrives at the ZHs of every zones, it is then aggregated to one unit of the same size and transmitted to next ZH. If ZH can not communicate directly with next ZH, it sends the data to next ZH through sensor node close to next ZH. Therefore, the multi-zone data forwarding mechanism is more energy efficient than flat routing because all sensor nodes are participated in routing. Fig. 5 shows the data dissemination from ZHA of zone 1 to BS. In conclusion, the multi-zone data forwarding in DICSION can improve the reliability of data dissemination and conserve energy in wireless sensor networks in proportion to the reduction of energy consumption of ZHs that join the data path setup.

4

Performance Evaluation

In this section, we evaluate the performance of the DICSION via theoretical analysis and simulations. 4.1

Theoretical Analysis

DICSION ST EM ) with STEM(Enode ) and basic scheme We compare DICSION(Enode Basic (Enode ) with regards energy consumption of wireless sensor networks on increasing the number of sensor node. In our analysis, we use the same radio model discussed in [5]. The total energy consumption by a node during a round can be broken up into two components, one for each frequency band of the radio model. In Eq. (5), Etotal is the total energy consumption of sensor network,

462

S. Lee et al. Table 2. Power characteristics of sensor node Radio mode Transmit Receive Idle Sleep

Power consumption 14.88mW 12.50mW 12.36mW 0.016mW

ͥ͢͡Ωͤ͢͡ ͳΒΤΚΔ͑ΤΔΙΖΞΖ

Energy consumptions (mJ)

ͣ͢͡Ωͤ͢͡

΄΅Ͷ; kpjzpvu

͢͡͡Ωͤ͢͡ ͩ͡Ωͤ͢͡ ͧ͡Ωͤ͢͡ ͥ͡Ωͤ͢͡ ͣ͡Ωͤ͢͡ ͡

͡

ͣ͡͡

ͥ͡͡

ͧ͡͡

ͩ͡͡

͢͡͡͡

ͣ͢͡͡

The number of sensor nodes

Fig. 6. Theoretical result

Eactive is the energy consumption of ZH, and Esleep is the energy consumption of sleep sensor node. Wireless sensor network has a number of sensor nodes, N , and each term multiplies Nactive or Nsleep . Etotal = Nactive · (Ptx · ttx + Prx · trx ) + Nsleep · Psleep · tsleep

(5)

In basic scheme, the total energy would be equal to (6). Pdata contains contributions of Pidle . The main difference is that the radio is never energy-efficient in the sleep state [5]. In this equation, tdata is the total time the radio is turned on for communication data. As a result, Pdata contains the packet transmission, packet reception, and idle power [7]. Basic = Pidle (t − tdata ) + Pdata · tdata Enode

(6)

In STEM, the equation of energy consumption is simple as (7) [7]. The Pnode is a combination of sleep and idle power [5]. ST EM = Pidle (t − tdata ) + Psetup · tsetup + Psleep (t − tdata ) + Pdata · tdata (7) Enode

In DICSION, because sensor nodes stay in the sleep phase rather than idle phase in many cases, the Pidle becomes negligible. And we have an Eq. (8). DICSION = Enode

Psleep · (t − ttx ) · (t − tsetup ) + Psetup · tsetup + Pdata · tdata (8) t

A DICSION Scheme for Energy-Efficient Wireless Sensor Networks

463

Because sensor node can transit to various states until its battery is empty, we can not model the energy consumption in each state of sensor node. Therefore, we use the energy model that generalized energy consumption during periodic time, t. Some representative power numbers for the different modes are summarized in Table 2 [10]. In this paper, performance analysis is achieved in an environment with characteristics of time is t = 10s, tsetup = 4s, tdata = 2s. For our analysis, we use a 1000-node network, which is randomly distributed in a sensing field. As shown in Fig. 6, this graph results in energy consumption about each scheme. Energy consumption of all schemes increases with the increase of number of sensor nodes, but the DICSION is smaller than the basic scheme and STEM. Therefore, the proposed scheme has a good energy-efficiency and prolongs network lifetime. 4.2

Simulation Results

In this section, we compare the performance of the DICSION and STEM. Simulations were performed using the MATLAB simulation tool [12]. DICSION assumes that there are N nodes distributed randomly in a square. The network dimension studied is 200m × 200m and BS is located at (300, 300) on remote location. We executed 50 runs of the simulation for each scheme. The readings form these 50 trials for more accurate because sensor nodes are randomly distributed in target environments were averaged and plotted. Fig. 7 compares the energy consumption of the DICSION and STEM protocol versus the number of sensor nodes and the number of ZHs. For our simulation, the number of sensor nodes is varied as 100, 200, and 300 and the ratio of ZH is increased with 3%, 4%, and 5%. The ratio of ZHs adopts the optimal number of CH produced in LEACH. As seen in Fig. 7, DICSION is more energy-efficient than STEM. 4

4

x 10

12

14

STEM DICSION

Toal energy consumption [mJ]

Total energy consumption [mJ]

14

10 8 6 4 2 0 100

200

The number of sensor nodes

OˆP

300

x 10

STEM DICSION

12 10 8 6 4 2 0

3

4

5

The z-head rate among total sensor nodes [%]

O‰P

Fig. 7. A comparison of DICSION and STEM with respect to energy consumption. (a) according to the number of sensor nodes. (b) according to the rate of ZHs.

464

5

S. Lee et al.

Conclusion

We propose a new self-organization scheme, DICSION, to improve energy efficiency and network lifetime in wireless sensor networks which have a high possibility of collecting the duplicate data by sensor nodes because they are unevenly deployed in sensing field. DICSION considerably reduced energy consumption because only ZH can transmit and receive data after zone formation and the rest sensor nodes are in the sleep state. Performance evaluation demonstrates that DICSION outperforms to STEM.

Acknowledgement This work was supported by the KOSEF (contract no.: R01-2003-000-10155-0), Korea.

References 1. G. Pottie and W. Kaiser, “Wireless integrated network sensors,” Commun. of ACM, vol. 43, no. 5, pp. 51-58, 2000. 2. L. Subramanian and R. Katz, ”An Architecture for Building Self-Configurable Systems,” In Proc. of ACM/IEEE MobiHoc, 2000. 3. T. Robertazzi and P. Sarachik, “Self-Organizing Communication Networks,” IEEE Commun. Mag., vol. 24, no. 1, pp. 28-33, 1986. 4. L. Clare, G. Pottie, and J. Agre, “Self-Organizing distributed sensor networks,” In Proc. SPIE UGSTA, 1999. 5. K. Sohrabi, J. Gao, V. Ailawadhi, and G. Potite, “Protocols for Self-organization of a Wireless Sensor Networks,” IEEE Pers. Commun., vol. 7, pp. 16-27, 2000. 6. Y. Xu, J. Heidemann, and D. Estrin, “Geography-informed Energy Conservation for Ad Hoc Routing,” In Proc. of ACM/IEEE MobiCom, 2001. 7. B. Chen, K. Jamieson, H. Balakrishnan, and R. Morris, “Span: An Energy-Efficient Coordination Algorithm for Topology Maintenance in Ad Hoc Wireless Networks,” In Proc. of ACM/IEEE MobiCom, 2001. 8. A. Cerpa and D. Estrin, “ASCENT: Adaptive Self-Configuring Sensor Networks Topologies,” In Proc. of IEEE INFOCOM, 2002. 9. C. Schurgers, V. Tsiatsis, and M. Srivastava, “Optimizing Sensor Networks in the Energy-Latency-Density Design Space,” IEEE Trans. on Mobile Comput., 2002. 10. X. Wang, G. Xing, Y. Zhang, C. Lu, R. Pless, and C. Gill, “Integrated Coverage and Con-nectivity Configuration in Wireless Sensor Networks,” In Proc. of IEEE Sensys, 2003. 11. W. B. Heinzelman, A. P. Chandrakasan, and H. Balakrishnan, “An ApplicationSpecific Protocol Architecture for Wireless Microsensor Networks,” IEEE trans. on Wireless Commun., vol. 1, no. 4, pp. 51-58, 2002. 12. MATLAB 7.0, http://www.mathworks.com.

Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks* Kyung Tae Kim, Hyunsoo Kim, and Hee Yong Youn** School of Information and Communication Engineering Sungkyunkwan University, Suwon, Korea {harisu, hyunsoo}@skku.edu, [email protected]

Abstract. Wireless sensor network consisting of a large number of small sensors is efficient in gathering data in a variety of environments. Since the sensor nodes operate on batteries, energy efficient operations are indispensable to maximize the lifetime of the network. Among the schemes proposed to improve the lifetime of the network, the cluster-based schemes aim to evenly distribute the energy consumption among all the nodes in the network. In this paper we propose an approach for finding an optimal number of clusters which allows minimal energy consumption of the network. The key idea of the proposed approach is to model the energy consumption with independent homogeneous spatial Poisson process, while considering the distribution of cluster-heads and other sensor nodes. With the number of cluster-heads obtained by the proposed approach, the energy consumption can be significantly reduced and consequently the lifetime of the sensor network is increased compared to the existing schemes. Computer simulation confirms this with practical operational environment. Keywords: Cluster-head, energy-efficiency, network lifetime, optimized clustering, wireless sensor networks.

1 Introduction Wireless sensor network (WSN) consists of a large number of tiny sensor nodes forming an ad-hoc distributed sensing and data propagation network for collecting context information on the physical environment. It has been evolved rapidly for both military and civilian applications such as target tracking, surveillance, and security management [1, 2]. A sensor node has four basic components: a sensing unit, a processing unit, a radio unit, and a power unit. One of the most restrictive factors regarding the lifetime of wireless sensor network is energy resource of the deployed sensor nodes. Because the sensor nodes carry limited and generally irreplaceable power sources, the protocols designed for WSN must seriously take the issue of energy efficiency into consideration. The clustering-based routing protocols proposed for the WSN try to evenly distribute the consumption of the energy of the sensors [3-5, 9]. The main idea *

This research was supported by the Ubiquitous Autonomic Computing and Network Project, 21st Century Frontier R&D Program in Korea and the Brain Korea 21 Project in 2005. ** Corresponding author. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 465 – 474, 2006. © IFIP International Federation for Information Processing 2006

466

K.T. Kim, H. Kim, and H.Y. Youn

of the protocol is based on dynamical selection of the cluster-heads among the eligible active nodes. In Low-Energy Adaptive Clustering Hierarchy (LEACH) [6], a communication protocol and its energy efficiency in homogenous networks are presented. LEACH is a clustering-based protocol employing the approach of randomized rotation of the cluster-heads to evenly distribute the energy load among the sensors in the network. Together with local data fusion, LEACH achieves a significant improvement in network lifetime compared with the Direct, MTE (Minimum Transmission Energy) [11], and Static Clustering approach. In LEACH, it is assumed that every node has a packet to send to a distant base station in a round of communication. Proxy-Enabled Adaptive Clustering Hierarchy (PEACH) [7] adopts a similar approach as LEACH but proposes an additional scheme. It selects a proxy node which can assume the role of the current cluster-head of weak power during one round of communication. PEACH is based on the consensus of healthy nodes for the detection and manipulation of failure in any cluster-head. In LEACH and PEACH, the cluster-based topology reduces long range communication, data fusion saves energy by compressing the data, and rotation of the clusterheads enables balanced energy consumption, which eventually prolong the lifetime of the nodes. The most important factor in the cluster-based protocol is the number of clusters in the network. In the previous protocols the number of clusters are fixed throughout the lifetime of the network regardless of the number of live nodes. It is, however, against the intuition that the number of clusters need to be decided in proportion to the number of live nodes. In this paper we propose an approach finding the number of clusters which allows minimal consumption of the energy of the entire network. The key idea of the proposed approach is to model the energy consumption of the network with independent homogeneous spatial Poisson process, while considering the distribution of cluster-heads and other sensor nodes. With the number of cluster-heads obtained by the proposed approach, the energy consumption can be significantly reduced and consequently the lifetime of the sensor network is increased compared to the existing schemes. Computer simulation confirms this with practical operational environment. The remainder of the paper is organized as follows. Section 2 presents the background of the problem addressed including the energy model. Section 3 introduces the proposed approach. Section 4 evaluates the performance of it by computer simulation, and compares it with LEACH and PEACH. Finally, Section 5 concludes the paper and outlines the future research directions.

2 The Background In this paper we focus on a single-hop sensor network as in LEACH and PEACH. There exist three kinds of nodes in the WSN; sensor nodes, cluster-head nodes, and base station. Each sensor node is small and low-cost; they are used for data acquisition. The cluster-heads are for data fusion and forwarding of the aggregated data to the base station. As a result, the cluster-heads consume energy at a substantially higher rate than other nodes due to wireless communication over large distances. The

Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks

467

base station may be assumed to always have sufficient battery power, or its battery may be reprovided during its course of operation. Therefore, its power consumption is not a concern in our investigation. 2.1 The Energy Model of a Sensor We use the same radio model as discussed in [6, 8], which is the first order radio model. In this model the radio unit dissipates 50 nJ/bit (Eelec) to run the transmitter or receiver circuitry and 100 pJ/bit/m2 ( ) for the transmitter amplifier. The energy consumption model is described as follows. When a node transmits k-bit data to another node of a distance of d, the energy it consumes is ETx(k, d) = Eelec × k + 2 × k × d . When a node receives k-bit data, the energy it consumes is ERx(k) = Eelec × k. is The second term of ETx covers the energy loss due to channel attenuation, while the amplifier coefficient. For simplicity of calculation, we assume that transmission range of all the nodes are same on one condition that the range should cover all the neighbors in its cluster. We also assume that all data packets are same sizes. For fair comparison, we use the same constant coefficients adopted in LEACH and PEACH. 2.2 The Problem Statement In LEACH, the cluster-heads are stochastically selected. For this each node determines a random number between 0 and 1. If the number is smaller than a threshold, the node becomes a cluster-head for the current round. The threshold for node n is set as follows: T (n) =

P 1 − P × ( r mod

1

, ∀n ∈ G )

:

T (n) = 0

, ∀n ∉ G

(1)

P

with P as probability for a node to be the cluster-head, r as the sequence number of the current round, and G as the set of nodes that have not been cluster-head yet in the last 1/P rounds. This algorithm ensures that every node becomes a cluster-head exactly once within 1/P rounds. In LEACH, P is a fixed value of 0.05. However, P might need to be varied because the number of live nodes varies, actually decreases. We thus find the optimal probability for a node to be a cluster-head in the next section. Data transmission failure occurs when a cluster-head cannot transmit data due to energy deficiency. It affects the system operation and causes a remedial operation such as re-clustering or boot-strap which results in time waste and reduced network lifetime, etc. We assume that data in the communication is error-free, and the semantic-related generic faults in the data are detected and removed by application specific operation. Data transmission faults in a cluster-head can also be caused by hardware failure. They can prevent the cluster-head from transmitting data to the sensors as well as relaying the data to the base station. The data sent by the sensor nodes will be lost if a cluster-head fails. We call all such failures complete cluster-head failures because the cluster-head can no longer serve as a liaison between the sensor nodes and base station.

468

K.T. Kim, H. Kim, and H.Y. Youn

3 The Proposed Scheme In this section we introduce the proposed approach. The operation of the proposed scheme consists of rounds. Each round of communication consists of three phases; the phase for finding the optimal number of cluster-heads, set-up phase, and data collection and transmission phase. In the first phase, the optimal probability for a node to be a cluster-head is determined. In the setup phase, clusters are organized and a schedule is transmitted to the member nodes. During the data transmission phase, the sensor nodes transmit the sensed data to the cluster-heads which are then forwarded to the base station according to the preset schedule. 3.1 The Optimal Cluster-Head Probability Decision Phase In a sensor network the expected distance between the cluster-heads to the base station and the expected distance between the sensors to the cluster-head in a cluster depend on the number of sensors, the number of clusters, and the size of the region where the network is deployed. The expected distance between a sensor and the cluster-head in a cluster decreases while the distance between the cluster-head and base station increases as the number of clusters increases in a bounded region. An opposite phenomenon is observed when the number of clusters decreases. Therefore, an optimal value of p in terms of energy efficiency needs to be decided by properly taking account the tradeoff between sensor-to-cluster-head and cluster-head-to-base station communication overhead. Let S denote a bounded region of a plane and X(S) does the number of sensors contained in S. Then X(S) is a homogeneous spatial Poisson process if it distributes the Poisson postulates, yielding a probability distribution P{ X ( S ) = n} =

n −λA(S) [ λ A( S ) e ]

,

n = 0 , 1, 2...

(2)

n!

Here Ȝ is a positive constant called the intensity parameter of the process and A(S) represents the area of region S. If region S is a square of side length, M, then the number of sensors in it follows a Poisson distribution with a mean of A(S), where A(S) is M2. Assume that there exist N sensors in the region for a particular realization of the process. If the probability of becoming a cluster-head is, p, then NP sensors will become cluster-heads on average. Let DB(x, y) be a random variable denoting the distance between a sensor located at (x, y) and the base station. Let PS be the probability of existence of sensors uniformly distributed in region S. Without loss of generality, we assume that the base station is located at the center of the square region (i.e. the origin coordinate). Then, the expected distance from the base station to the sensors is given by 2 2 M/2 M/2 E [ DB ( x, y ) | X ( S ) = N ] = ³³S DB ( x, y ) ⋅ PS dS = ³-M/2 ³-M/2 x + y

1 d d = 0.3825M 2 x y

(3)

M

Since there exist Np cluster-heads on average and location of a cluster-head is independent of those of other cluster-heads, the total length of the segments from all the cluster-heads to the base station is 0.3825NpM.

Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks

469

Since a sensor becomes a cluster-head with a probability p, we expect that clusterhead and other sensors are distributed in a cluster as an independent homogeneous spatial Poisson process. Each sensor joins the cluster of the closest cluster-head to form a cluster. Let X(C) be the random variable denoting the number of sensors except the cluster-head in a cluster. Here, C is the area of a cluster. Let DC be the distance between a sensor and the cluster-head in a cluster. Then, according to the results of [10], the expected number of non-cluster-heads in a cluster and the expected distance from a sensor to the cluster-head (assumed to be at the center of mass of the cluster) in a cluster are given by E [ DC | X ( S ) = N ] = ³³C

x

2

2M 2 2 π M/ Npπ 2 Np r drd θ = + y ( x , y ) dA(C ) = ³0 ³0 , 2 M 3 Np π

(4)

respectively. Here, region C is a circle with radius M / Np π . The sensor density of the cluster, k(x, y), is uniform, and it is approximately M2 / Np. Let EC be the expected total energy used by the sensors in a cluster to transmit one unit of data to their respective cluster-head. Since there are Np clusters, the expected value of EC conditioned on X(S) = N is given by, E [ EC | X ( S ) = N ] = N ( 1 - p ) ⋅

E[ DC | X ( S ) = N ]

1 = Np 2 ⋅

r

2M

1- p

3r π

(5)

.

p

If the total energy spent by the cluster-heads to transmit the aggregated information to the base station is denoted by EB, then E [ E B | X ( S ) = N ] = Np ⋅

E [ DB | X ( S ) = N ]

=

0.3825NpM

r

(6)

.

r

Let ET be the total energy consumption with the condition of X(S) = N in the network. Then (7)

E [ ET | X ( S ) = N ] = E [ EC | X ( S ) = N ] + E[ E B | X ( S ) = N ].

Taking the expectation of Equation (7), the total energy consumption of the network is E [ ET ] = E[ E[ ET | X ( S ) = N ]] = E[ X ( S )

1/2

]⋅

2M 3r π

1- p p

+ E [ X ( S )] ⋅

0.3825pM r

,

(8)

where E[·] is expectation of a homogeneous Poisson process. E[ET ] will have a minimum value for a value of p, which is obtained by the first derivative of Equation (8) 2c2 p

3/2

- c1 ( p + 1) = 0 ,

(9)

where c1 = 2M E[(X(S))1/2]=3 ʌ and c2 = 0.3825M E[X(S)]. Equation (9) has three roots, two of which are imaginary. The second derivative of Equation (8) is positive and log concave for the only real root of Equation (9), and hence the real root minimizes the total energy consumption, E[ET ].

470

K.T. Kim, H. Kim, and H.Y. Youn

The only real root of Equation (9) is as follows. popt =

2 4 2 2 0.0833c1 0.1050 ( c1 + 24c1 c2 ) + 2 2 6 4 2 2 4 2 2 6 8 1/3 c2 c2 ( 2c1 + 72c1 c2 + 432c1 c2 + 83.1384c1 c1 c2 + 27c2 )

+

0.0661 6 4 2 2 4 2 2 6 8 1/3 + ( 2c1 + 72c1 c2 + 432c1 c2 + 83.1384c1 c1 c 2 + 27c 2 ) . 2 c2

(10)

3.2 The Set-Up Phase In the set-up phase, a portion of sensors stochastically elect themselves as clusterheads. For this the same process explained in Section 2.2 (Equation (4)) is executed, using popt instead of p. Each node determines a random number between 0 and 1. If the number is smaller than a threshold, the node becomes a cluster-head for the current round. The threshold of node n, Tnew(n), is set as follows: Tnew ( n ) =

p opt 1 − p opt × ( r mod

Tnew ( n ) = 0

1

, ∀n ∈ G )

(11)

popt , ∀n ∉ G

(12)

with popt of Equation (10), r as the number of the current round, and G as the set of nodes that have not been a cluster-head in the last 1/popt rounds. This algorithm ensures that every node becomes a cluster-head exactly once within 1/popt rounds. The node electing itself as a cluster-head for the current round broadcasts an advertisement message to the rest of the nodes. Section 3.1 has analyzed the problem of the population of cluster-head in wireless sensor network. It allows an optimal cluster-head probability for homogeneous network with various parameter settings. Cluster-heads are randomly selected using the optimal probability at the set-up phase. When a node is selected as a cluster-head, it generates a cluster-head token. Then, every selected cluster-head advertises its token by the CSMA/CA MAC protocol to all its neighbors. The noncluster-head nodes receive these advertisements and compare their signal strength. It keeps only the token with the strongest signal and randomly chooses a one when a tie occurs. After the advertisements, every non-cluster-head node recognizes the source of the token as its cluster-head and broadcasts the topology answer packet by the CSMA/CA MAC protocol back to the cluster-head. In the answer packet, the node’s position (NP) and remaining energy (RE) level are included. When the cluster-heads receive the answer packets, they set up a schedule for its local cluster. Based on the number of nodes in the cluster, the cluster-head creates a TDMA schedule telling when each node can transmit the packets. The schedule is broadcast back to the nodes in the cluster.

Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks

471

3.3 The Data Collection and Transmission Phase After the set-up phase, the data collection and transmission phase starts. Every node collects local data, and sends the packet to the cluster-head in its allocated transmission time. Based on the strength of the received cluster-head advertisement signal and the assumption of symmetrical radio channel, the transmission can use a minimum amount of energy. The radio of other nodes are turned off until their allocated transmission time to save the energy. Each cluster-head keeps its receiver on to collect data from its member nodes and continuously updates the energy table in the schedule based on the received packets. When the data from all non-cluster-head nodes have been received, the cluster-heads process data fusion to aggregate all received data into one signal. The data fusion can be a simple averaging or complex data processing. After data fusion, the cluster-heads send the information of the cluster to the base station. As the cluster-heads need to receive many packets and consume large power for long range transmission, they are the ones whose energy is used up most quickly in the cluster. Therefore, a cluster-head can cause a failure due to energy deficiency. If a failure occurs at a cluster-head, the network has to be re-clustered and a new schedule needs to be transmitted to the sensors. This will reduce the network lifetime. In order to extend the lifetime of network by avoiding such problem, a proxy node is selected. Calculation of the Threshold Value. The threshold value ETH plays a very important role in the data transmission phase since it is used as a measure for deciding if the current cluster-head has become obsolete. When the energy of a cluster-head drops below the threshold, the proxy node selection process begins. We assume that all sensors are identical and produce data at the same rate. The following functions are used for deciding the threshold value. ªnº « k » −1 ¬ ¼

(13)

k j = M bit ¦ kij i =1 ECH ( j ) = Eelec × k j + ε amp × k j × d CH ( j )

ETH =

1 k ¦ ECH ( j ) k j =1

2

(14) (15)

Here kj is the length of the aggregated message in the cluster-head and dCH is the distance between the cluster-head and base station. Since ETH changes over time, the threshold is calculated in every data collection and transmission phase. When the energy level of the cluster-head falls below the threshold, data transmission is aborted and a proxy node is selected. It is done using the RE and NP value of the reply packets received in the set-up phase (Refer to [7]). After a node is selected as a proxy node, the cluster-head broadcasts an Indicator Control Message (ICM) containing the address of the proxy node and a new TDMA schedule to the member node. The member nodes that receive the ICM send a confirmation message to the proxy node, which includes the node ID of the member node. After the message exchange is over, the member nodes resume data transmission. The proposed approach can reduce the error which can occur when the clusterheads of low energy transmit data to the base station. It will also evenly distribute

472

K.T. Kim, H. Kim, and H.Y. Youn

energy consumption among the nodes in the network, and as a result increase lifetime of the entire sensor network. Also, it can raise the system reliability by reducing energy consumption and waste of time required for boot-strapping and set-up initialization involved in re-clustering.

4 Performance Evaluation We evaluate the effectiveness of the proposed scheme along with Direct, LEACH, and PEACH through computer simulation. The probability for a node to be selected as a cluster-head is decided using the model developed in Section 3.1. For the simulation we consider a sensor network of 100 sensor nodes randomly located in a 50 × 50 region. A base station is located at the center (25, 25). We use two models of initial residual energy of sensor nodes; uniform at 0.5J and random between 0.25J and 0.5J. We set Eelec to 50 (nJ/bit) and to 100 (pJ/bit/m2) in the energy model of a sensor. The size of sensor data is 2000 bits, and the advertisement message is 64-bit long. In the simulation the result of 100,000 runs are averaged. Table 1 lists the lifetime of the sensor network in terms of the round a node begins to die and the round the last node dies for the four schemes compared. Notice that the proposed scheme is consistently better than the others. Especially, the proposed scheme outperforms more significantly when the initial energy is relatively high. We ran the simulator with different energy thresholds, and obtained similar results. Table 1. The network lifetimes with different initial energies of the sensors Energy (J/node)

0.25

0.5

Protocol

The round a node begins to die

The round a node begins to dies

Direct

85

141

LEACH

312

596

PEACH

367

683

Proposed

423

812

Direct

146

279

LEACH

628

1012

PEACH

782

1157

Proposed

995

1364

The improvement offered by the proposed scheme over LEACH and PEACH can be clearly seen in Figure 1, which shows the number of sensors alive as the round proceeds with the energy of 0.25 J/node initially. A sensor node with insufficient residual energy can occasionally become a cluster-head even though there is a sensor node of larger battery power nearby. It then exhausts the energy, stops operating, and disrupts the entire network operation. Also, data transmission to the base station is not possible. On the other hand, in the proposed scheme, the approach of proxy node and distribution of cluster-heads considering the distance to the base station allows significantly increased network lifetime.

Optimized Clustering for Maximal Lifetime of Wireless Sensor Networks

473

Fig. 1. The comparison of the number of live sensors as the round proceeds

Another important aspect of the proposed protocol is illustrated in Figure 2, which shows the locations of live (circle) and dead (dot) sensor nodes with LEACH and the proposed scheme, respectively, after 550 rounds. Observe that, in addition to a lot more live nodes than LEACH, the proposed scheme displays well dispersed live nodes. This is an important aspect that the proposed scheme can avoid dead spot while extending the lifetime of the network. This was achieved by employing an optimal number of clusters and proxy node for weak cluster-head.

(a) LEACH

(b) The proposed scheme

Fig. 2. The distribution of live (circle) and dead (dot) nodes after 550 rounds

5 Conclusion and Future Work In this paper we have proposed an approach for finding an optimal number of clusters which allows minimal energy consumption of the wireless sensor network. It is based on the modeling of energy consumption of the network with independent homogeneous spatial Poisson process, while considering the distribution of cluster-heads and other sensor nodes. The proposed approach allows considerable improvement in the

474

K.T. Kim, H. Kim, and H.Y. Youn

stability of the system and reduces the overhead of re-clustering and system reconfiguration. Computer simulation showed that the proposed approach allows much longer lifetime of wireless sensor network than the existing schemes such as LEACH and PEACH. The proposed approach will be more important when the wireless sensor network is deployed in large area and the base station is far from the network. The future work will focus on the comparison of the proposed approach with other approaches such as simulated annealing and taboos search. A formal methodology will also be developed in order to determine the factors used in each round of communication in a more systematic way and there by allow optimal results for the given condition. Our current simulation concentrates on one-hop cluster performance. It will be extended for energy-efficient data dissemination with multi-hop clusters.

References [1] L. Zhong, R. Shah, C. Guo, J. Rabaey.: An ultra low power and distributed access protocol for broadband wireless sensor networks: IEEE Broadband Wireless Summit, Las Vegas, ay 2001. [2] K. Sohrabi, J. Gao, V. Ailawadhi, and G. J. Pottie.: Protocols for self-organization of a wireless sensor network: IEEEPersonal Commun., 7(5):16–27, Oct. 2000. [3] C.R. Lin and M. Gerla.: Adaptive Clustering for Mobile Wireless Network: IEEE J. Select. Area Commun, vol 15, pp. 1265-1275, Sept 1997. [4] J. H. Ryu, S. Song, and D. H. Cho.: Energy-Conserving Clustering Scheme for Multicasting in Two-tier Mobile Ad-Hoc Networks: Elec-tron. Lett., vol. 37, pp. 1253-1255, Sept 2001. [5] T. C. Hou and T. J. Tsai.: Distributed Clustering for Multimedia Support in Mobile Multihop Ad Hoc Network: IEICE Trans. Commun., vol. E84B, pp. 760-770, Apr 2001. [6] W.R.Heinzelman, A.Chandrakasan, and H. Balakrishnan.: Energy-Efficient Communication Protocol for Wireless Micro-sensor Networks: In Proceedings of the Hawaii International Conference on System Science, Maui, Hawaii,2000. [7] K.T. Kim and H.Y. Youn.: PEACH: Proxy-Enable Adaptive Clustering Hierarchy for Wireless Sensor network: Proceeding of The 2005 International Conference On Wireless Network, June 2005, pp. 52-57. [8] W. Heinzelman, A. Chandrakasan, H. Balakrishnan.: An applicationspecific protocol architecture for wireless microsensor networks: in press IEEE Transaction on WirelessNetworking. [9] P. Gupta and P.R. Kumar.: The capacity of wireless networks: IEEE Transaction on Information Theory, Vol. IT-46, No. 2, 388-404, March, 2000. [10] S.G. Foss and S.A. Zuyev.: On a Voronoi Aggregative Process Related to a Bivariate Poisson Process: Advances in Applied Probability, Vol. 28, No. 4, pp. 965-981, 1996. [11] T. Shepard.: A Channel Access Scheme for Large Dense Packet Radio Networks: In Proc. ACM SIGCOMM, pages 219-230, August 1996

Maximize the Coverage Lifetime of Sensor Networks Minh-Long Pham, Daeyoung Kim, Taehong Kim, and Seong-eun Yoo Real-time and Embedded Systems Laboratory Information and Communications University, Korea {longpm, kimd, damiano, seyoo}@icu.ac.kr http://resl.icu.ac.kr

Abstract. When deploying sensors in the field in order to collect useful information, one of the most important issues is how to prolong the lifetime of the network because of energy constraint of the sensors while guaranteeing that every point in the network is covered. In this paper, we propose the formulation of integer linear programming (ILP) model to find the optimal network flow in the sensor fields in order to maximize the network lifetime while maintaining the coverage and connectivity. By dividing the network into grid structure, the problem can become manageable in size and complexity thus can be applied to large network with high number of nodes. The experimental results show that our proposed scheme outperforms previous protocols in terms of coverage lifetime.

1 Introduction The lifetime of sensor networks mainly depends on battery energy because sensor nodes usually use a small battery and when they are deployed in the field, it is difficult to replace the battery. So, optimal usage of energy is an important issue in order to prolong the lifetime of a sensor network. Also in sensor networks, where sensor nodes are deployed to monitor an area, there is the need to guarantee that every point in the area is covered by at least one sensor node. The following definitions are required in order to understand the coverage problem and our proposed scheme as well. Definition 1. The network is said to be connected if any of the active nodes can find the path to transmit the data back to the base station. Definition 2. The network is said to have area coverage if every point in its area is covered of by at least one active sensor node. Definition 3. The coverage lifetime is the time for which the network maintains area coverage. Definition 4. The connectivity lifetime is the time for which the network maintains connectivity. 

This research has been partially supported by ITRC project of Korea MIC and BK21 project of Korea MOE.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 475–484, 2006. c IFIP International Federation for Information Processing 2006 

476

M.-L. Pham et al.

The coverage lifetime can be considered as the time interval upto the point when the network can not cover some area because of the death of the cell, and the connectivity lifetime as the time interval upto the first loss of connectivity among the nodes to the base station. By taking into account both coverage and connectivity metrics, network lifetime is specified as the time interval during which the network still maintains area coverage and connectivity to make the base node monitor the whole area. As shown later in our model, since the loss of area coverage occurs always before the loss of connectivity. So, we can treat the network lifetime as the coverage lifetime. In this paper, we propose the network model that enables us to monitor the whole sensor field as well as to maximize the coverage lifetime of the network. The proposed network topology is a grid structure. The network is composed of grid cells and each cell has at least one sensor node. Because each cell can be covered by one sensor node, one node in each cell can sense the environment information of its cell and communicate with other nodes in adjacent cells. Therefore, only one node in the cell is active at once time while other nodes in the cell stay in sleep mode. The reasons we propose such network model are 1) energy conservation and 2) simplification of optimal network flow. First, because one active node in each cell can provide both area coverage and connectivity to the network, other nodes do not need to participate in monitoring the sensor field. Instead, they save the energy staying in sleep mode. When the active node runs out of energy, one of the nodes in sleep mode becomes active node for the purpose of maintaining the area coverage and connectivity. Second, grid structure can simplify the optimization problem and network flow by considering the amount of data between cells instead of between nodes. Since optimization problem focuses on the data flow between cell, the problem can be manageable even if the network size or the number of nodes increases. Based on the proposed network model, we concentrate on finding the optimal network flow among the sensor nodes that guarantee both area coverage and connectivity. We can solve the optimization problem by analyzing the features of area coverage and connectivity. Integer linear programming is applied to find the network flow among the cells toward the base station to maximize the lifetime coverage of the whole network. The constraints for the problem of integer linear programming is derived by analyzing the features of network such as amount of data and energy consumption. The remainder of this paper is organized as follows. We describe the related work in section 2. Then, we discuss the coverage problem and the network model in section 3. Section 4 represents the formulation of the integer linear problem. In section 5, we propose some application scenarios for using the proposed scheme. The experimental results in section 6 show the advantages of the proposed scheme, and section 7 concludes the paper.

2 Related Work 2.1 Integer Linear Programming Integer linear programming is a kind of operating researches. This method is used to calculate the optimal result, from the constraints, by the using inequality equation. For example, integer linear programming is used to get the minimal route path under the

Maximize the Coverage Lifetime of Sensor Networks

477

given network topology. The integer linear programming problem can be solved in polynomial time. And we can use the LP_SOLVE program in order to get the result of the integer linear programming formulation. 2.2 Coverage Problem The coverage problem can be divided into area coverage and point coverage. In area coverage, the main purpose is to ensure that every point in the area is covered by at least one sensor. Researches in [1] and [2] proposed algorithms to find the maximum number of disjoint sets, such that each set of sensors can monitor the whole area. The paper [3] represents the mechanism to select an area dominating the minimum set of nodes, such that the selected set covers the area. The idea is to construct a connected dominating set that ensures energy efficient area coverage. In point coverage, the whole area is divided into discrete set of points, with the purpose of guaranteeing that this set of points is covered. In [4], the network is divided into discrete grid points, and the linear programming problem is formulated to find the deployment of sensors such that every grid point is covered by at least m sensors with minimal cost of sensors. In this paper, we focus on guaranteeing the area coverage in order to monitor the whole sensor field during the coverage lifetime of the network. 2.3 Coverage Lifetime Prolonging the lifetime of coverage for a sensor network is investigated under number of works. In the case of the coverage problems [1] and [2], the main purpose of finding the minimal disjoint set is to maximize the coverage lifetime by reducing the number of working nodes. Only one set among all the disjoint sets wakes up and performs sensing task at a certain point in order to reduce the energy consumption. In [4] and [5], the network is divided into discrete grid points, and the integer linear programming problem is formulated by deciding whether to place a sensor node at each grid point so that the number of nodes is minimal while still covering all the discrete grid points. Another distributed and localized protocol, using probing to select and determine the node scheduling for energy efficient coverage, is proposed in [6]. Our proposed scheme is different from the previous coverage problems above in that our scheme obtains the optimal network flow that prolongs the area coverage lifetime as well as maintains connectivity at the same time. Also by dividing the network into cells, the complexity of the linear problem is reduced considerably, and thus it can be applied to large sensor networks with huge number of sensor nodes.

3 Problem Description We assume that the network has the following characteristics in our proposed scheme. – Sensor network consists of a number of homogeneous sensor nodes with identical transmission range, sensing radius and initial energy. – All sensor nodes in the network have identical sensing period. This means that all sensor nodes generate the same amount of sensing data.

478

M.-L. Pham et al.

– The network is divided into a grid structure as shown in Figure 1. Each cell can be covered by one sensor node, so at one time only one node in the cell is active while all the other nodes in the cell can stay in sleeping mode.

Fig. 1. Grid structure with gray node as the active node in each cell

– To ensure the connectivity, any sensor node in one cell must be connected to any sensor node in one of the adjacent cells as in Figure 2. So, we can derive the relation between transmission range and sensing range as: √ √ 2 (RT x )2 = (2Rs / 2)2 + (Rs / 2) = 5/2(Rs )2

Fig. 2. The relation between transmission and sensing range

– Data gathering period can be divided into rounds, in each round, each active node will generate the same amount of the data for sending to the base station via one or multi hops. – The network loses area coverage when all the nodes in any one cell are dead. – One cell is considered at a loss of connectivity when all the adjacent cells are dead (nodes in these adjacent cells are all dead). Thus, cell can not send the data any more. Since the coverage loss occurs when only one cell is dead whereas the loss of connectivity is occurred when all the adjacent cells are dead, the network will lose coverage

Maximize the Coverage Lifetime of Sensor Networks

479

before losing connectivity. So, the network lifetime is considered as the coverage lifetime until the first cell loses area coverage. Therefore we can define the optimization problem as follows: Optimization Problem. Given the sensor field (divided into grid structure) and sensor deployment, find the total data flow among the cells to maximize the lifetime until the first cell loses area coverage (all the nodes in that cell are dead).

4 Problem Formulation In this section, we find the several constraints required to formulate the optimal network flow problem. As we assumed in the problem description section, we consider all the sensors have the same initial energy, same radio transmission and sensing range. However, we do not consider the energy consumption for sensing, since it is significantly smaller than the energy consumption for transmission. The constraints for optimal problem are obtained from consideration of the network characteristics such as data flow between the cells, data flow between the cell and the base station, and energy consumption in each cell. The notations used in the optimization problem are described in table 1 and we have the following constraints:

Fig. 3. Data Flow

The conservation of the total data flow at each cell i up to time T is given by q0 T +

N  m=1 m=i

Vmi =

N +1 

Vij

(1)

j=1 j=i

(i=1..N, with N+1 stands for BS) The sum of the total data generated by cell i and the total data coming into cell i is equal to the total data coming out of cell i (from cell i to the adjacent cells and to the BS). In the above equation, the first monomial q0 T is the amount of data sensed by cell i, the second monomial is the amount of data coming into cell i, and the monomial at the right side stands for the amount of data coming out of cell i. Figure 3 shows the data flow of cell i:

480

M.-L. Pham et al. Table 1. Notations Term

Definition

N

Number of cells

ki

Number of nodes in cell i

RT x

Radio transmission range

Rs

Sensing range

q0

Data rate that each active sensor in a cell collects and generates in one unit of time

T

Network lifetime until all the sensors in the first cell run out of energy

E0

Initial energy of each node

fij

Data rate sent by node i to node j

dij

Distance between node i and node j

Eamp

Transmit amplifier parameter

Vij

Total volume of data sent from cell i to cell j up to time T

Elec

Radio dissipates to run transmitter or receiver circuitry

cs

Energy consumption cost for sensing one unit of data

cij

Power consumption cost for transmission from i to j

ET x (i, j)

Power dissipated at node i when it is transmitting to node j

ERx (i, j)

Power consumption for receiving

The energy constraint for each cell i with ki nodes is given by Elec ∗

N  m=1 m=i

Vmi +

N +1 

cij Vij ≤ ki ∗ E0

(2)

j=1 j=i

Total energy consumption, for transmission and receiving, of cell i up to time T is less than or equal to the total energy of ki nodes in cell i. Since the transmission range of the nodes among cells are the same and the transmission range between a cell to the BS depends on the distance between the cell and the BS, we have cij =c0 (i=1..N, j=1..N) In the above equation, the first monomial is the total energy consumption for receiving data in cell i during the time T, in that it is a form of multiplication of energy consumption for receiving in one unit and the total amount of received data. At this time, we consider there is no additional circuit to receive data, so Elec is enough energy

Maximize the Coverage Lifetime of Sensor Networks

481

for receiving. In this manner, we can estimate that the second monomial is the total energy consumption for transmission. The difference is that cij depends on the distance from i to j whereas Elec is a constant. Finally, the monomial at the right side is calculated by multiplying the number of nodes in cell i and the initial energy. The Above equation ignores the energy consumption for sensing, but we can enhance the constraint if we want to take that into account as the following equation: Elec ∗

N 

Vmi +

m=1 m=i

N +1 

cij Vij + cs q0 T ≤ ki ∗ E0

j=1 j=i

Constraint that all the collected data from the sensor nodes is gathered at BS In a sensor network, all the collected data from the sensor field is gathered at the BS. In time T, each cell generates q0 T amount of data, and this data is transferred to the BS, so the total amount of data sent directly from all the cells to the BS is equal to Nq0 T and we have following constraint: N 

ViN +1 = N q0 T

(3)

i=1

From (1), (2), and (3), we have the following linear programming formulation to maximize T: q0 T +

N 

Vmi =

m=1 m=i

Elec ∗

N 

Vmi +

m=1 m=i N 

N +1 

Vij

j=1 j=i N +1 

cij Vij ≤ ki ∗ E0

j=1 j=i

ViN +1 = N q0 T

i=1

T ≥ 0, Vmi ≥ 0, Vij ≥ 0 (m = 1..N,i = 1..N,j = 1..N + 1) where T, Vmi , Vij , m=1..N,

i=1..N, j=1..N=1 are the decision variables and N, ki , q0 , E0 , Elec , ciN +1 , cs , c0 are the constants. Since we consider only the transmission between the cells, so the number of constraints and decision variables are proportional to the number of cells, not to the number of nodes; it means that the number of decision variables is not changed as the√number of nodes increases. (The number of variables can be calculated as 1 + 5N − 4 N , and the number of constraints is 2N+1). The constraints can be strictly applied that T, Vmi , Vij are integers, and then, we have the integer linear programming problem.

482

M.-L. Pham et al.

5 Applications After deploying the sensor nodes in the field, they will self-organize, gather the information required to formulate the problem (such as location of all the sensor nodes and the number of nodes in the cell) and send back to the base station(BS). The BS will formulate and solve the optimization problem based on the received information to get the optimal network flow. The schedule of the network flow is then sent back to the sensor nodes in each cell. Each cell will store the amount of data that is needed to be sent to each adjacent cell or the amount of data to send to the BS; which are considered as links for each cell with the capacity of a link being the total data to be sent on this link. At a time, one node in a cell will be active and the counter is maintained for the available capacity of each outward link when the active node has data to send (whether from its own generated data or the received data). It will choose one of the available links to send the data to, after sending the capacity of the link is reduced by the amount of the data sent. When one node runs out of energy, the other node in cell will become active. When all the nodes in a cell die out, the cell is considered at a loss of coverage. The result of the linear programming problem can also be used to estimate the lifetime of the sensor network for choosing the proper network density.

6 Evaluation Model In order to evaluate our proposed scheme, we have done simulation and compared with PEGASIS[7], under the same condition in the aspect of network lifetime. The linear problem is then solved using the public domain package LP_SOLVE. In the simulation environment, we formulate the sensor field of 30*30m, 50*50m with the sensing range of Rs =10m, the number of sensors in the network is 50, 70, 100 and the BS position is either at the corner of the field (0,0) or at remote position (15, 70). The calculation for communication and computation energy consumption is based on the model discussed in [8]. The power consumption for transmitting is ET x (i, j) = cij fij and the power consumption for receiving ERx (i, j) = Elec fij , where cij = Elec +Eamp (dij )2 , Elec = 50nJ/bit and Eamp = 100pJ/bit/m2. The PEGASIS that is compared with our proposed algorithm is an efficient chainbased routing protocol. In PEGASIS, the chain is formed among all the nodes in the network using greedy algorithm, the data is gathered and aggregated along the chain and then, forwarded to the BS. Here, we apply PEGASIS with the chain which is constructed among the active nodes of each cell in order to adopt the same condition of the proposed algorithm. When an active node runs out of energy, the other node in the cell is selected as the active node and is used in the chain. The following table compares the result from the proposed scheme with PEGASIS in terms of coverage lifetime. The result shows that the lifetime of the network under the solution obtained from the network flow of the LP is higher than that of the PEGASIS, in the case of low density as well as high density, and both when the BS is at the corner of the network or at the remote position for various network sizes. The higher the density of the network, the higher is the lifetime (which is nearly proportional to the increase in density).

Maximize the Coverage Lifetime of Sensor Networks

483

Table 2. Comparison of coverage lifetime between Proposed scheme and PEGASIS 1st loss of 1st loss of cell coverage No. of nodes cell coverage using using LP PEGASIS

BS position

Area

(0,0)

(30,30)

15

542

443

(15,70)

(30,30)

15

413

368

(0,0)

(30,30)

70

1704

1161

(15,70)

(30,30)

70

1477

1119

(25,75)

(50,50)

50

617

455

(25,75)

(50,50)

100

1137

753

The result can be concluded that the solution of LP provides the optimal network flow as compared to the near optimal in the case of PEGASIS. Also as the number of sensor nodes increases the number of nodes in the cell increases and the distance among the nodes reduces, so that the lifetime of both PEGASIS and LP solution increases.

7 Conclusion In this paper, we have applied the linear programming in obtaining the optimal transmission flow to maximize the lifetime of coverage for the sensor network. The solution of the problem provides the optimal network flow for the sensor networks under consideration. By dividing the network into grids, with one active node at a time in each cell to cover the whole cell, we can reduce the network flow problem to a manageable size and thus, can scale with the network with a large number of sensor nodes. The simulation result shows that the solution obtained provides better result than the near optimal routing protocol PEGASIS, in both low and high density network, and also in case, BS is at the corner or far away from the sensor field under different area size.

References 1. S. Slijepcevic and M. Potkonjak, ”Power Efficient Organization of Wireless Sensor Networks”, Proc. of IEEE International Conference on Communications, Vol 2, pp 472476, Helsinki, Finland, June 2001. 2. M. Cardei, D. MacCallum, X. Cheng, M. Min, X. Jia, D. Li, and D.Z. Du, ”Wireless Sensor Networks with Energy Efficient Organization”, Journal of Interconnection Networks, Vol 3, No 34, pp 213229, Dec 2002. 3. J. Carle and D. Simplot, ”Energy Efficient Area Monitoring by Sensor Networks”, accepted to appear in IEEE Computer. 4. K. Chakrabarty, S. S. Iyengar, H. Qi and E. Cho, ”Grid coverage for surveillance and target location in distributed sensor networks”, IEEE Transactions on Computers, vol. 51, pp. 1448-1453, December 2002.

484

M.-L. Pham et al.

5. S. Megerian and M. Potkonjak, ”Low Power 0/1 Coverage and Scheduling Techniques in Sensor Networks”, UCLA Technical Reports 030001. January 2003. 6. F. Ye, G. Zhong, S. Lu, and L. Zhang, ”Energy Efficient Robust Sensing Coverage in Large Sensor Networks”, Technical Report UCLA, 2002. 7. S. Lindsey, C. Raghavendra, and K. Sivalingam, ”Data Gathering Algorithms in Sensor Networks Using the Energy Metrics”, IEEE Transactions on Parallel and Distributed Systems, vol. 13, no. 9, Sep. 2002, pp. 924-935 8. Wendi Heinzelman, Anantha Chandrakasan, and Hari Balakrishnan, ”Energy-Efficient Communication Protocols for Wireless Microsensor Networks”, Proc. Hawaaian Int’l Conf. on Systems Science, January 2000. 9. S. Meguerdichian, F. Koushanfar, M. Potkonjak, M.B. Srivastava, ”Coverage Problems in Wireless Ad-Hoc Sensor Networks”, IEEE Infocom 2001,Vol 3, pp. 1380-1387, April 2001. 10. Konstantinos Kalpakis, Koustuv Dasgupta, and Parag Namjoshi, ”Maximum Lifetime Data Gathering and Aggregation in Wireless Sensor Networks”, In the Proceedings of the 2002 IEEE International Conference on Networking (ICN’02), Atlanta, Georgia, August 26-29, 2002. 11. J.H. Chang and L. Tassiulas, ”Energy Conserving Routing in Wireless Ad-hoc Networks”, Proc. IEEE INFOCOM 2000, Tel Aviv, Isreal, Mar. 2000. 12. M. Cardei and J. Wu, ”Coverage in Wireless Sensor Networks”, accepted to appear in Handbook of Sensor Networks, M.Ilyas (ed.), CRC Press, 2004 13. Dimitris Bertsimas and John N. Tsitsiklis, ”Introduction to Linear Optimization”, Athena Scientific, Belmont, MA, 1997. 14. Operation Research: ”Application and algorithm, Wayne L. Winston January”, 1994 15. D. Tian and N. D. Georganas, ”A Coverage-Preserving Node Scheduling Scheme for Large Wireless Sensor Networks”, Proc. of the 1st ACM Workshop on Wireless Sensor Networks and Applications, 2002. 16. Y. Thomas Hou, Yi Shi, Jianping Pan, Alon Efrat, and Scott Midkiff, ”Optimal SingleSession Flow Routing for Wireless Sensor Networks”, IEEE Vehicular Technology Conference, 2004.

An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices Shinyoung Yi and Hojung Cha Department of Computer Science, Yonsei University Seodaemun-gu, Shinchon-dong 134, Seoul 120-749, Korea {mainwork, hjcha}@cs.yonsei.ac.kr

Abstract. Utilization of an ultrasound tracking system in wireless sensor networks is a well-known technique with low-cost and high-accuracy advantages in an indoor environment. In this paper, we present the implementation of an active tracking system based on an ultrasonic sensing device using the IEEE 802.15.4 compatible radio. IEEE 802.15.4 is used in wireless sensor networks because of its low power consumption and high bit-rate. Many of the technical issues for actual deployment of the system in an indoor environment are herein analyzed and solved.

1 Introduction A Location Based Service (LBS) technique that uses Global Positioning System (GPS) satellites or cellular networks has been implemented and deployed for tracking systems in the outdoor environment. However, with a GPS device it is not possible to receive the RF satellite signal inside a building, and an indoor location system requires higher accuracy than GPS. Therefore, location techniques using GPS devices are inappropriate for an indoor location system. Many techniques for an appropriate indoor location system have recently been proposed. There are those using infrared[1], wireless LAN[2, 3], and both radio and ultrasound[4, 5, 6]. An indoor location system should guarantee high accuracy, low cost, and secure user privacy[4]. A location system using synchronized RF signals and ultrasonic pulses in wireless sensor networks is a known technique that satisfies these requirements. Existing location techniques using ultrasound suffer an inherent limitation of system performance and user privacy due to their old-fashioned radio modules with low bit-rates or use of wired networks. An IEEE 802.15.4 compatible radio[7] with a high bit-rate and low power consumption is widely used in wireless sensor networks. In this paper we propose a tracking system with an ultrasound-based location technique, employing a widely-used IEEE 802.15.4 compatible radio to improve upon previous localization techniques. The proposed technique guarantees high accuracy and user privacy through distributed processing with an active tracking model[8]. We have implemented the system in a real indoor environment, and analyzed the technical limitations and run-time problems. The technical issues surrounding the operation of the proposed ultrasonic tracking system are determined and solved through experiment and analysis. We have validated the performance by actual experiment, and the proposed technique is found to be applicable to an indoor location system. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 485 – 494, 2006. © IFIP International Federation for Information Processing 2006

486

S. Yi and H. Cha

The remainder of the paper is organized as follows: Section 2 introduces techniques for an ultrasound-based location system. Sections 3 and 4 present technical issues surrounding implementation of a tracking system using ultrasound and an IEEE 802.15.4 compatible radio. The performance of an implemented tracking system is evaluated in Section 5, and Section 6 concludes the paper.

2 Related Work An ultrasonic location system is categorized as an active or a passive model[8], based on whether or not the target node transmits the RF and ultrasonic signals on its own. In the active model, a target node transmits RF and ultrasonic signals to receiving nodes to estimate distance; however, in the passive model, the target node measures distances to the beacon nodes by receiving the RF and ultrasonic signals from them. The Cricket Location System[4] is a well-known passive implementation of an ultrasound-based location system. In it, a target node receives the RF and ultrasonic signals, which the fixed beacon nodes knowing their absolute coordinates transmit periodically, and calculates the distance to the beacon nodes by TDoA (Time Difference of Arrival) of the RF signal and ultrasonic pulse. More than three distances between a target node and beacon nodes enable the calculation of the location of a target node by applying trilateration. The Cricket system uses B-MAC[9] in TinyOS [10, 11], and the CC1000 transceiver[12], and has the advantage of accurate distance measurement through easy synchronization control of the RF signal and ultrasonic pulse. However, the CC1000 transceiver consumes a significant amount of power and has a low bit-rate[13]. The Cricket system adopts the passive method, and shows lower accuracy in continuously-moving target tracking than does the active method, guaranteeing the user privacy through the distributed method and light communication load between sender and receiver[8]. The proposed technique in this paper guarantees both accuracy in tracking and user privacy by adopting the active method, and processes the location in the distributed method. The Active Bat[5] is distinguished from the Cricket in that a sender called Bat transmits the synchronized RF signal and ultrasonic pulse actively. In the Bat system, the receiving node that receives both RF and ultrasonic signals measures the distance and sends the distance information to a host wired to it. The final location of the target node is calculated by trilateration at the host. The Active Bat uses a 433 MHz radio channel for synchronization with the ultrasonic signal. Receivers send the distance information to the wire-connected host, and the location is calculated by a centralized method at the host. Since the distance information is communicated through wire, high reliability of the information is guaranteed. However, it has problems: initial installation of communication cables is required and a centralized method user privacy guarantee is difficult to achieve. The proposed system in our research, however, guarantees user privacy as it calculates the location of the target node at the sender side through the distributed method[4, 8].

An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices

487

3 Active Tracking System Fig. 1 illustrates the overall structure of an active tracking system. The system is constructed with a mobile node and backbone nodes. The Mobile node is a moving node, and backbone nodes are set up to measure the distance between the mobile and backbone nodes. The mobile node sends synchronized radio signals and ultrasonic pulses periodically. The radio signal includes the node ID and sequence information of the mobile node. When a backbone node receives a radio signal, it perceives the subsequent ultrasonic pulse and measures the time difference. The backbone nodes compute the distance between the mobile node and themselves by the time difference and send the distance information to the mobile node. The mobile node receives more than three pieces of distance information from the backbone nodes and calculates its location on a 2D coordinates system by trilateration. Since this process is performed at every beaconing period, it is possible to track the location of the moving mobile node. Because our system is an active architecture, wherein the mobile node actively sends the beacon messages, the backbone nodes obtain concurrent distance information. This feature of the architecture renders the tracking accurate[8]. However, active architecture has radio channel overhead compared to passive architecture, since more than three backbone nodes send distance information to a mobile node simultaneously. Furthermore, packet loss may occur on the mobile node while it receives distance information from backbone nodes concurrently. We provide a solution for these problems in Section 4. The calculated coordinates of the mobile node are sent to the closest backbone node. The data is sent to a host through a routing method among the backbone nodes and displayed by a Graphical User Interface (GUI) application on the host. Backbone nodes

a

Distance Estimation

Synchronized US and RF signal

h Mobile node

Beacon message US pulse Reply message

Fig. 1. Active tracking system

4 Implementation Issues Ultrasound-based tracking using the IEEE 802.15.4 radio has different technical problems from previous schemes. The tracking system needs to be reliable in real deployment in indoor environments. In the following subsections, we analyze these

488

S. Yi and H. Cha

problems and describe solutions to implement a tracking system applicable to an actual environment. 4.1 Synchronizing US Pulse with RF Signal To implement an ultrasound-based tracking system, we developed an ultrasonic sensor hardware module that sends or detects a 40 Kh ultrasonic pulse. We also developed a wireless sensor mote (Fig. 6(b)) operated with the ultrasonic sensor. The mote is similar to Telos[14], which uses a MSP430 F1611[15] micro controller, a CC2420, and an IEEE 802.15.4 compatible radio transceiver chip[16]. The radio stack of the Cricket system is implemented as part of the software application. This enables control of the synchronization time of the radio signal and ultrasonic pulse on the software level. By controlling the data packet from its header to the CRC, the Cricket system maintains regular time intervals between radio signal and ultrasonic pulse. It is correct to regard the required time for ultrasonic pulse arrival as the arrival time difference between RF signal and ultrasonic pulse. Since the CC2420 radio stack is implemented on PHY and operated on the hardware level, it is difficult to control the point of packet transmission and reception time on the software level. The system is required to synchronize the ultrasonic pulse after the packet transmission is complete. However, if the times required for data transmission are irregular, the measured arrival time difference between RF and ultrasound would include some errors. If we synchronize the ultrasonic pulse with the time before the packets are sent, the arrival time difference could be converted to the ultrasound transmit time precisely. In this case, however, the receiver cannot distinguish the synchronized radio signal from radio signals for other purposes. To apply the system to an actual environment, a solution to this problem is necessary. In this paper, we synchronize the arrival time of an ultrasonic pulse with the packet destination address checking time in the MAC layer. Fig. 2 shows the differences in synchronizing time between the Cricket and our system. 4.2 Trilateration A mobile node calculates its position through trilateration after receiving more than three pieces of distance information from backbone nodes. Since the system is designed for indoor application, the height of the space is considered constant. Fig. 3 shows the mechanism by which to calculate the position of a point by distance information from three positions. Suppose there are three points with known positions. These positions are expressed as ( x1 , y1 , h) , ( x2 , y2 , h) , and ( x3 , y3 , h) where h is the height of the 3D space. dˆ1 , dˆ2 and dˆ3 represent the distance estimations from each known point to unknown 2D coordinates ( x, y ) where z = 0 . d i , the distance on the x-y plane, is expressed as Equation 1.

di = dˆi2 − h 2 , i = 1,2,3

(1)

An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices

489

TinyOS Radio MAC Synchronizing point

Synchronizable points 1B Preemble

Data

Header 1Byte

5Byte

34Byte

The Cricket system

TinyOS Radio MAC

SFD event

Preemble

Synchronizing point

SFD

MAC Protocol Data Unit

SFD pin FIFO pin

The proposed system

Fig. 2. Comparison of our system’s synchronization point with that of the Cricket system

Trilateration is not accurate when the distance values include comparably large errors. In our system, this problem occurs more frequently when the mobile node receives more than three pieces of distance information. To reduce the error in trilateration, we choose the three smallest distance values among the received distances since smaller distances include fewer errors. Fig. 4 shows the distance measurement error according to the angle of sender and receiver. The distance error and the measuring degree are directly proportional. In real deployment, the angle of a mobile and a backbone node is larger when the distance increases. In other words, significant errors would be included in long-distance estimates. Hence, trilateration with short distances calculates accurate positions in the system.

z

( x1 , y1 , h) ( x2 , y 2 , h )

dˆ1

( x3 , y3 , h)

dˆ3

dˆ2

y

d2 ( x, y,0) (0,0,0)

x

Fig. 3. Trilateration in mapping 3D to 2D

Fig. 4. Distance error according to degrees

490

S. Yi and H. Cha

4.3 Distance Error Filtering Distance measurement generally includes errors caused by obstacles and other environmental factors. Since reliable distance measurement is directly related to the performance of the tracking system, preventing these errors is an important issue in the system. However, the errors usually occur when measuring angles and distance values are large. We use two methods to solve this problem. Height of the indoor space, h , is the minimum distance the backbone node can measure. In other words, the minimum distance value, MIN_DISTANCE, is determined as the constant value h . When the backbone node measures a distance longer than MIN_DISTANCE, it implies that the backbone node and the mobile node are not in a straight line. It also means the distance value possibly includes distance error. We multiply the distance information by a constant α to revise the data. The modified d new is expressed as Equation 2. The constant α is proportional to the difference between dˆ and MIN_DISTANCE. We obtained the constant α through real environment experiments. In an environment with 235 cm of height and 150 cm of backbone node grid size, the value of the constant α is 0.98.

d new = α ⋅ dˆ

(2)

Fig. 5(a) shows the ultrasound range, in different positions, of a mobile node in the sensor field. In conditions with ultrasound range r and grid size a , at least three backbone nodes will detect the ultrasound wherever the mobile node is located. Circle A shows the situation wherein a minimum number of backbone nodes will detect the ultrasound pulse. Circle B represents the situation wherein a maximum number of backbone nodes will detect the ultrasonic pulse. The maximum distance estimation, MAX_DISTANCE, is calculated through Equation 3. In our system, backbone nodes send back the distance information to the mobile node when d new is greater than

MIN_DISTANCE and less than MAX_DISTANCE. This method reduces the error of measurement and prevents unnecessary packet transmissions.

MAX _ DISTANCE = h 2 + 2a 2

(3)

1

Circle B

2

3

5

6

ravg

a 4

a

rmax

r 7

8

a

9

Circle A

(a) Ultrasonic coverage

(b) Maximum and average range of US pulse Fig. 5. Ultrasonic range

An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices

491

4.4 Radio Reliability When the height of the indoor space is 235 cm and backbone nodes are deployed on a grid with 150 cm intervals, a maximum of nine backbone nodes respond to the ultrasound pulse of a mobile node. Fig. 5(b) shows the situation when nine backbone nodes are in the range of an ultrasonic pulse. Although the distance estimation would be filtered by the method we describe in Section 4.3, there is a situation in which all nine backbone nodes send distance information to the mobile node. The distance measurement error problem with nodes 1, 3, 7, and 9 is solved by sorting the distances and using only three small distance values. However, there could be a radio problem when a mobile node tries to receive simultaneous response messages. There is a possibility of losing packets when simultaneous radio packets arrive at the mobile node. To solve this problem, each backbone node is set for random delay before it sends the distance information to the mobile node. We have also designed the backbone nodes to retransmit the distance message for reliability of the system.

5 Evaluation Fig. 6 shows the experimental testbed using nine backbone nodes, a gateway node, a mobile node, and a line-tracking motor car. We investigated the tracking performance of our proposal system through the GUI application shown in Fig. 6(b).

(a) System deployment

(b) Sensor mote with an ultrasonic module and the GUI

Fig. 6. The ultrasonic location system using an IEEE 802.15.4 radio

In order to deploy the system successfully, more than three of the backbone nodes to the ceiling should be able to detect the ultrasonic pulse robustly. The ultrasonic sensor device we developed could sense the ultrasonic pulse within a distance of 11 meters in a straight line. When the distance is not straight, the range of detectable

492

S. Yi and H. Cha

ultrasonic pulses is in a circular arc with an angle of 120 degrees and a radius of 230 cm. In addition to a reliable detection range, both the arrangement and the density of the backbone nodes have important effects on robust localization when the backbone nodes are deployed in a ceiling. In the case that the backbone nodes within the fixed range are arranged densely, many backbone nodes are able to sense an ultrasonic pulse simultaneously. It may cause packet loss to transmit too many distance estimations to a mobile node, and a narrow arrangement would cost more. Sparse arrangement of the backbone nodes may cause a mobile node not to receive enough distance estimations because of obstructions or other RF signals. Receiving enough distance estimations is the prerequisite for successful positioning. Hence when the backbone nodes are attached to a ceiling, arrangement and density should be considered. We deployed nine backbone nodes in the 150 cm by 150 cm grid topology. Fig. 7 describes the result of tracking a moving motor car at a speed of 0.3 meters per second. The mobile node attached to the motor car broadcasts the beacon message at 500 ms intervals, and the series of positions are displayed at the same intervals. Our tracking system shows good performance that computed coordinates with an average 20 cm error. The sources of error are considered to be in measurement of height and distance.

Fig. 7. Tracking the moving node

Fig. 8 shows the positioning difference between conditions when both a distance error filtering policy and radio reliability technique are applied and otherwise. The maximum localization error arises when a mobile node is located at the identical x-y coordinates of backbone node 5 in Fig. 5(b). The error can be minimized when there is a mobile node in the center of the 4 one-hop neighbor nodes constructing a quadrangle. We examined the difference of the location result between the maximum error position, (150, 150), and the minimum error position, (250, 70). We sampled 50 coordinates computing at each location. Figs. 8(a) and 8(c) show the result of no policies, and Figs. 8(b) and 8(c) represent the estimated positions by the proposed system including distance error filtering and radio reliability policy. There is no significant error found in performing localization by adopting the proposed schemes.

An Active Tracking System Using IEEE 802.15.4-Based Ultrasonic Sensor Devices

493

(a) Without error filtering and radio reliability: (b) Error filtering and radio reliability: posiposition (250,70) tion (250,70)

(c) Without error filtering and radio reliability: (d) Error filtering and radio reliability : posiposition (150,150) tion (150,150) Fig. 8. Error distribution of computed coordinates

6 Conclusion In this paper, we have presented an active tracking system using the IEEE 802.15.4 compatible radio. Our system, with the active method, guarantees user privacy and accurate tracking of a moving device, and therefore can be deployed in a real indoor environment. We validated the proposed system as a real application by deploying and testing it in our laboratory. Our contribution for deploying an ultrasound-based active tracking system is as follows: The arrangement of backbone nodes should be decided in consideration of the height from sender to receiver, and the reachable range of an ultrasonic pulse. Adjusting the measurement error is required because an error of distance estimation increases according to the increment of the angle between ultrasound transmitter and receiver. A protocol that guarantees robustness is required in an active system wherein a mobile node receives both RF signals and ultrasonic pulses at once. The proposed active tracking system including these schemes has actually been implemented and analyzed. This system may be utilized for such indoor location-aware services as object tracking and human navigation.

494

S. Yi and H. Cha

Acknowledgements This work was supported by the National Research Laboratory (NRL) program of the Korean Science and Engineering Foundation (2005-01352) and the ITRC Program (MMRC) of IITA, Korea.

References 1. R. Want, A. Hopper, V. Falcao, and J. Gibbons. The Active Badge Location System. In ACM Transactions on Information Systems, January 1992. 2. P. Bahl and V. N. Padmanabhan. RADAR: An In-Building RF-Based User Location and Tracking System. In INFOCOM 2000, Vol. 2, pp. 775-784, March 2000. 3. M. A. Youssef, A. Agrawala, and A. U. Shankar. WLAN Location Determination via Clustering and Probability Distributions. In Proceedings of the First IEEE International Conference on Pervasive Computing and Communications (PerCom 2003), pp. 143-152, March 2003. 4. N. B. Priyantha, A. Chakraborty, and H. Balakrishnan. The Cricket Location-Support System. In 6th ACM International Conference on Mobile Computing and Networking (Mobicom 00), August 2000. 5. A. Harter, A. Hopper, P. Steggles, A. Ward, and P. Webster. The Anatomy of a ConetxtAware Application. In 5th ACM International Conference on Mobile Computing and Networking (Mobicom 99), pp. 59-68, August 1999. 6. M. Hazas and A. Ward. A Novel Broadband Ultrasonic Location System. In Proceedings of 4th International Conference on Ubiquitous Computing (UbiComp 2002), 2002. 7. IEEE Standard for Information Technology: 802.15.4: Wireless Medium Access Control and Physical Layer Specifications for Low-Rate Wireless Personal Area Networks. 2003 http://standards.ieee.org/getieee802/download/802.15.4-2003.pdf 8. A. Smith, H. Balakrishnan, and M. Goraczko. Tracking Moving Devices with the Cricket Location System. In 2nd International Conference on Mobile Systems, Applications and Services (Mobisys 2004), June 2004. 9. J. Polastre, J. Hill, and D. Culler. Versatile Low Power Media Access for Wireless Sensor Networks, In ACM SenSys 2004, November 2004. 10. http://www.tinyos.net 11. J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. Culler, and K. Pister. System Architecture Directions for Network Sensors, In Proceedings of ASPLOS 2000, November 2000. 12. http://www.chipcon.com/files/CC1000_Data_Sheet_2_3.pdf 13. J. Polastre, R. Szewczyk, and D. Culler. Telos: Enabling Ultra-Low Power Wireless Research. In Proceedings of IPSN/SPOTS, April 2005. 14. http://www.moteiv.com 15. http://www.ti.com 16. http://www.chipcon.com/files/CC2420_Data_Sheet_1_3.pdf

LWOS: A Localization Method Without On-Body Sensor in Wireless Sensor Networks Shuangquan Wang1, Ningjiang Chen2, Xin Chen2, Jie Yang1, and Jun Lu1 1

Institute of Image Processing & Pattern Recognition, Shanghai Jiaotong University, Shanghai, China, 200240 {wangshuangquan, jieyang, lujun0328}@sjtu.edu.cn 2 Philips Research East Asia, Shanghai, China, 200070 {james.nj.chen, mylan.chen}@philips.com

Abstract. In many applications of wireless sensor networks (WSNs), the location information of users is very important. In this paper we present a localization method without on-body sensor (LWOS). The basic idea is that when a person is standing between a pair of transceivers, the human body will attenuate the received signal. From the detected attenuation of Received Signal Strength Indication (RSSI), LWOS can detect and localize people directly utilizing the wireless communication in WSNs. No additional sensor is needed and users do not need to wear a sensor node any more. A signal-shielding device is used at the transmitter side to minify the interference of RSSI variability from multi-path effects. Experiment results show a good capability of localizing a single user in an indoor environment.

1 Introduction The advances in wireless sensor networks (WSNs) foster a growing interest in location-aware applications. The key distinguishing feature of such an application is that it provides services to users based on their physical location information [1]. This information can also be used to deduce what people are doing with the assumption that a person’s activity is correlated to his/her location. There are several available localization techniques [2], such as Global Positioning System (GPS), ultrasound, Infra-Red (IR), and radio based methods. GPS is proven to be effective, but too expensive to be widely adopted by cheap and small devices [3]. Ultrasound and IR based methods are usually used in indoor environments, while they require additional hardware to be added to off-the-shelf sensor nodes. Comparatively, radio based method is the most attractive localization technology because radio transceiver is already available in each node and less power consumption is needed. Radio based localization methods can be classified into two classes: range-based and range-free [3]. The difference between them is whether absolute point-to-point distance or angle estimate is used. The former includes the methods based on Time of Arrival (TOA) [4], Time Difference of Arrival (TDOA) [5, 6], Angle of Arrival (AOA) [7] and Received Signal Strength Indication (RSSI) [1]. The latter includes Centroid [8], DV-Hop [9] and Amorphous [10]. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 495 – 504, 2006. © IFIP International Federation for Information Processing 2006

496

S. Wang et al.

However almost all above methods require people to wear a wireless sensor node in order to calculate the related information, such as distance, with other reference sensor nodes. Although in this way, the system may provide accurate location information, our experience indicates that users often feel uneasy and uncomfortable when wearing sensors. In this paper we present a localization method without onbody sensor (LWOS) based on RSSI. It utilizes the normal wireless communication to detect and localize people. Compared with above localization methods, LWOS does not force users to wear sensor nodes. The rest of the paper is organized as follows. In Section 2, we introduce the previous work in RSSI-based localization methods. Section 3 describes the rationale of LWOS method. Experiment results will be illustrated in Section 4 and some LWOS associated topics will be discussed in Section 5. Finally, we conclude the paper in Section 6.

2 Related Works In RSSI techniques, theoretical and empirical models are proposed to translate signal strength into distance estimates. RADAR [1] proposes a RF based system for locating and tracking users inside buildings. It records and processes signal strength information at multiple base stations, which are purposely positioned to provide overlapping coverage in the area of interest. It combines empirical measurements with signal propagation model to determine user location. SpotON [11] creates a SpotON object tag as a distance estimator based on radio signal strength analysis and focuses mostly on the hardware and embedded systems aspects. The method in [2] analyzes the experimental data and uses a specific signal attenuation model to provide distance information from the raw RSSI data. Ecolocation [12] determines the location of unknown nodes by examining the ordered sequence of RSSI measurements taken at multiple reference nodes. In [13], RSSI values are used to estimate the one-hop distance in a grid. However the carefully designed set of indoor and outdoor experiments demonstrate that many factors, such as radio calibration, antenna orientation, background noise and obstacles, may cause RSSI to be unpredictable. The layout of the rooms in the building, the placement of base stations, and the location of the mobile user all have an effect on the received signal. In [14], the author indicates that all these RSSI based localization algorithms have a high error rate.

3 LWOS The key of high error rate existing in RSSI based localization methods is the RSSI variability, especially in indoor environments. The RSSI variability means that the signal becomes unpredictable due to reflection, diffraction, scattering, and refraction. We propose to use a signal-shielding device, which is a metal can with one head open,

LWOS: A Localization Method Without On-Body Sensor in WSNs

497

for each transmitter to weaken the interference of RSSI variability. After using the signal-shielding device, LWOS becomes realizable. 3.1 RSSI Variability The RSSI in a radio communication system is affected by many factors, which can be divided into two categories: propagation media related and device related [14, 15, 16, 17]. Media properties include the media type, the background noise and some other environmental factors, such as the temperature and obstacles within the propagation media. Device-related factors include antenna type (directional or omni-directional), transmission power, antenna gains (at both the transmitter and receiver) and receiver sensitivity etc. In order to decrease the interference of these factors, we set some conditions in our study of RSSI variability. The transmitters and receivers have the same type of monopole antennas. All sensor nodes are pre-tested to have similar RSSI values when there is no person between them. The antenna directions of a pair of transmitter and receiver are parallel and opposite. Fully charged batteries are used for all sensor nodes to ensure that they work well. Additionally there is little background noise in the same radio frequency band and some other factors, such as temperature and humidity, have almost no effect on the RSSI variability as tested. These conditions relieve the interference of many factors. When a person keeps still or leaves the room for a while, the signal will become stable gradually. However the RSSI value still varies greatly when the person walks around a pair of transceivers several meters away in a room. It is hard to judge from the change in RSSI value whether the person is present or not. According to [14], the main factor is the multipath fading and shadowing in the RF channel. In indoor environments, the electromagnetic signal may be reflected when it encounters the walls, furniture and other objects. Since the radio travels at the speed of light, it is too fast for the receiver to distinguish the original signal and the reflected signal. It can only measure the received signal strength for both. For this reason, the presence and movement of the person interfere the radio propagation. 3.2 Weaken the RSSI Variability by a Signal-Shielding Device Since the antenna has a spherical radio propagation model in theory, a reasonable solution is to install a signal-shielding device at each transmitter to decrease the multipath effect. A metal can with one head open is used in our experiments. Fig.1 shows the sensor deployment in the metal can and the sketch map of signal propagation with the shielding device. The RSSI value after using the shielding device is shown in Fig.2. The packet ID is the index of packets sent from the transmitter to the receiver and reflects the time. The protuberant parts of rectangle line and diamond line represent two cases respectively: 1) a person standing on the line-of-sight between one pair of sensor nodes; and 2) going across the line-of-sight between another pair. The RSSI value varies within 1dBm to 4dBm when no person is present, which is much smaller than the one without the signal-shielding device.

498

S. Wang et al.

(a)

(b)

Fig. 1. (a) A metal can as a signal-shielding device with a sensor node inside; (b) Theoretic signal propagation diagram after using the signal-shielding device

Fig. 2. The RSSI value when the signal is focused

Fig. 3. One cycle of presence detection

3.3 Localization

LWOS locates a person by detecting the attenuation of RSSI when the human body absorbs some of the signal energy or reflects the signal to other directions. The body interference is related to the frequency of the radio signal. Normally, the higher the frequency is, the greater the attenuation is. The 2.4GHz RF is used in our experiments. In fact, the 2.4GHz is the frequency of water resonance used by a microwave oven. In our experiments, the RSSI value for each pair of transceivers is supposed to be N dBm when there is no person and M dBm when a person is standing in the detection strip, which is a narrow strip area on the line-of-sight between them. The person can be detected by comparing the change in RSSI value with a threshold, which is an average estimation of the RSSI change when the person is present. Different size and orientation of human body can result in different amounts of signal attenuation. The detection result is sensitive to the threshold, which needs to be selected carefully. One cycle of presence detection is described in Fig. 3.

LWOS: A Localization Method Without On-Body Sensor in WSNs

499

Based on the presence detection, LWOS can localize and track the movement of a person. Several detection strips are used to cover the detection area as shown in Fig. 4. If a person stands at any position in this area, at least one detection strip will be covered. When the detection area is too large for the detection strips to cover, LWOS can localize the person in one of the four triangular sub-areas based on the order of covered strips (coming in or going out the sub-area). Or several detection strips are linked in a close loop, then the person can be localized in the detection area of the close loop as shown in Fig. 5.

Fig. 4. An detection area covered by six detection strips (lines linking two nodes)

Fig. 5. An detection area covered by four detection strips in a close loop

4 Experiments and Results Many experiments are done to measure the RSSI threshold for finding the detection strip of each pair of transceivers and evaluate the LWOS method. 4.1 Experiment Setup

A meeting room in our laboratory is used as the experimental environment. There is a table in the center of the room with several chairs around. Sensor nodes are attached to the wall, legs of tables or put along the windowsill. The sensor node uses the Chipcon CC2420 IEEE 802.15.4 radio transceiver [14] in the physical layer. The transmission power is programmable in eight steps from -24 dBm to 0 dBm [18]. A built-in received signal strength indicator gives an 8-bit digital value as RSSI value. The sensor node uses a monopole antenna, which is 2.9 cm long as the optimal antenna length according to the CC2420’s datasheet [19]. In our system, when the receiver received a message from the transmitter, the transmission power P , their IDs and the RSSI value are packed and forwarded to a base station, which is connected to a PC for processing as in Section 3.3. 4.2 RSSI Threshold for Finding the Detection Strip

In LWOS, the main parameters are transmission power, the distance and offset angle between the transmitter and the receiver. To get the RSSI threshold for finding the

500

S. Wang et al.

detection strip between a pair of transceivers, we fix one transmitter (Tx) and three receivers (Rx) in an indoor environment as shown in Fig.6 (a). The transmission power is -5 dBm and all sensor nodes are put at 50 cm from the ground. The whole area is divided into grids. The RSSI matrix of Rx 2 is shown in Fig.6 (b). The x varies form -90 cm to 90 cm and y varies from 0 cm to 150 cm, with an interval of 15 cm respectively. The person stands at each cross point of the grids between two nodes and faces to the Y direction.

(a)

(b)

Fig. 6. (a) The coordinates of one transmitter and three receivers; (b) The RSSI matrix of the receiver 2 with the presence of a person

When there is no person, the RSSI value at Rx 2 is -70 dBm. Fig.7 (a) shows the RSSI difference matrix, which is the result of the RSSI matrix subtracting the original value for no person. The area with a big RSSI difference is a detection strip on the line-of-sight between two nodes. Its width is about 20 cm. With the distance from the line-of-sight increases, the difference decreases sharply. Many experiments indicate that setting the RSSI threshold to 8 dBm is reasonable. If the threshold is too big, there are some blind spots, where the system cannot detect the human presence, and it is difficult to find a detection strip. Contrarily if the threshold is too small, the detection strip is too wide and the detection is sensitive to the RSSI variability. With a threshold of 8 dBm, the binary detection matrix is shown in Fig.7 (b), where 0 indicates no person and 1 indicates detected presence. The results of Rx 1 and Rx 3 are got with the same experimental condition as Rx 2. 4.3 One Transmitter to Multiple Receivers

The experiment result also shows that one transmitter can be paired with several receivers, which can be placed at any place within the valid detecting distance and offset angle. All detection strips are long, narrow and have little interference with each other. The detection strip of the middle pair is the most regular one. With the

LWOS: A Localization Method Without On-Body Sensor in WSNs

501

increase of offset angle, the detection strip becomes irregular and nonlinear. Our experiment result indicates that the offset angle is better to be no more than ±45° . 4.4 Detecting Distance

The detecting distance for each transmission power level is measured. The pair of transceivers is deployed face to face as the middle pair as shown in Fig.6 (a). Within the detecting distance, the RSSI value at any position in the detection strip should be larger than -85 dBm. Otherwise the RSSI value is less than -93 dBm when a person is present and most messages may be lost because the signal is too weak. On the other hand even though the RSSI value is high enough, the interference of a person to the signal is trivial when the distance is too large. We measure the detecting distance that satisfies the two demands above for eight transmission power levels. The results are shown in Table 1. Table 1. The detecting distance for different transmission power level

Power Level (dBm) Distance (cm)

-25 50

-15 150

-10 180

-7 200

-5 230

-3 250

-1 270

0 280

Except the lowest transmission power level, the detecting distances are all equal or larger than 150 cm and the largest one is 280 cm. With the increase of offset angle, the detecting distance decreases accordingly. Fig.8 shows the relation between the offset angle and the valid detecting distance when the transmission power is -5 dBm. The offset angle is within ±45° . Otherwise, the detection strip becomes irregular and there are too many blind spots on the line-of-sight. 4.5 Presence Detection and Localization

Experiment results show that the presence detection using our method is encouraging. Usually when a certain transmission power level is chosen, the distance between a pair of transceivers is fixed and the furniture arrangement is supposed to have no great change, the experiment result is repeatable. Some localization and tracking experiments are done in the environment as shown in Fig.9. Totally five detection areas (A~E) are defined in Fig. 9, each of which is covered by several detection strips as indicated by the dot lines. The arrow lines indicate the trace of the person. In most cases LWOS can localize and track the person very well. Because LWOS cannot distinguish the people between two transceivers and there is no person identification information available, it is often used to localize a single user. Multiple users can be localized only when they do not appear in the same area simultaneously. As shown in Fig. 4 and Fig. 5, LWOS can only locate the person in certain detection areas. The localization in higher accuracy can be achieved by adding more pairs of transceivers in an area. Each pair will divide the detection area into smaller ones.

502

S. Wang et al.

(a)

(b)

Fig. 7. (a) The RSSI difference matrix of receiver 2; (b) The binary detection matrix of three pairs of transceivers (shared one transmitter)

Fig. 8. The relation between the offset angle and the distance at -5 dBm transmission power

Fig. 9. The performance of LWOS in localization and tracking

5 Discussions Some experiments are done to examine the varieties of signal propagation model in the front area and back area of the transmitter respectively. The front area is covered by the beam radio signal, while the back area is not covered. The difference of RSSI values between with and without the signal-shielding device when no person is present in indoor environments is shown in Fig.10. The experiment setting in Fig. 10 is the same as that in Fig. 7. Fig. 10 shows that the RSSI differences in both front area and back area are irregular. Obviously the multi-path still exists. Fig. 10 (b) indicates that the signalshielding device weakens the signal in the back area. This decreases the indirect signal reflected from the wall, furniture and some other objects. The experiment results in outdoor environments are similar with those in indoor environments. The result indicates that the shielding device, compared with a directional antenna, is not the best choice.

LWOS: A Localization Method Without On-Body Sensor in WSNs

503

It is impossible to formulate the relation of distance, transmission power, offset angle and some other parameters. Using a threshold to judge the human presence is the best available method at present. It is better to use a mechanism to adjust the threshold dynamically.

(a)

(b)

Fig. 10. (a) The difference of RSSI value distribution in the front area between with and without a signal-shielding device; (b) The difference of RSSI value distribution in the back area between with and without a signal-shielding device. Both are in the indoor environment.

6 Conclusions In this paper we present LWOS, a localization system without on-body sensor in indoor environments. LWOS detects the presence of a person based on the RSSI (Radio Signal Strength Indication) attenuation when the radio penetrates the human body. A signal-shielding device is used at each transmitter to decrease the interference of RSSI variability. Each pair of transceivers provides a detection strip. By using several pairs of transceivers, a place can be covered by those detection strips. Or several detection strips are linked in a close loop to localize the person in the closed area. LWOS makes the user feel comfortable without the need of wearing a sensor node. It also directly utilizes the wireless communication in WSNs to provide the localization service without any additional sensor. Although LWOS presents a good capability in presence detection, localization and tracking, it currently can only localize a single person. Multiple people are can be localized only when they are not in the same area simultaneously. Experiment results show that the multi-path is not mainly originating from the reflection of wall, furniture and objects, but from the reflection of the inner side of the shielding device. We find the RSSI value is still irregular in the detection strip between the transmitter and the receiver. Our following research includes: 1) stabilizing the signal attenuation from the human body by using a directional antenna instead of a signal-shielding device; 2) setting the RSSI threshold in a dynamic way.

504

S. Wang et al.

References 1. P. Bahl and V. N. padmanabhan. RADAR: An In-Buliding RF-based User Location and Tracking System. Proceedings of the IEEE Infocom 2000, Tel-Aviv, Israel, March 2000. 2. http://groups.csail.mit.edu/drl/journal_club/papers/nana.dankwa.ee.pdf 3. T. He, C. Huang, B. M. Blum, J. A. Stankovic, and T. Abdelzaher. Range-Free Localization Schemes in Large-Scale Sensor Networks. In Proc. of the Intl. Conference on Mobile Computing and Networking (MOBICOM), September 2003. 4. L. Girod and D. Estrin. Robust Range Estimation Using Acoustic and Multimodal Sensing. In: Proc IEEE/RSJ Int’l Conf Intelligent Robots and System (IROS’01), Vol.3, Maui, Hawaii, USA. 2001. 5. N. Priyantha, A. Chakraborthy and H. Balakrishnan. The Cricket Location-Support System. In: Proc Int’l Conf on Mobile Computing and Networking, August 6-11, 2000, Boston, MA. 6. A. Savvides, C. C. Han and B. M. Srivastava. Dynamic Finge-Grained Localization in AdHoc Networks of Sensors. In: Proc 7th Annual Int’l Conf on Mobile Computing and Networking (MobiCom). Rome, Italy. July 2001. 7. D. Niculescu and B. Nath. Ad Hoc Positioning System (APS) using AoA, INFOCOM’03, San Francisco, CA, 2003. 8. N. Bulusu, J. Heidemann and D. Estrin. GPS-less Low Cost Outdoor Localization for Very Small Devices. IEEE Personal Communications Magazine, 7(5): 28-34, October 2000. 9. D. Niculescu and B. Nath, DV Based Positioning in Ad-Hoc Networks. In Journal of Telecommunication Systems, 2003. 10. R. Nagpal. Organizing a Global Coordinate System from Local Information on an Amorphous Computer. A. I. Memo 1666, MIT A. I. Laboratory, August 1999. 11. J. Hightower, G. Boriello and R. Want. SpotON: An Indoor 3D Location Sensing Technology Based on RF Signal Strength. University of Washington CSE Report, February 2000. 12. K. Yedavalli, B. Krishnamachari, S. Ravula, and B. Srinivasan. Ecolocation: A Technique of RF Based Localization in Wireless Sensor Networks. In Proceedings of Information Processing in Sensor Networks (IPSN), Los Angels, CA, April 2005. 13. R. Stoleru and J. Stankovic. Probability Grid: A Location Estimation Scheme for Wireless Sensor Network. In Proceedings of Sensor and Ad Hoc Communications and Networks Conference (SECON), Santa Clara California, October 4-7, 2004. 14. D. Lymberopoulos, Q. Lindsey and A. Savvides. An Empirical Analysis of Radio Signal Strength Variability in IEEE 802.15.4 Networks using Monopole Antennas. ENALAB Technical Report 050501, 2005. 15. N. Reijers, G. Halkes and K. Langendoen. Link Layer Measurements in Sensor Networks. In: Proc. of the First IEEE International Conference on Mobile Ad hoc and Sensor Systems, MASS 2004, 24-27 October, Fort Lauderdale, FL, 2004. 16. G. Zhou, T. He, S. Krishnamurthy and J. A. Stankovic. Impact of Radio Irregularity on Wireless Sensor Networks. In Proceedings of ACM SenSys, November 2004. 17. G. Gaertner and V. Cahill. Understanding Link Quality in 802.11 Mobile Ad Hoc Networks. In IEEE Internet Computing, January ~ February 2004. 18. D. Lymberopoulos and A. Savvides. Xyz: A Motion-Enabled, Power Aware Sensor Node Platform for Distributed Sensor Network Applications. In IPSN, SPOTS track, April 2005. 19. http://www.chipcon.com

Research Directions in the Area of USN (Ubiquitous Sensor Network) Towards Practical UE (Ubiquitous Environments) Young Yong Kim School of Electrical and Electronic Engineering Yonsei University 120-742 Seoul, Korea [email protected]

Abstract. “Ubiquitous” has been the key buzzword in the research community as well as in everyday life these days. In Korea, ubiquitous become decorative words for many new products, which has not necessarily enough link to the world of ubiquitous. In research field, many public, private sectors research activities decorated with the word of “ubiquitous” has drawn so much attention, but still, little examples are shown which truly implements the ideals of “Ubiquitous”. In this paper, we review the research activities under the flag of “ubiquitous”, and then present possible research directions for proper research directions which can prompt practical incorporation of ubiquitous concept in the near future.

1 Introduction Recently, the word “ubiquitous” becomes truly ubiquitous in every area of our society from research community to TV commercials. Although ubiquitous technology grows faster than the clarification of the word itself, we paid less attention to the practical ubiquitous environments. Up to date, ubiquitous gadget exists somehow not really ubiquitous way, and the word “ubiquitous” presents more advertising values than technological merits. In research communities, we have covered technological issues such as ad-hoc network, USN (Ubiquitous Sensor Network), as well as RFID related issues. However, how these technological issues can really resolve into practical Ubiquitous Environments posts interesting research challenge as well. In this paper, we present some bridge between ongoing as well as future technological perspective in the areas of USN and practical UE (ubiquitous environments). We show some very interesting ubiquitous applications and analyze the building blocks of USN technologies by top-down approaches. We show the importance of business rationale as well as social issues plays tremendous roles in order to extract any meaningful commercial values from the technological research activities.

2 “Ubiquitous” Revisited Since Mark Weiser envisioned the word “Ubiquitous Computing” for the first time in 1988, even before cellular phone or Internet are widely accepted among end users, X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 505 – 510, 2006. © IFIP International Federation for Information Processing 2006

506

Y.Y. Kim

“ubiquitous” becomes such a buzz word recently that it is widely used even in TV commercials these days. According to his first definition, “Ubiquitous Computing” means that invisible everywhere computing that does not live on a personal device of any sort, but is in the woodwork everywhere. [1] Although, Mark Weiser was visionary in devising the concept for the first time, we should note that there has been tremendous development in the computing devices as well as networking technology. In communication technologies, we have noticed such breakthrough technology as Internet, and a variety of wireless communication revolutions ranging from cellular phones to near field communication. With these in minds, we may need to revise what is current consensus about the word, “ubiquitous” in research communities as well as common sense in everyday life, in the age when ordinary people are repeatedly exposed to the word every day. Recently, even socialists pay attention to the word ubiquitous and they explain the impacts of technological development on our society with 3 space notions. The first space is called “R-space”, where “R” stands for “Real”. In this space, everyday interactions take places by direct human interactions. The second space is called “Espace”, where E stands for “Electronic”. Here, people interacts with each others in “cyber space” constructed on the web-space rather than in brick-and-mortar way. In E-space, people interacted with each others by telecommunications network rather than direct encounter. The third space is called “U-space” where U stands for “Ubiquitous”. In U-space, R-space and U-space are mixed together to become U-space. In U-space, reality and cyber space are co-existent in everyday life due to “Invisible”, “Ubiquitous” computing, communication devices everywhere. In U-space, R-space moves toward to E-space thanks to ubiquitous networking devices everywhere, while E-space approaches R-space via such technologies as augmented reality. Although definition of U-space = E-space + R-space is easy to say, it is not so clear to imagine concrete ideas of what services are original in U-space. We will consider many practical examples later. “Ubiquitous” comes in different favors in different countries. In United States, ubiquitous computing and invisible computing are popular expressions when it comes to something related to U-space. In USA, ubiquitous and invisible are keywords for related ongoing or completed research projects as well. In Europe, pervasive computing or ambient computing are more popular word for anything “U”. Pervasive reiterate the ubiquity of U-space. Here again, these two words are popular keywords for research project names. In Japan, “Ubiquitous Network” or UN in short is popular terminology, where TRON project is single dominant related project, which emphasize implementation of small devices for ubiquitous environments. In Korea, Ubiquitous Sensor Network (USN) is the most popular terminology in government, research activities, while Ubiquitous word itself plays its role in many advertisement such as “ubiquitous apartment”, “ubiquitous design”, etc. The acronym, USN has been created by Korea Ministry of Information and Communication (MIC), and selected as one of the 3 infra structures, which is key in Korean MIC information technology 8-3-9 strategy. (The other 2 infra structures are BCN (Broadband Convergence Network) and IPv6). In Korea, USN is used in two meanings, broad sense as well as narrow sense. In broad sense, USN is equivalent to the notion of ubiquitous computing or pervasive networking, but emphasis on sensor devices. In narrow sense,

Research Directions in the Area of USN Towards Practical UE

507

we use RFID/USN where RFID means infrastructures based on RF (radio frequency) ID(Identification) NFC(Near Field Communication) and USN means Sensor Network Infrastructure based on sensor node. Sensor node means small devices which is composed of sensing devices, CPU, and communication devices. In the consequence, USN in narrow sense means network of sensor node or sensor network (SN) which is more frequently used in other countries or research activities. Therefore, USN in wide sense becomes infrastructure based on RFID as well as sensor network.

yŒˆ“Gz—ˆŠŒ yTz—ˆŠŒ

|Gz—ˆŠŒ

j ‰Œ™Gz—ˆŠŒ |Tz—ˆŠŒ Fig. 1. U-Space

As we discussed, ubiquitous comes in a variety of meanings in different countries as well as in different areas in these day. Although the original notion of ubiquitous computing suggested by Mark Weiser has been inherited to current ubiquitous environments, current consensus on “ubiquitous” pose different focus in different countries and in different context. Therefore, one must be careful that the meaning of ubiquitous is not unanimous in different areas/countries, and should be understood under proper context.

3 Ubiquitous Business Since the inception of notion in 1988, many research projects had been conducted under name of ubiquitous, and tremendous amount of papers have been published under the title of ubiquitous. However, in business or real life, one still finds it very difficult any concrete examples, which is truly “Ubiquitous” as envisioned by Mark Weiser. One of the most popular example of ubiquitous computing might be PDA(Personal Data Assistant) or any other very small hand held devices, which is so small that people can carry

508

Y.Y. Kim

around easily. Although handheld devices are important stepping stones toward truly ubiquitous environments, small device alone cannot make the dream of Ubiquitous Environments (UE) completely. In addition, many ubiquitous oriented services including U-health, U-learning, U-city, or U-governments draws so much attention these days, but still what makes these services really ubiquitous is rather unclear. In this section, we try to clarify what is really ubiquitous business and how we can accelerate the progress from ubiquitous researches into ubiquitous business. In different perspective, ubiquitous business in these days invites players from so many areas such as engineering, legal, social, economics, and business. If we call these as horizontal axes, vertical axis might be business model such as entertainment and gaming, tourism, pervasive retail, health care, logistics, and telemetric. In previous section, we discuss the notion of R-space, E-space, and U-space. To better understand the ubiquitous business, we pervasive retail as prominent example. Although e-commerce has been replacing the traditional way of brick-andmortar retail business model, there certainly exists some areas where e-commerce cannot penetrate as originally expected. The areas where e-commerce (based on E-space) gaining more and more grounds against r-commerce (based on R-space) are generally selling some standardized goods such as computers, books, and audio compact discs. Common sense tells us that they are such standardized products that once you know the model number and maker, all you need to do is search the web retailer which is selling the items with the lowest price tag, as long as the service is not too coarse. However, there are some items, which is not so successful in E-space. For examples, clothing and raw foods belong to that category. In general, people try to feel the textile, and try it on before they decide to buy. Therefore even when they buy it on the web in the long run, there should be fitting and try in R-space before e-commerce take place. Therefore, it is clear that commerce will benefit from combining R-space and E-space together, namely, in U-space. U-commerce in U-space can benefit standardized items as well. One possible scenario for U-commerce is that, a person visit some fashion brand show room (or department store) to try recent collections on. If she/he finds the items good to her/his taste, he scan RFID printed on the label of the clothes with the mobile RFDI reader, which is integrated into cellular phone. On the display of cellular phone, several online retailers’ links shows up so that she/he can choose the one, namely with the lowest price tag. While she/he returns home, the selected item (with chosen size and chosen color) is already delivered. This is one example of u-commerce, which combine R-retailing as well as E-retailing. However, one question might be how showroom in R-space can benefit from this business model? The answer is that the profit of e-retailer is shared properly between the showroom in R-space and retailer in E-space. In this business model, the showroom owner possesses enough motivation to draw visitors by offering services and up to date stocks. In the consequence, with the aid of ubiquitous technologies u-commerce is far better advanced from of retailing by combining E-commerce and R-commerce in very efficient way.

Research Directions in the Area of USN Towards Practical UE

509

Fig. 2. U-commerce Scenario

Although RFID is considered the most visible bridge toward immediate ubiquitous business development, Sensor Network lags behind RFID in business model development with as-is status. Although, sensor node conforming to the original smart dust ideas in Berkeley[2], few business model have been proposed compared to RFID models. As long as author knows, one hop sensor network in a car is one prominent example of commercial sensor network available in the very near future.

4 Future Research Directions So far tremendous amounts of papers have been published in the area of ubiquitous computing, sensor networking, and etc. If we count number of papers or amounts of research funds globally, sensor networking is among the top lists in recent IT research activities. Among sensor network research, substantial portions of the researches are focused on protocols design with the assumptions of increasingly peculiar situations. Although research communities made progress on its own, it is also true that the gap has been widened between u-business and ubiquitous researches. Recently, growing amount of researches has been directed to the business model developments as well as developing practical building blocks of u-business. Although recent advancement in wireless communications and Internet paved the way to realization of Mark Weiser’s dream, we still sees current situation far from invisible computing, especially in the area of sensor network. Therefore, any practical researches should be directed toward practical implementations as well, standing firmly on the ground.

5 Conclusions In this paper, we revisited the notion of ubiquitous computing, and redefine practical ubiquitous environments with the concept of U-space which is leap forward

510

Y.Y. Kim

combining real space together with the cyber space. We also propose some successful business model with the u-commerce in mind. Although we already enter into the business in u-space with the aid of RFID technology, we still have long way to go with the business development of Sensor Network. The future research activities should be directed toward practical ubiquitous environments, and more attentions should be paid such key stepping stones as security related problems and business development tools.

Acknowledgement This work was supported by HISP(Hybrid Intelligent Service Platform) project, funded by MOCIE(Ministry of Commerce, Industry and Energy), Korea.

References 1. Weiser, M.: The World is Not a Desktop. Interactions. (1994) 7-8 2. Warneker, B., Last, M., Leivowitz, B., Pister, K.S.J.: Smart Dust: Communicating with a Cubic-Millimeter Computer. Computer, Vol. 34. IEEE (2001) 44–51 3. Rajendran, V., Obraczka, K., and Garcia-Luna-Aceves, J.J: Energy-Efficient, Collision-Free Medium Access Control for Wireless Sensor Networks. Wireless Networks. Vol. 12. Springer, Netherland (2006) 63-78 4. Fano, A., Gershman A.: The Future of Business Services in the Age of Ubiquitous Computing. Communications of ACM, Vol. 45, ACM Press, New York, USA(2002) 83-87

On Building a Lightweight Security Architecture for Sensor Networks Taejoon Park1 and Kang G. Shin2 1

Samsung Advanced Institute of Technology P.O. Box 111, Suwon, Korea [email protected] 2 Real-Time Computing Laboratory Department of Electrical Engineering and Computer Science University of Michigan, Ann Arbor, MI 48109-2121, USA [email protected]

Abstract. Sensor networks are characterized by their large-scale and unattended deployment that invites numerous critical attacks, thereby necessitating high-level security support for their intended applications and services. However, making sensor networks secure is challenging due mainly to the fact that sensors are battery-powered and it is usually very difficult to change or recharge their batteries. In this paper, we give a comprehensive overview of recent research results for securing such sensor networks, and then describe how to build a security framework, called a Lightweight Security Architecture (LiSA), for sensor networks, which achieves energy-aware security via closely-coupled, mutually-complementary security solutions.

1

Introduction

An increasing number of safety- and security-critical applications, such as situation monitoring and facility surveillance, rely on a network of small, inexpensive, battery-powered sensor devices that have limited energy, storage, computation, and communication capacities. These sensor networks can be used for various applications such as safeguarding of, and early warning systems for, the physical infrastructure that includes buildings, transportation systems, water supply systems, waste treatment systems, power generation and transmission, and communication systems. The success of these applications hinges on their own security; they must protect themselves by preventing and/or tolerating critical attacks from malicious adversaries. However, despite its importance, it is challenging to achieve high-level security throughout the lifetime of sensor networks due mainly to the operational issues and requirements unique to sensor networks, such as energy-efficiency in terms of prolonging the lifetime of sensor devices as much as possible, scalability to a large number (thousands to millions) of nodes, and survivability even in a harsh, unattended environment. With rapid advances in device technology, the processing capability of embedded systems has been improving at an exponential rate. However, this X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 511–521, 2006. c IFIP International Federation for Information Processing 2006 

512

T. Park and K.G. Shin

improvement in computing performance comes with a rapid increase in complexity and power consumption. By contrast, the battery and energy storage technologies have been improving at a much slower pace, failing to meet the increasing energy demands of emerging embedded systems. Energy-efficiency is, therefore, critical to all portable, embedded computing devices. Specifically, in sensor networks where it is often very difficult, and sometimes impossible, to change or recharge batteries for devices after their deployment, energy-efficiency is one of the most important requirements. We, therefore, need a security architecture tailored to sensor networks that meets the requirements of both high-level security and energy-efficiency. To this end, we propose how to build an energy-aware security framework, called a Lightweight Security Architecture (LiSA), for a network of resource-limited sensors. The two main contributions of this paper are: – the comprehensive overview of recent research results for securing sensor networks as well as plausible security attacks on such sensor networks, and – the design and development of LiSA via cooperative interactions among closely-coupled, mutually-complementary security solutions that consist of (1) a soft tamper-proofing technique that verifies integrity of the program residing in each sensor device whenever it joins the network, or is suspected to have been compromised; (2) two key management/sharing schemes, each tailored to local and remote transactions; and (3) an attack-tolerant localization protocol, playing the role of an anomaly-based intrusion detection system tailored to localization. The remainder of this paper is organized as follows. Section 2 presents an overview of sensor networks. Section 3 summarizes security attacks on sensor networks, while Section 4 describes existing security protocols for sensor networks. Section 5 details the LiSA architecture and its building blocks. Finally, the paper concludes with Section 6.

2 2.1

Overview of Sensor Networks Device/Network Architecture

For cost and size reasons, sensor devices are designed to minimize resource requirements, e.g., Motes [1] feature an 8-bit CPU running at 4 MHz, 128 KB of program memory, 4 KB of RAM and 512 KB of serial flash memory powered by two AA batteries (2850 mAh each). That is, sensors are usually built with limited processing, communication and memory capabilities in order to prolong their lifetime with the limited energy budget. A sensor network is usually built with a large number (thousands or even millions) of sensor nodes, each capable of, for example, reading temperature or detecting (part of) an object moving nearby. Moreover, the sensor network is usually deployed in a hostile/harsh environment, and removal (due to device failures or depletion of battery energy) and addition of sensor nodes are not uncommon.

On Building a Lightweight Security Architecture for Sensor Networks

513

Sensors collaborate and coordinate with one another to achieve a higher-level sensing task, e.g., measuring and reporting, with accuracy, the characteristics of a moving object, such as the speed and direction of its movement. 2.2

Communication Models

The main challenge associated with a sensor network is the large volume of data to be collected and processed over the entire network. The communication models for sensor networks to address this challenge are cluster-based or peer-topeer . The cluster-based model typically appears in a tiered architecture, where multiple clusters are formed statically and/or dynamically, and a cluster-head manages and controls operations inside each cluster, i.e., by aggregating sensed data within their own cluster as well as disseminating the data among themselves. Many emerging applications and services rely more on the peer-to-peer model: each sensor communicates directly with any of the other sensors without relying on dedicated devices. The authors of [2] proposed data to be named and communication abstractions to refer to these names rather than sensor IDs. In a datacentric storage [3], the sensor network stores and looks up relevant data by name, i.e., it hashes the data into geographic coordinates (name) using a Geographic Hash Table and stores data at the sensor geographically closest to the hashed coordinates. This model calls for transactions between remote nodes because data-sinks can be far away from the data-source. The need for long-distance communications will continue to increase as new applications are expected to aggressively exploit the large-scale, distributed nature of sensor networks. 2.3

Localization Algorithms

There exist many applications that require each sensor node to be location-aware; for example, each sensor must be uniquely identified by its location estimate for geographic routing [4] in which a source or an intermediate sensor forwards a packet to one of its neighbors closest to the packet’s destination. As such, localization — assigning locations to sensors consistently with measured or estimated distances — is one of the core services of sensor networks. Techniques for estimating the distance between a pair of communicating nodes are typically based on: received signal strength that can be translated into a distance estimate, time of arrival and time difference of arrival that use the signal propagation time, and angle of arrival that estimates the relative angle between nodes. Besides these ranging techniques, range-free schemes have also been proposed to provide cost-effective, coarse-grained localization. For example, in [5], each sensor forms virtual triangular regions among the anchors of interest, determines in which regions it resides based on its neighbors’ measurements, and finally, calculates the overlapping area between these regions. These schemes, however, typically require very high anchor density and long anchors’ radio ranges as each sensor has to hear from as many anchors as possible. Hence, it is preferable to provide the localization capability even when there are only a very small number of anchors in the network. In [6], each sensor determines the minimum

514

T. Park and K.G. Shin

hop-counts to anchors by running a distance vector algorithm, and computes physical distances by multiplying them to the average per-hop distance. This scheme, unfortunately, yields poor localization accuracy. Approaches like [7] employ mobile anchors to meet the requirements of both low anchor density and high accuracy of distance estimation, but suffers a large latency.

3

Security Attacks

Sensor networks are vulnerable to various security attacks, especially because they are deployed in an unattended, hostile environment. Possible types of adversaries can be classified, in the order of increasing strength, as: (1) passive attackers only eavesdropping conversations; (2) active attackers possessing no cryptographic keys but capable of injecting packets into the network; and (3) active attackers having all keys of multiple compromised sensors. The last type of attacks is considered as insider attacks, while the first two as outsider attacks. Attacks on the sensor network can be classified as: (1) physical attacks on sensor devices, e.g., destroying, analyzing, reprogramming and/or cloning sensors; (2) service disruption attacks on routing, localization and clock synchronization; (3) data attacks, e.g., traffic capture, replaying and spoofing; (4) resourceconsumption and denial-of-service (DoS) attacks that diminish or exhaust the sensors’ capacity/energy to perform its normal function, e.g., by jamming the local area, inducing collisions, and forcing to repeat the same packet transmission; and (5) sybil attacks by which a single malicious sensor device claims/presents multiple sensor IDs (locations) to control a substantial fraction of the ID space which, in turn, makes it easier to mount other attacks. The adversary may also disrupt the integrity/availability of localization service. Possible attacks on the localization service include: (i) sensor displacement or removal; (ii) distance enlargement/reduction via adjustment of transmission power, or placement of obstacles interfering with direct paths; (iii) announcement of false locations, distances or hop-counts; (iv) message modification or replaying; (v) wormhole attacks that create hidden links between remote sensors to be used for replaying messages or altering distance measurements or hop-counts; and (vi) deployment of bogus anchors that propagate false reference location information. These localization-specific attacks try to propagate wrong information about locations of, or distances to, the sensors (or anchors) under the adversary’s control in an attempt to disrupt the localization service. One of the serious attacks to the sensor networks deployed in an unattended environment is physical tampering with sensors. An adversary can easily capture one or more sensors, scrutinize/reverse-engineer/alter the program and/or master-secret in the sensor, and create/deploy (multiple clones of) manipulated sensors. A small number of sensors compromised by physical attacks may serve as malicious slaves for many serious attacks, such as initiating DoS or sybil attacks and sabotaging certain services of the sensor network, which will, in turn, facilitate the subversion of the entire network.

On Building a Lightweight Security Architecture for Sensor Networks

4 4.1

515

Security Protocols Cryptography for Sensor Networks

Public-key algorithms have been widely used for the development of various key establishment protocols that derive a common key among nodes. However, they are unsuitable for sensor networks, because of their large energy demands, let alone the requirement of exchanging public-key certificates. In particular, existing implementations of the Diffie-Hellman (DH) protocol on sensor devices [8] consume 1.19 ∼ 12.64 [J] per operation, which is too much to be usable in devices with a limited energy budget, e.g., 61,560 [J] in Motes. A sensor device, therefore, cannot use public-key algorithms due mainly to its severe resource constraints. The symmetric-key ciphers and cryptographic hash functions, which are orders-of-magnitude cheaper and faster (e.g., 0.115 [mJ] in TinySec), would be a better choice for sensor nodes. Moreover, data packets in sensor networks are generally small. A desirable property in this environment is that the size of the ciphertext should be the same as that of the plaintext. These requirements suggest the use of a stream cipher as the underlying encryption engine. For example, the authors of [9] and [10] realize the stream cipher by running the RC5 block cipher in the counter mode and in the output feedback mode, respectively. 4.2

Key Management and Sharing

The cluster-based key management [11,12] is concerned with distribution and refreshment of a shared cluster key by the cluster-head acting as a key server within the cluster. Although this scheme performs well for local transactions, it still has problems; for example, each cluster-head (even though better-equipped and better-protected than normal sensor nodes) is a single point of failure, implying that if compromised, it may break the cluster’s security. Moreover, an efficient mechanism for securing inter-cluster communications must be provided to deal with transactions between remote nodes residing in different clusters. Key pre-deployment schemes [13,14] statically set up pairwise shared keys based on keys loaded into sensor devices prior to their deployment. That is, each sensor is preloaded with multiple (a couple of hundreds) keys randomly chosen from a large pool of keys, and hence, a pairwise key is established between a pair of neighboring sensors if a key happens to be common to both sensors. However, the pairwise keying performs poorly for communications over multiple-hop paths, since it requires transcoding (decryption followed by re-encryption) for each and every hop, thereby risking the security as any malicious sensor node on the path may take control of the communication as well as increasing sensors’ workloads and the packet-delivery latency. 4.3

Countermeasures Against Attacks on Localization

Determining sensors’ locations in an untrusted environment is a challenging, but important, problem that has not yet been fully studied. Like other security applications, one may want to authenticate all the messages to protect the network

516

T. Park and K.G. Shin

against attacks. However, it suffers high computational overhead and/or a large authentication latency, and, more importantly, many of the localization-targeted attacks are non-cryptographic in nature, making these authentication-based solutions highly unlikely to succeed. In [15], each sensor hears directly from multiple anchors, identifies a region it resides in, and determines its location as the center of the region. However, its main drawback is the requirement of a large number of specialized anchors equipped with directional/sectored antennae and capable of high power transmission. Recently, statistical approaches have been proposed [16,17]. In [16], the authors presented an attack-tolerance mechanism for triangulation-based localization, in which each sensor applies the least median squares algorithm on the distance estimates to anchors in order to mitigate the effect of attacks. The authors of [17] also use a collection of anchors’ reference locations associated with estimated distances, and apply the mean square error criterion to identify and discard malicious location references. Unfortunately, these methods invite attacks from relaying sensors and require a significant amount of redundant location/distance information from anchors, incurring a high network overhead to achieve a reasonable degree of robustness against attacks. These drawbacks mainly come from the fact that they do not fully extract/utilize the available information and ignore the relationship/correlation among sensors’ locations. 4.4

Tamper-Proofing Techniques

Code obfuscation [18] converts the executable code into an unintelligible form that makes analysis/modification difficult. However, the level of difficulty to tamper with gets substantially lower as the program becomes smaller, and hence, it cannot protect against determined attackers. Furthermore, as shown in [19], obfuscating programs while preserving its functionality is theoretically impossible. Result checking [20] examines the validity of intermediate results produced by the program, but it is inappropriate for use in battery-powered devices because it continuously incurs verification overhead. Aucsmith [21] proposed to store the encrypted executable and decrypt it before execution. However, this scheme suffers from a very high decryption/re-encryption overhead, and the security of self-decrypting programs can be easily broken unless the decryption routines are protected from reverse-engineering. Self-checking techniques [22,23] use embedded codes to compute a hash value on the program and compare it with the correct value (also embedded in the program). However, similarly to the self-decryption techniques, they become defenseless once the hash computation code and/or the hash value has been identified/analyzed. Besides protection of software itself, researchers studied techniques based on external servers to examine the program code. In [24], a server sends the checksum code to the remote system, computes a hash, and uses timing to determine the system’s genuinity. Its key idea is the randomized memory access that triggers more page faults and cache misses on a virtual memory system, leading to a severe slowdown in hash computation. However, this scheme is not suitable for sensor devices that do not have virtual memory support. The authors of [25]

On Building a Lightweight Security Architecture for Sensor Networks

517

proposed a technique that also uses randomized memory traversal to force an attacker to check if the current memory access is made to a modified location, causing a detectable increase in the hash calculation time. However, this scheme is inefficient as it incurs more memory accesses than sequential scanning of the program, without guaranteeing 100 % detection of memory modifications.

5

Lightweight Security Architecture

In what follows, we describe how to address the challenges of both security and energy-efficiency in the design of LiSA. 5.1

Classification of Attacks

The threats in Section 3 is rehashed into attacks on the program code of sensors (Class-1) vs. attacks on the data traffic (Class-2). The former relates to the adversary’s attempt to physically compromising sensor devices, while the latter ranges from passive eavesdropping to traffic replaying/modification/injection leading to, e.g., service disruption or DoS attacks. 5.2

The Proposed Approach

We propose an approach to building LiSA as a set of closely-coupled security protocols tailored to each type of attacks to meet the following design objectives: the protocols must be – lightweight so as to prolong the network lifetime significantly, which requires the use of computationally-efficient ciphers such as symmetric-key algorithms and cryptographic hash functions; – cooperative in the sense of achieving high-level security via mutual collaboration/cooperation among sensor nodes as well as with other protocols; – attack-tolerant to enable the network to gracefully tolerate attacks and device compromises as well as heal itself by detecting, identifying, and removing the sources of attacks; – flexible enough to trade security for energy consumption; – compatible with existing security mechanisms and services; and – scalable to the rapidly growing network size. 5.3

The Proposed Architecture

Fig. 1 shows a complete LiSA framework consisting of the following components. First, program-integrity verification serves as a strong access control mechanism against compromised sensors, under which a sensor joining the network or suspected of having been compromised must register itself to the server after verification of its program. Second, key management/sharing deals with efficient distribution, sharing and renewal of keys, and consists of two mutually complementary schemes: the cluster-based scheme is tailored to localized, cluster-based

518

T. Park and K.G. Shin

Fig. 1. The Lightweight Security Architecture

communications, while the distributed key sharing achieves extremely lightweight protection for communications between distant sensor nodes. Note the former defeats attacks of Class-1, while the latter targets the Class-2 attacks. Third, attack-tolerant services make it possible for the sensors’ core services, such as routing, localization, and clock synchronization, to gracefully tolerate attacks from compromised/malicious nodes. Finally, intrusion detection, e.g., running on each cluster-head, monitors or probes network activities to uncover misbehaving sensors followed by the activation of either of the first two services. 5.4

Secure Network Layer

As shown in Fig. 2, the building blocks of LiSA cooperate with each other to form a secure network layer that provides security services to the application layer. Below we detail the roles of these building blocks as well as their interactions. Program-integrity verification achieves purely software-based prevention of sensors from physical attacks using, for example, a randomized hash function and mobile agent technology presented in [26]. This technique examines integrity of the program residing in each sensor device whenever it joins the network or is found (by the intrusion detector) to have been compromised. Based on the cluster-based model, it uses two types of dedicated devices: the cluster-head executing the verification protocol on a sensor, and the authentication-server acting as a trusted third party for the sensor in testing the cluster-head. Cluster-based key management is designed specifically for the cluster-based model that rely heavily on local transactions inside the cluster, and makes a tradeoff between security and resource consumption via highly efficient rekeying based on the cryptographic one-way function and double-buffering of keys, as detailed in [27]. Applications like data aggregation/dissemination can use this scheme to secure the intra- and inter-cluster communications.

On Building a Lightweight Security Architecture for Sensor Networks

519

Fig. 2. Secure Network Layer of LiSA

Distributed key sharing is tailored to securing communications between remote sensors. Based on the peer-to-peer model, it enables each sensor to share unique pairwise-keys with a small number of geographically-chosen sensors, which leads to the development of two attack-tolerant routing protocols: secure geographic forwarding that delivers packets by concatenating the pairwise-key paths, each secured with its own key and forwarded geographically; and session-key setup that creates a secure session between two sensors by applying the secure geographic forwarding twice. While the former is invoked for per-packet protection, the latter is activated to establish the secure session. These protocols gracefully resist device compromises as well as replace public-key-cipher-based protocols with a purely symmetriccipher-based alternative. Attack-tolerant localization autonomously determines sensors’ relative locations by using mutual collaboration among sensors to achieve high-level attack-tolerance in terms of detecting/identifying/rejecting sources of attacks, if present. By exploiting the high spatio-temporal correlation existing among adjacent nodes, it realizes adaptive management of a profile for normal localization behavior and distributed detection of false locations advertised by attackers, and hence, plays the role of an anomaly-based intrusion detection system tailored to localization that safeguards the network from localization-targeted attacks. Note that the same methodology can be applied to the development of attack-tolerant clock synchronization protocol.

6

Conclusion and Future Work

In this paper, we addressed the problem of energy-efficient security technology for resource-limited embedded sensor devices, and developed LiSA that enables low-power sensors to provide high-level security at a very low cost. We avoided

520

T. Park and K.G. Shin

using the traditional cryptography-based approaches intended for environments equipped with sufficient resources, and instead, focused on building security protocols via collaboration/cooperation among sensor nodes as well as among the protocols themselves. To broaden the applicability of LiSA, it is required to solve open research problems associated with the attack-tolerant protocol design and the generalization of tamper-proofing technology.

References 1. Crossbow. MICA, MICA2 Motes & Sensors. Available: http://www.xbow.com/. 2. J. Heidemann et al. Building Efficient Wireless Sensor Networks with Low-Level Naming. In Proceedings of SOSP ’01, October 2001. 3. S. Ratnasamy et al. Data-Centric Storage in Sensornets with GHT. MONET: Algorithmic Solutions for Wireless, Mobile, Ad Hoc and Sensor Networks, 2003. 4. B. Karp and H. T. Kung. GPSR: Greedy Perimeter Stateless Routing for Wireless Networks. In Proceedings of MobiCom ’00, August 2000. 5. T. He et al. Range-Free Localization Schemes for Large Scale Sensor Networks. In Proceedings of MobiCom ’03, September 2003. 6. D. Nicolescu and B. Nath. Ad-Hoc Positioning Systems (APS). In Proceedings of IEEE GLOBECOM ’01, November 2001. 7. L. Hu and D. Evans. Localization for Mobile Sensor Networks. In Proceedings of MobiCom ’04, October 2004. 8. D. Malan. Crypto for Tiny Objects, 2004. Harvard Univ. Tech. Rep. TR-04-04. 9. A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security Protocol for Sensor Networks. In Proceedings of MobiCom ’01, July 2001. 10. M. Burnside, D. Clarke, T. Mills, S. Devadas, and R. Rivest. Proxy-based Security Protocols in Networked Mobile Devices. In Proceedings of SAC ’02, March 2002. 11. S. Basagni, K. Herrin, D. Bruschi, and E. Rosti. Secure Pebblenets. In Proceedings of MobiHoc ’01, October 2001. 12. D. W. Carman, P. S. Kruus, and B. J. Matt. Constraints and Approaches for Distributed Sensor Network Security, September 2000. NAI Tech. Rep. #00-010. 13. L. Eschenauer and V. D. Gligor. A Key-Management Scheme for Distributed Sensor Networks. In Proceedings of ACM CCS ’02, November 2002. 14. H. Chan, A. Perrig, and D. Song. Random Key Predistribution Schemes for Sensor Networks. In Proceedings of IEEE Security and Privacy ’03, May 2003. 15. L. Lazos and R. Poovendran. SeRLoc: Secure Range-Independent Localization for Wireless Sensor Networks. In Proceedings of ACM WiSe ’04, October 2004. 16. Z. Li, W. Trappe, Y. Zhang, and B. Nath. Robust Statistical Methods for Securing Wireless Localization in Sensor Networks. In Proceedings of IPSN ’05, April 2005. 17. D. Liu, P. Ning, and W. Du. Attack-Resistant Location Estimation in Sensor Networks. In Proceedings of IPSN ’05, April 2005. 18. G. Wroblewski. General Method of Program Code Obfuscation. In Proceedings of SERP ’02, June 2002. 19. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang. On the (Im)possibility of Obfuscating Programs. CRYPTO’01, 2001. 20. F. Ergun, S. Kannan, S. R. Kumar, R. Rubinfeld, and M. Vishwanathan. SpotCheckers. In Proceedings of ACM Symp. Theory of Computing, May 1998. 21. D. Aucsmith. Tamper Resistant Software: An Implementation. Information Hiding, LNCS 1174, pages 317–333, 1996.

On Building a Lightweight Security Architecture for Sensor Networks

521

22. B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan. Dynamic Self-Checking Techniques for Improved Tamper Resistance. DRM’01, pages 141–159, 2002. 23. H. Chang and M. J. Atallah. Protecting Software Code by Guards. DRM’01, pages 160–175, 2002. 24. R. Kennell and L. H. Jamieson. Establishing the Genuinity of Remote Computer Systems. In Proceedings of USENIX Security Symposium, August 2003. 25. A. Seshadri, A. Perrig, L. Doorn, and P. Khosla. SWATT: SoftWare-based ATTestation for Embedded Devices. In Proceedings of IEEE S&P ’04, May 2004. 26. T. Park and K. G. Shin. Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks. IEEE Trans. on Mobile Computing, May/June 2005. 27. T. Park and K. G. Shin. LiSP: A Lightweight Security Protocol for Wireless Sensor Networks. ACM Trans. on Embedded Computing Systems, August 2004.

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks Chonggun Kim, Elmurod Talipov, and Byoungchul Ahn Department of Computer Engineering, Yeungnam University, Korea [email protected], [email protected], [email protected]

Abstract. In mobile ad hoc networks, mobile devices wander autonomously for the use of wireless links and dynamically varying network topology. AODV (Ad-hoc on-demand Distance vector routing) is a representative among the most widely studied on-demand ad hoc routing protocols. Previous protocols have shown some shortcomings on performance. AODV and most of the ondemand ad hoc routing protocols use single route reply along reverse path. Rapid change of topology causes that the route reply could not arrive to the source node, i.e. after a source node sends several route request messages, the node obtains a reply message, especially on high speed mobility. This increases both in communication delay and power consumption as well as decrease in packet delivery ratio. To avoid these problems, we propose a reverse AODV which tries multiple route replies. The extended AODV is called reverse AODV (R-AODV), which has a novel aspect compared to other on-demand routing protocols on Ad-hoc Networks: it reduces path fail correction messages and obtains better performance than the AODV and other protocols have. We design the R-AODV protocol and implement simulation models using NS-2. Simulation results show that the reverse AODV provides good experimental results on packet delivery ratio, power consumption and communication delay. Keywords: AODV, Reverse AODV, NS-2, Simulation, Performance, Packet delivery ratio, communication delay.

1 Introduction A mobile ad hoc network is a dynamically self-organizing network without any central administrator or infrastructure support. If two nodes are not within the transmission range of each other, other nodes are needed to serve as intermediate routers for the communication between the two nodes [1]. Moreover, mobile devices wander autonomously and communicate via dynamically changing network. Thus, frequent change of network topology is a tough challenge for many important issues, such as routing protocol robustness, and performance degradation resiliency [2-12]. Proactive routing protocols require nodes to exchange routing information periodically and compute routes continuously between any nodes in the network, regardless of using the routes or not. This means a lot of network resources such as energy and bandwidth may be wasted, which is not desirable in MANETs where the resources are constrained [1-3]. On the other hand, on-demand routing protocols don’t exchange X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 522 – 531, 2006. © IFIP International Federation for Information Processing 2006

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks

523

routing information periodically. Instead, they discover a route only when it is needed for the communication between two nodes [1, 6, 7]. Due to dynamic change of network on ad hoc networks, links between nodes are not permanent. In occasions, a node can not send packets to the intended next hop node and as a result packets may be lost. Loss of packets may affect on route performance in different ways. Among these packet losses, loss of route reply brings much more problems, because source node needs to re-initiate route discovery procedure. A drawback of existing on-demand routing protocols is that their main route discovery mechanisms are not well concerned about a route reply message loss. More specifically, most of today’s on-demand routing is based on single route reply message. The lost of route reply message may cause a significant waste of performance. In this study we propose reverse AODV which has a novel aspect compared to other on-demand routing protocols on ad-hoc networks. In R-AODV, route reply message is not unicast, rather, destination node uses reverse RREQ to find source node. It reduces path fail correction messages and can improve the robustness of performance. Therefore, success rate of route discovery may be increased even though high node mobility situation. The simulation results show our proposed algorithm improves performance of AODV in most metrics, including packet delivery ratio, average end to end delay and power consumption.

2 Motivation In mobile ad hoc networks nodes may move from one location to another on variety of node speed. As the result, the network topology changes continuously and unpredictably. Only within a short period of time neighboring nodes can loose communication link, especially when the mobility is high. In on-demand routing protocols, loosing a communication link between nodes brings route breaks and packet losses. Especially, loosing the RREP of AODV protocol produces a large impairment on the AODV protocol. In fact, a RREP message of AODV is obtained by the cost of flooding the entire network or a partial area [1-5]. RREP loss leads to source node reinitiate route discovery process which causes degrade of the routing performance, like high power consumption, long end-to-end delay and inevitably low packet delivery ratio. Therefore, we are considering how simply to decrease the loss of RREP messages. We can see a situation in Figure 1, where S is a source node, D is a destination node and others are intermediate nodes. In traditional AODV, when RREQ is broadcasted by node S and each node on a path builds reverse path to the previous node, finally the reverse path DÆ3Æ2Æ1ÆS is built. This reverse path is used to deliver RREP message to the source node S. If node 1 moves towards the arrow direction and goes out of transmission range of node 2, RREP missing will occur and the route discovery process will be useless. We can easily know that several alternative paths built by the RREQ message are ignored. There are some possibilities that after sending a number of RREQ messages, source node can obtain a route reply message. As mentioned in [3], when the number of nodes is 100 and the number of flows is 50, 14% of total RREP messages are lost.

524

C. Kim, E. Talipov, and B. Ahn

Fig. 1. RREP Delivery Fail

We propose the R-AODV to avoid RREP loss and improve the performance of routing in MANET. R-AODV uses absolutely same procedure of RREQ of AODV to deliver route reply message to source node. We call the route reply messages reverse request (R-RREQ). R-AODV protocol can reply from destination to source if there is at least one path to source node. In this manner, R-AODV prevents a large number of retransmissions of route request messages, and hence diminishes the congestion in the network. Moreover, R-AODV will improve the routing performance such as packet delivery ratio and end-to-end delay.

3 Proposed R-AODV Protocol In this section we present an overview and purpose of proposed R-AODV protocol. 3.1 Protocol Overview Analyzing previous protocols, we can say that most of on-demand routing protocols, except multipath routing, uses single route reply along the first reverse path to establish routing path. As we mentioned before, in high mobility, pre-decided reverse path can be disconnected and route reply message from destination to source can be missed. In this case, source node needs to retransmit route request message. Purpose of our study is to increase possibility of establishing routing path with less RREQ messages than other protocols have on topology change by nodes mobility. Specifically, the proposed R-AODV protocol discovers routes on-demand using a reverse route discovery procedure. During route discovery procedure source node and destination node plays same role from the point of sending control messages. Thus, after receiving RREQ message, destination node floods reverse request (R-RREQ), to find source node. When source node receives an R-RREQ message, data packet transmission is started immediately.

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks

525

3.2 Route Discovery in R-AODV Since R-AODV is reactive routing protocol, no permanent routes are stored in nodes. The source node initiates route discovery procedure by broadcasting. The RREQ message contains following information (Figure 2): message type, source address, destination address, broadcast ID, hop count, source sequence number, destination sequence number, request time (timestamp). Type

Reserved Hop Count Broadcast ID Destination IP address Destination Sequence Number Source IP address Source Sequence number Request Time Fig. 2. RREQ Message Format

Whenever the source node issues a new RREQ, the broadcast ID is incremented by one. Thus, the source and destination addresses, together with the broadcast ID, uniquely identify this RREQ packet [1, 9]. The source node broadcasts the RREQ to all nodes within its transmission range. These neighboring nodes will then pass on the RREQ to other nodes in the same manner. As the RREQ is broadcasted in the whole network, some nodes may receive several copies of the same RREQ. When an intermediate node receives a RREQ, the node checks if already received a RREQ with the same broadcast id and source address. The node cashes broadcast id and source address for first time and drops redundant RREQ messages. The procedure is the same with the RREQ of AODV. When the destination node receives first route request message, it generates so called reverse request (R-RREQ) message and broadcasts it to neighbor nodes within transmission range like the RREQ of source node does. R-RREQ message (Figure 3) contains following information: reply source id, reply destination id, reply broadcast id, hop count, destination sequence number, reply time (timestamp). When broadcasted R-RREQ message arrives to intermediate node, it will check for redundancy. If it already received the same message, the message is dropped, otherwise forwards to next nodes. Type

Reserved Hop Count Broadcast ID Destination IP address Destination Sequence Number Source IP address Reply Time Fig. 3. R-RREQ Message Format

526

C. Kim, E. Talipov, and B. Ahn

Furthermore, node stores or updates following information of routing table: … … … … …

Destination Node Address Source Node Address Hops up to destination Destination Sequence Number Route expiration time and next hop to destination node.

And whenever the original source node receives first R-RREQ message it starts packet transmission, and late arrived R-RREQs are saved for future use. The alternative paths can be used when the primary path fails communications. Let’s see the same case of AODV, we have mentioned above, in figure 4. In RAODV, destination does not unicast reply along pre-decided shortest reverse path DÆ3Æ2Æ1ÆS. Rather, it floods R-RREQ to find source node S. And forwarding path to destination is built through this R-RREQ. Following paths might be built: SÆ4Æ5Æ6ÆD, SÆ11Æ10Æ9Æ8Æ7ÆD, and etc. Node S can choose best one of these paths and start forwarding data packet. So RREP delivery fail problem on AODV does not occur in this case, even though node 1 moves from transmission range.

Fig. 4. R-RREQ From Destination to Source Node

3.3 Route Update and Maintenance When control packets are received, the source node chooses the best path to update, i.e. first the node compares sequence numbers, and higher sequence numbers mean recent routes. If sequence numbers are same, then compares number of hops up to destination, routing path with fewer hops is selected. Since the wireless channel quality is time varying, the best path varies over time. The feedback from the MAC layer can be used to detect the connectivity of the link. When a node notifies that its downstream node is out of its transmission range, the node generates a route error (RERR) to its upstream node. If fail occurs closer to destination node, RRER received nodes can try local-repair, otherwise the nodes

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks

527

forward RRER until it reaches the source node [1,2]. The source node can select alternative route or trigger a new route discovery procedure. 3.4 Control Packet Overhead Intuitively, we can say that R-AODV causes a lot of control packet overhead. However, we can prove that route discovery procedure based on single reply message may cause even more packet overhead for some cases. We define the followings: An ad hoc network has N number of nodes Required number of control messages to discover routing path for AODV is AODV (N ) … Required number of control messages to discover routing path for R-AODV is RAODV ( N ) . … …

Let’s say m nodes participate to discover a routing path. Then AODV obtains a routing path using control message shown in (1), if it does not fail in first try.

AODV(m) = (m − 1 + t ) ,

(1)

where t is the number of nodes relied on route reply message. If source node fails in first try, because route reply message could not arrive, the node re-initiates path discovery, the number of control messages increase by the number of tries expressed in function (2).

AODV m c m  1  t ,

(2)

where c is the number of tries for route discovery. When we assume that R-AODV has at least one stable path by a RREQ, then the number of control messages for R-AODV is in function (3). It will require only 2m-2 messages for route discovery.

RAODV (m ) = Ο(2m − 2) .

(3)

So we can conclude when c>1, then AODV causes more packet overhead than the case of c=1 on R-AODV routing.

4 Performance Results In this section, we first describe the simulation environment used in our study and then discuss the results in detail. 4.1 Simulation Environment Our simulations are implemented in Network Simulator (NS-2) [13] from Lawrence Berkeley National Laboratory (LBNL). The simulation parameters are as follows: … …

Number of nodes: 10, 20, 30, 40, 50, respectively; Testing area: 1000m x 1000m;

528

C. Kim, E. Talipov, and B. Ahn … …

… … …

Mobile speed: uniformly distributed between 0 and MAXSPEED (we choose MAXSPEED = 2, 5, 10, 25, 50, 75m/s, respectively); Mobility model: random way point model (when the node reaches its destination, it pauses for several seconds, e.g., 1s, then randomly chooses another destination point within the field, with a randomly selected constant velocity); Traffic load: UDP, CBR traffic generator; Radio transmission range: 250 m; and MAC layer: IEEE 802.11.

Each simulation is run for 100 seconds and repeated for 10 times. We compared our proposed R-AODV with AODV. 4.2 Results To evaluate performance of R-AODV with that of AODV protocol, we compare them using four metrics: … …

… …

Delivery Rate: the ratio of packets reaching the destination node to the total packets generated at the source node. Average End-to-End Delay: the interval time between sending by the source node and receiving by the destination node, which includes the processing time and queuing time. Average Energy Remained: mean value of energy remained in each node. Control Overhead: sum of all route request messages, route reply messages and route error messages.

First, we can see performance according to increasing number of nodes. Figure 5 shows packet deliver ratio of AODV and R-AODV, by increasing number of nodes brings apparent difference between the two protocols, more exact result is shown on Figure 6. Packet delivery ratio difference in figure 6 calculated as below Difference =

Delivery Ratio of R-AODV − Delivery Ratio of AODV × 100% Delivery Ratio of AODV

(4)

7.0%

90.00

6.0%

80.00

5.0%

Difference Rate

Ratio (%)

100.00

.

70.00 60.00 50.00

4.0% 3.0% 2.0% 1.0%

40.00 10

20

30

40

50

75

Num ber of Nodes AODV

R-AODV

Fig. 5. Packet Delivery Ratio, when the number of nodes varies

0.0% -1.0%

10

20

30

40

50

75

Number of Nodes

Fig. 6. Packet delivery ratio difference between two protocols, when the number of nodes varies

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks

529

Figure 7 shows the average end-to-end delay of each protocol. It should be noted that the delay is considered for the packets that actually arrive at the destinations. We can see that R-AODV has lower delay than AODV. The reason is that AODV chooses route earlier, R-AODV chooses recent route according to reverse request. Figure 8 shows the average energy remained of each protocol. We have to mention that it is a mean value of energy remained each node at the end of simulation. Remained energy in R-AODV is higher than AODV; even it has sent more data packets to destination as shown on figure 5 and 6.

0.4000

90.00 Energy (out of 100)

Delay (in seconds)

0.3500 0.3000 0.2500 0.2000 0.1500 0.1000

88.00 86.00 84.00 82.00 80.00 78.00

0.0500

76.00

0.0000 10

20

30

40

50

10

75

20

AODV

30

40

50

75

Number of Nodes

Number of Nodes

AODV

R-AODV

Fig. 7. Average end to end delay, when the number of nodes varies

R-AODV

Fig. 8. Average energy remained, when the number of nodes varies

Figure 9 shows the control packet overhead required by the transportation of the routing packets. AODV has less control packet overhead. The reason is that R-AODV floods route reply message, but route reply message in AODV is unicast along reverse path. So we can say that, half of these messages are R-RREQ. 25000.00

Control Packets

20000.00 15000.00 10000.00 5000.00 0.00 10

20

30

40

50

75

Number of Nodes AODV

R-AODV

Fig. 9. Control Packet Overhead, when the number of nodes varies

Figure 10 shows packet delivery ratio of each protocols on varying node speed. In all cases, R-AODV shows better performance in packet delivery ratio. Figure 11 shows average end to end delay where maximum speed of node varies. As fast node mobility causes high topology changes, recently selected path may have better consistency.

530

C. Kim, E. Talipov, and B. Ahn

0.6000

90.00

0.5000 Delay (in seconds)

95.00

Ratio (%)

85.00 80.00 75.00 70.00

0.4000 0.3000 0.2000 0.1000

65.00

0.0000

60.00 2

5

10

25

50

2

75

5

Node Max Speed AODV

10

25

50

75

Node Max Speed

R-AODV

AODV

R-AODV

Fig. 11. Average end to end delay, when node speed varies

Fig. 10. Packet Delivery Ratio, when node speed varies

Figure 12 shows remained average energy. Where R-AODV has more remained energy than AODV, which will be helpful for nodes to survive in network.

Ratio (sent/received)

0.2500 0.2000 0.1500 0.1000 0.0500 0.0000 2

5

10

25

50

75

Node Max Speed AODV

R-AODV

Fig. 12. Average remained energy, when node speed varies

5 Conclusions Successful delivery of RREP messages are important in on-demand routing protocols for ad hoc networks. The loss of RREPs causes serious impairment on the routing performance. This is because the cost of a RREP is very high. If the RREP is lost, a large amount of route discovery effort will be wasted. Furthermore, the source node has to initiate another round of route discovery to establish a route to the destination. We proposed the idea of reverse AODV, which attempts reverse RREQ. R-AODV route discovery succeeds in fewer tries than AODV. We conducted extensive simulation study to evaluate the performance of RAODV and compared it with that of AODV using NS-2. The results show that R-AODV improves the performance of AODV in most metrics, as the packet delivery ratio, end to end delay, and energy consumption. Our future work will focus on studying practical design and implementation of the R-AODV. Multipath routing is another topic we are interested in.

A Reverse AODV Routing Protocol in Ad Hoc Mobile Networks

531

References 1. C. E. Perkins and E. M. Royer, “Ad hoc on-demand distance vector routing,” in Proc. WMCSA, New Orleans, LA, Feb. 1999, pp. 90–100. 2. Zhi Li and Yu-Kwong Kwok, “A New Multipath Routing Approach to Enhancing TCP Security in Ad Hoc Wireless Networks” in Proc. ICPPW 2005. 3. Rendong Bai and Mukesh Singhal, “Salvaging Route Reply for On-Demand Routing Protocols in Mobile Ad-Hoc Networks” in MSWIM 205, Montreal, Quebec, Canada. Oct 2005 4. C. K.-L. Lee, X.-H. Lin, and Y.-K. Kwok, “A Multipath Ad Hoc Routing Approach to Combat Wireless Link Insecurity”. Proc. ICC 2003, vol. 1, pp. 448–452, May 2003. 5. S.-J. Lee and M. Gerla, “Split Multipath Routing with Maximally Disjoint Paths in Ad Hoc Networks,” Proc. ICC 2001, vol. 10, pp. 3201–3205, June 2001. 6. M. K. Marina and S. R. Das “On-Demand Multi Path Distance Vector Routing in Ad Hoc Networks,” Proc. ICNP 2001, pp. 14– 23, Nov. 2001. 7. A. Nasipuri and S. R. Das, “On-Demand Multipath Routing for Mobile Ad Hoc Networks,” Proc. ICCN 1999, pp. 64–70, Oct. 1999. 8. C. Perkins, E. Belding-Royer “Ad hoc on-Demand Distance Vector (AODV) Routing”, RFC 3561, July 2003 9. I. Stojmenovic, M. Seddigh, J. Zunic, ”Dominating sets and neighbor elimination-based broadcasting algorithms in wireless networks”, IEEE Transactions on Parallel and Distributed Systems, 2002, pp. 14-25. 10. J.Wu, and H. Li, ”On Calculating Power-Aware Connected Dominating Sets for Efficient Routing in Ad HocWireless Networks”, in Proc. of the 3rd Int’l Workshop on Discrete Algorithm and Methods for Mobile Computing and Commun., 1999, pp. 7-14. 11. Jae-Ho Bae, Dong-Min Kim, Tae-Hyoun Kim, Jaiyong Lee. An AODV-based Efficient Route Re-Acquisition Scheme in Ad Hoc Networks. 12. Y.Kim, J.Jung, S.Lee and C.Kim, “A Belt-Zone Method for Decreasing Control Messages in Ad Hoc Netowkrs” ICCSA 2006, LNCS 3982, pp 64-72, 2006. 13. NS, The UCB/LBNL/VINT Network Simulator (NS), http://www.isi.edu/nsnam/ns/, 2004.

Algorithms for Service Differentiation in MAC Layer over MANETs Kwan-Woong Kim1, Sung-Hwan Bae2, and Dae-Ik Kim3 1

Division of Electrical Electronic & Information Engr., Wonkwang Univ., Iksan, 570-749, Republic of Korea [email protected] 2 Dept. of Multimedia, Information & Telecommunication Engr., Hanlyo Univ. Gwangyang, 545-704, Republic of Korea [email protected] 3 Dept. of Semiconductor Materials & Devices Engr., Chonnam Nat'l Univ., Yeosu, 550-749, Republic of Korea [email protected]

Abstract. Currently, the IETF group is working on service differentiation in the Internet. However, in wireless environments such as ad hoc networks, where channel conditions are variable and bandwidth is scarce, the Internet differentiated services are suboptimal without lower layers’ support. The IEEE 802.11 standard for Wireless LANs is the most widely used WLAN standard today. It has a mode of operation that can be used to provide service differentiation, but it has been shown to perform badly. In this paper, a new scheme of service differentiation to support QoS in the wireless IEEE 802.11 is proposed. It is based on a multiple queuing system to provide priority of user’s flow. Compared with the original IEEE 802.11b protocol, the proposed scheme increases overall throughput in the MAC layer.

1 Introduction A mobile ad hoc network (MANET) [1] is an autonomous distributed system that consists of a set of identical mobile nodes that move independently and freely. Each node communicates over relatively bandwidth-constrained wireless links with other nodes that reside within its transmission range. Because of limited radio propagation range, mostly routes are multi-hop. Ad hoc networks are useful in many applications because they do not need any infrastructure support. Ubiquitous sensor networks, disaster recovery, rescue and automated battlefields are examples of application environments. Without no base station or centralized administration, the nodes are free to move randomly and organize themselves arbitrarily. Thus, the networks topology may change rapidly and unpredictably. In general, the network needs are governed by the service requirements of end user applications. The network is expected to guarantee a set of measurable pre-specified service attributes to the users in terms of end-to-end performance, such as bandwidth, delay, packet loss and jitter. Quality of Service (QoS) in this case is considered as a set of service requirements that needs to be met by the network while transporting a X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 532 – 539, 2006. © IFIP International Federation for Information Processing 2006

Algorithms for Service Differentiation in MAC Layer over MANETs

533

packet stream from a source to its destination. The ability to provide an adaptive QoS in mobile environment is a key to the success of next generation wireless comm.unications systems. Currently, the IETF group is working on service differentiation in the Internet. However, in wireless environments such as ad hoc networks, where channel conditions are variable and bandwidth is scarce, the Internet differentiated services are suboptimal without lower layers’ support. The IEEE 802.11 standard for wireless LANs has a mode of operation that can be used to provide service differentiation, but it has been shown to perform badly. Many works on service differentiation have been carried out, especially via distributed mechanisms, as it is the case in [2], [3] and [4]. All these works have focused on the problem of how to differentiate services by differentiating priority of the access to the wireless channel. In our approach, instead of access priority differentiation, a service differentiation mechanism is proposed to handle packets over a class queuing system in the MAC layer. Also a new packet discarding policy is presented for router function of a mobile node to enhance end-to-end performance. In Sect. 2, a new service differentiation scheme based on a multiple queuing system is proposed. In Sect. 3, Simulation results obtained by the proposed scheme are evaluated. Finally, Sect. 4 presents some conclusions.

2 Proposed Algorithm In pure IEEE 802.11b MAC, single queue is used in best-effort manner and it has no capability to support QoS such as bandwidth guarantee, delay and loss rate. Packet Discarding Mechanism (PDM) can be used to manage the buffers in the mobile device. Under these mechanisms, the information carried by high priority packet is considered to be more important than the information carried by low priority packet. In order to achieve certain level of loss performance, PDM with the priority queue can be used to reduce the loss rate of high priority packets at the expense of higher loss rate of low priority packets. In this paper, an adaptive weighted round robin (WRR) scheme is proposed to provide service differentiation in multiple class queuing system. We define two classes of traffic; low priority for best effort traffic and high priority for multimedia traffic to simplify the mechanism. The main feature of the proposed algorithm is that it regulates the weight of high priority class according to traffic load. Regulation of the weight of classes makes it enable to guarantee minimum throughput of best-effort traffic under severe congestion. The proposed queuing system is shown in figure 1. When a packet arrives from the MAC layer, the packet is accepted to the associated class queue with its priority. To adjust the weight of classes to traffic loads, two thresholds and the length of the high priority class queue are used. Each weight of class queues is defined as

WH = Winitial , WL = 1 − WH , when Q[h] < TL , § Q[h] − TL · WH = Winitial + k ⋅ min¨¨ , 1¸¸, WL = 1 − WH , when TL ≤ Q[h] © TH − TL ¹

534

K.-W. Kim, S.-H. Bae, and D.-I. Kim

Fig. 1. Queuing model of the proposed algorithm

where Q[h] is the length of the high priority class queue, WH is the weight of the high priority class queue and WL is the weight of the low priority class queue. TL is low threshold of the high priority class queue and TH is high threshold of the high priority class queue. Winitial is the initial weight of high priority class queue and k is the constant. The weight of the high priority class queue, WH, is varied from Winital to Wintial + k. Weighted round robin (WRR) scheduler chooses the queue according to its weight and transmits packet from the queue to MAC.

Packet Discarding Policy (PDP) In Ad hoc network, each mobile node acts as router as well as host. There are two kinds of packets into interface queue (IF_q); packets from higher layer (transport layer) and packets from MAC layer. Packets from MAC layer traverse intermediate nodes to reach their destinations. Because they have consumed wireless channel resources, we consider that packets from MAC layer are more important than those from higher layer. If the buffer overflow occurs in IF_q caused by excessive traffic of higher layer, the IF_q will discard all incoming packets including packets from MAC layer. Discarding packets come from MAC layer results in waste of wireless channel resources. To overcome this inefficiency, a packet discarding policy (PDP) that protects packets come from MAC layer under buffer overflow is proposed. It tries to keep available buffer space for packets from MAC layer by discarding packets from higher layer. The goal of PDP is to protect packets that traverse multi-hops to reach their destination, to improve overall end-to-end performance and to increase wireless channel utilization. When a new packet pkt arrives at IF_q, behavior of the proposed mechanism is as shown in below. scr_addr is source address of packet pkt, addr_ is address of this node and Q[l] is the length of the low priority class queue.

Algorithms for Service Differentiation in MAC Layer over MANETs

535

If (priority of pkt == high) { If (Q[h] > TH && src_addr of pkt == addr_) discard pkt; Else enqueue pkt to Q[h]; If (Q[h] < TL) {

WH = Winitial; WL = 1.0 - WH; } Else if (TL < Q[h]) {

WH = Winitial + k * min((Q[h] - TL)/(TH-TL), 1); WL = 1.0 - WH ; } Else WH = Winitial +k; WL = 1.0 - WH; } /* if the occupancy of Q[l] exceeds Threshold, and pkt is generated in higher layer, we discard pkt to avoid buffer overflow. */ Else { If (Q[l] > TH && src_addr of pkt == addr_) discard pkt; Else enqueue pkt to Q[L]; }

3 Experimental Results NS2 simulator [5] is used to make performance comparison between the proposed scheme and the drop-tail queue scheme. NS2 is a freely available discrete-event object-oriented network simulator. It provides a framework for building a network model, specifying data input, analyzing data output and presenting results. The ad hoc network model used for simulation is shown in figure 2. It consists of 10 mobile nodes and 8 constant bit rate (CBR) traffic sources. Each CBR source generates packet every interval time. Interval time between packets is varying from 0.05 to 0.1 second. The packet size is set to 1K bytes. Half of traffic sources are high priority class and the others are low priority class. Ad hoc on demand distance vector routing protocol is used and IEEE 802.11 is used for wireless MAC protocol. To avoid the bias of random number generation, we execute simulation 10 times for each configuration. A simulation time is set to 500 seconds. In the network model, CBR flows 1, 3, 4 and 6 are set to have high priority and the other flows are set to have low priority. We assign 25 packets to each class queue size for the proposed queuing system and 50 packets to drop-tail queue system.

536

K.-W. Kim, S.-H. Bae, and D.-I. Kim

Fig. 2. Ad hoc network model for simulation

Figure 3 shows average number of received packets at CBR receivers. It can be seen that the proposed scheme can increase the end-to-end performance from 8% ~ 40% by compared to drop-tail queuing system. The reason is that the PDP of the proposed scheme increases end-to-end throughput by protecting packets that traverse multi-hop path from packet dropping caused by buffer overflow in intermediate nodes.

Fig. 3. Average number of received packets

Algorithms for Service Differentiation in MAC Layer over MANETs

537

Figure 4 depicts average number of received high priority packets and average number of received low priority packets. It can be noticed that high priority packets are much more served than low priority packets. Moreover, the number of received high priority packets is increased as traffic load of high priority CBR is increased. Indeed the weight of class queues is dynamically varied with load of high priority flows. As the number of packets waiting in the high priority class queue is increased, high priority packets are more served. As shown in figure 4, results show that the drop-tail queuing system is incapable of being differentiate QoS.

Fig. 4. Average number of received high priority & low priority packets

Figure 5 plots average number of lost high priority packets and average number of lost low priority packets. The proposed scheme provides very low packets loss rate

Fig. 5. Average number of lost high priority & low priority packets

538

K.-W. Kim, S.-H. Bae, and D.-I. Kim

for high priority packets compared to drop-tail queue scheme. The reason is that WRR scheduler tries to serve more high priority packets than low priority as high priority traffic increase. Figure 6 shows end-to-end delay of high priority and low priority packets. Obviously, when traffic load is low, end-to-end delay of high priority packet keeps low. But traffic load become heavy, delay also becomes large. As shown in figure 6, WRR scheduler of the proposed scheme can provide better performance than drop-tail queue in terms of end-to-end transmission delay.

Fig. 6. End-to-end delay of high priority and low priority packets

Experimental results are quite positive in the sense that IEEE 802.11 MAC protocol with the proposed scheme outperforms than pure IEEE 802.11 MAC in all cases. Using our technique, the proposed scheme may improve overall end-to-end throughput as well as support service differentiation over multi-hop MANETs.

4 Conclusions This paper has described a new service differentiation scheme based on a multiple queuing system and a PDP. The main feature of the proposed algorithm is that it regulates the weight of high priority class according to traffic load. A new PDP tries to keep available buffer space for packets from MAC layer by discarding packets from higher layer and protects packets that traverse multi-hops to reach their destination. Simulation results show that the proposed scheme may improve overall end-to-end throughput as well as support service differentiation over multi-hop MANETs.

References 1. C. E. Perkins, Ad Hoc Networking. Addison-Wesley, Upper Saddle River, NJ, USA, Jan 2001. 2. I. Aad and C. Castelluccia, “Differentiation mechanisms for IEEE 802.11,” Proc. of IEEE INFOCOM 2001, pp. 209-218.

Algorithms for Service Differentiation in MAC Layer over MANETs

539

3. M. Barry, A. T. Campbell, and A. Veres, “Distributed Control Algorithms for Service Differentiation in Wireless Packet Networks,” Proc. of IEEE INFOCOM 2001, pp. 582-590. 4. G. Bianchi and I. Tinnirello, “Analysis of Priority Mechanisms based on Differentiated Inter-Frame Spaces in CSMA/CA,” in Proc. IEEE VTC 2003, vol. 3, pp. 1401 – 1405, Orlando (FL), Oct 2003. 5. NS−2 homepage: http://www.isi.edu/nsnam/ns.

A Power-Aware Routing Protocol Using Multi-Route Transmission for Mobile Ad Hoc Networks Kuang-Han Fei, Sheng-Yan Chuang, and Sheng-De Wang National Taiwan University Department of Electrical Engineering Taipei, Taiwan [email protected]

Abstract. We presents a power-aware routing protocol called MultiRoute Transmission Routing that utilizes multiple routes to transmit the data traffic simultaneously and leads to a balanced energy consumption. The proposed routing approach can extend the system lifetime of the network. A new routing decision index is also proposed for the route selection mechanism, which takes both the shortest-path and the maximum system lifetime into consideration and dynamically adjusts its weight between them according to the energy usage of the network. Experiment results show that, the proposed routing protocol provides a higher performance than other well-known power-aware routing protocols in terms of the energy-efficiency.

1

Introduction

Much research has addressed the energy-efficient issue of MANET routing protocols. We can roughly classify these solutions of the energy-efficiency protocol design into three categories: 1) Node energy state management: the mobile hosts can support a sleep mode that operates in a much lower energy level to conserve its battery energy. To maintain the traffic connectivity, these approaches usually keep few of hosts to active in order to buffer data packets for their sleeping neighbors. The approaches of SPAN [1] and GAF [2] belongs to this category; 2) Transmission power control: in the wireless transmission, the radio transmission power required is proportional to dα , where d is the distance between the two hosts, and α is typically between 2 and 4. In other words, the power consumption of transmission is at least the second order of the transmission range. The protocols in this approach try to achieve the goal of the minimum energy cost per packet transmission. Minimum Total Transmission Power Routing (MTPR) [3] prefers using routes with more hops and gets a shorter transmission range as compared to the traditional shortest-path manner. Other works about the approach can be found in [4], [5], [6] and [7]. The purpose of the approach is to minimize the power consumption during the packet transmission. However, it does not consider the residual energy usage of hosts in the network and cannot X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 540–549, 2006. c IFIP International Federation for Information Processing 2006 

Power-Aware Routing Protocol Using MRT

541

guarantee to extend the system lifetime of the network; 3) Power-aware routing: unlike the traditional shortest-path routing protocols, power-aware routing protocols realize the energy information of hosts. According to the energy information of hosts, power-aware routing protocols can take different power cost metrics for route selection into the consideration. The goal of this approach is to maximize the network lifetime by balancing the energy usage of the hosts. Some protocols consider the remaining energy of hosts as the metric in order to prolong the lifetime of the hosts, like Min-Max Battery Cost Routing (MMBCR) [8]. The MMBCR assumes that the cost of a route is the inverse of energy value which belongs to a host that has least remaining battery energy in this route. The route selection policy of the MMBCR is to choose a route which has the smallest route cost. Thus, the MMBCR may prefer a longer path that has the largest remaining battery energy to the shortest-path. But in this design of metric, it might consume more energy because the total transmission energy consumption of the longer path may be larger than that of the shortest-path. However, the MMBCR successfully extends the network lifetime due to a more balanced usage of the energy in the network. Conditional Max-Min Battery Capacity Routing (CMMBCR) [9] tries to consider both the minimum transmission energy cost and the maximum network lifetime in the route selection. The CMMBCR presents a hybrid method that selects a route favored by either the MTPR or the MMBCR by using a given threshold γ, which is a percentage value of hosts’ initial energy between 0 and 100. When all hosts in possible routes have sufficient remaining battery energy (above the threshold γ × node s initial energy), a route with the minimum transmission energy cost is chosen. However, if all possible routes have low remaining battery energy (below the threshold), a route with the maximum remaining battery energy is chosen in order to prolong the hosts lifetime. Many of research issues are also addressed in this approach in recent years, such as [10], [11], [12] and [13]. In wired networks, multiple-path routing has been discovered with a lot of benefits, such as more balance traffic loading, more network end-to-end bandwidth etc. However, the advantages of multiple-path routing are not obvious in MANETs because the communications along multiple, different paths may interfere with each other due to the single-channel broadcast feature of the wireless radio transmission (i.e. not contention free). Using the multiple-path in DSR can maintain correct end-to-end transmission for a long time than a single path which has been proven in [14]. In [15], a diversity injection method has been proposed to find out more disjoint paths. This study also shows that multiple-path can balance network loads. In [16], the authors present a deep performance study of the multiple-path routing in MANETs. They also have proposed a new method to find disjoint paths to improve the performance of the multiple-path mechanism. In MANETs, the DSR and the Temporally Ordered Routing Algorithm (TORA) [17] store multiple paths for a particular destination as backup routing paths. However, we thought that using multiple paths as the backup routing paths is a kind of waste if the disjoint paths with sufficient remaining energy do exist. The proposed power-aware routing protocol, the PMRTR, efficiently

542

K.-H. Fei et al.

utilizes these paths to simultaneously transmit the data packets, with a more balancing energy usage among nodes; thus, it extends the system lifetime of the network. To the best of our knowledge, we are the first to apply the concept of the multiple-path transmission to a power-aware routing protocol.

2

2.1

Power-Aware Multi-Route Transmission Routing Protocol Concepts of PMRTR

Many power-aware routing protocols are based on the DSR protocol because of some characteristics of the DSR. First, the source node in the DSR has full knowledge about all possible route information in the network. Second, the mechanism of the DSR route discovery allows each intermediate node to attach their energy information (and network address also) in the RREQ and the RREP packets which can be piggybacked back to the source. These characteristics make it possible for the source node in the DSR to make a power-aware route selection according to the energy information extracted from the received RREP packets. The proposed power-aware routing protocol, the PMRTR, is also an enhancement over the DSR. The design goal of the PMRTR is to maximize the overall system lifetime in the network. To achieve that, we propose the following major improvements of the PMRTR over the DSR: 1) Energy information awareness: Each node should attach its current status of the energy into the RREQ and RREP packets during the route discovery stage. When a source receives the RREPs replied by a destination, it can extract the energy information of the route out and analyze the route cost later. 2) Energy-efficient route cost metric: The route selection not only considers the routing path length, but also the energy balance. The route cost metric in the PMRTR takes both the minimum transmission energy cost and the maximum network lifetime into consideration. 3) Multiple-path transmission: Unlike the DSR or any other power-aware routing protocols that also based on the DSR, the PMRTR uses multiple routes to simultaneously transmit the data packets to the destination. The packets that used to be transmitted through the single-path, now disperse to transmit along several different paths which all have approximate large residual energy capacity. Thus, since the traffic loading and energy depletion can be distributed, none of routes will be overused in the PMRTR. 4) Dynamic cost metric adjustment and route selection criterion: We adjust route cost metric by considering the balance between the minimum transmission power cost and the maximum network system lifetime according to the residual energy capacity of nodes. The route selection strategy uses a threshold and the degree of dissimilarity of routes to filter the routes with high cost out of candidate paths of the multi-route transmission.

Power-Aware Routing Protocol Using MRT

2.2

543

PMRTR Protocol

The residual energy capacity of a route in the PMRTR is defined as following. If we consider a generic route rd = {ns , n1 , n2 , . . . , nd }, where ns is the source node and nd is the destination node. Let Ei (t) be the residual energy capacity of node ni at time t. We define the residual energy capacity of a route rj : RE(rj ) = min∀ni ∈rj Ei (t), in other words, the least energy of the node on this route. Although the design goal of the routing cost metric in the PMRTR is to try to take both the minimum transmission power cost and the maximum system lifetime of the network into consideration. However, the experiment results in analysis of power-aware routing protocols [18] shows that the shortest-path routing protocol (i.e. in the DSR) surprisingly performs great in energy-efficiency. This interesting result shows that even the shortest-path routing is not designed for energy-efficiency, it still may outperform than other power-aware routing protocols in some scenarios. The reasons of the energy efficiency of the shortestpath are 1) the energy consumption of the shortest-path approximates with the minimum transmission power cost in the case that each node in the network operates with same transmission power, and 2) the high mobility of the ad hoc networks makes the traffic loading natural evenly distributed among the nodes in the network. In addition, we should also note that since only a few actual network interface cards allow several discrete power levels, to assume that transmission range/power can be continuously configured is not practical in the real wireless network environments. To be specific, the PMRTR route cost metric is determined by both the hop counts of the route and the residual energy capacity of the route. Consider two paths r1 and r2 in Figure 1. There are two paths

Fig. 1. A simple network topology for the illustration of routing cost metric

r1 = {ns , n1 , n2 , nd } and r2 = {ns , n3 , nd } in the network, where ns is the source and nd is the destination. Assume that the energy consumption of any link is P , m1 is the hop counts of r1 , and e1 is the residual route energy of r1 ; m2 is the hop counts of r2 , and e2 stands for the residual route energy of r2 . The updated  residual energy of the route r1 is e1 = e1 − P m1 if the route r1 is taken and the  updated residual energy of the route r2 is e2 = e2 − P m2 . As we can see, the factor P plays an important role in determining the contribution proportion between the hop counts and the residual energy of the route in the route selection. However, if we define the factor P as the energy consumption of the host-to-host transmission power in mW, the route selection will

544

K.-H. Fei et al.

prefer much the shortest-path to the paths with large residual energy because the typical value of the energy consumption of the host-to-host transmission power is constant while the residual energy is decaying. Therefore, we can add a weighting K to the the factor P such that the balance can be achieved between the hop counts and the route residual energy by setting the weighting K as a variable with its value proportional to the residual energy of the nodes in the network. In this way, we can define a decision index Ii to evaluate the priority of route ri as follows: Ii = ei − KP mi where K is a weighing to be adaptively determined in the networking environment. It is obviously that we prefer a route with largest Ii among all available routes. Now, it remained to determine the weighting K. Since the residual energy of nodes decreases as time goes by, it is natural to set the weighting K be related to the residual energy of nodes. To this end, we consider a threshold energy eth = T HCM × Einit , where T HCM is a constant and set weighing K as follows:  Kinit if ei > eth K= Kinit × eethi if ei < eth where Kinit is the initial value. Thus, when the residual energy capacity of nodes in the network is critical, the route selecting policy of the PMRTR concern about the residual energy capacity than the hop counts of the routes. The multiple-route transmission uses different paths to transmit simultaneously, dispersing the traffic load into these paths. In traditional multiple-route routing protocols, the paths being used for multiple-route transmission should be the disjoint paths. The numbers of disjoint paths strongly affect the performance of the multiple routes transmission. However, the availability of the paths that are entirely disjointed may be rare in some network scenarios; hence the improvement of the multiple routes transmission is not significant. In the PMRTR, we allow multiple routes transmission upon the paths which are not necessary to be completely disjointed. We propose a new criterion, the routes dissimilarity, which indicates the differentiation between the different paths. The routes dissimilarity between two routes (ra and rb ) is defined as: RD(ra , rb ) =

M L(ra , rb ) − SN (ra , rb ) , M L(ra , rb )

where the M L(ra , rb ) denotes the length of the shorter route and the SN (ra , rb ) denotes the number of same nodes between the ra and the rb . For example, suppose we have a set of routes R = {r1 , r2 , r3 , r4 }, where r1 = {ns , n1 , nd }, r2 = {ns , n2 , n3 , n4 , n5 , nd }, r3 = {ns , n2 , n7 , n8 , n9 , nd } and r4 = {ns , n4 , nd }. The routes dissimilarity between {r1 , r2 }, {r2 , r3 } and {r1 , r4 } (6)−(3) ∼ are RD(r1 , r2 ) = (3)−(2) = 0.33, RD(r2 , r3 ) = (6) = 0.5 and RD(r1 , r4 ) = (3) (3)−(2) ∼ = 0.33 respectively. Let r5 be a route that we just discovered and the (3)

Power-Aware Routing Protocol Using MRT

545

route set R is the routes stored in the MRT for certain destination. The average routes dissimilarity between r5 and R is:  RD(r5 , ri ) , RD(r5 , R) = ∀ri ∈R ¯ R ¯ is the number of routes in the route set R. Using with routes dissimwhere R ilarity instead of the traditional disjoint definition as the criterion of selecting available paths, the performance improvement in multiple routes transmission can be seen more significantly in different network scenarios.

3

Experiment Result

Since the main goal of the proposed PMRTR is to balance the energy consumption of the nodes in a network and thus to maximize system lifetime of the network, we consider two essential criteria: 1) System lifetime of the network, which is commonly defined as the time of the first node that runs out off its energy in the network; and 2) Standard deviation of the nodes’ energy in the network, which reflects the distribution of the residual energy of nodes in the network. 3.1

Simulation Model

We use the ns-2 [19] which is a discrete event driven simulator developed by University of California at Berkeley and VINT project as our simulation platform. We also use the wireless extensions provided by CMU [20]. The setup consists of a test bed of 24 nodes in a 600 × 600 m2 area. The communication range of each node is assumed to be 250 m. We separate these 24 nodes into 20 intermediate nodes and 4 traffic nodes. These 4 traffic nodes which have fixed locations in the four corners of the simulation area and act as the sources and the sinks (destinations) that continuously exchange the data packets to each other. The 20 intermediate nodes which are confined in simulation environment perform serve as the forwarding nodes in the ad hoc mode. The traffic nodes in diagonal communicate with each other by establishing a 4 pkt/sec CBR traffic connection with 512 KB packet size at simulation beginning. In other words, every intermediate node in the network is covered by four CBR traffic communications all the time. The design propose of this simulation scenario is to isolate the source/destination nodes from the intermediate nodes. In this isolation process, if a node runs out off its energy, it must do because this node is responsible for some traffic forwarding which is caused by some bad route selection of power-aware routing protocols, and not because that node was the source or the destination which belongs to some traffic. By observing the energy usage of every intermediate node, we can accurately measure the energy-efficiency performance of the power-aware routing protocols easily. For every intermediate node, three kinds of mobility, low (in 1 m/s), medium (in 5 m/s) and high (in 10 m/s), are investigated. In each mobility pattern, the random waypoint model with constant pause-time 30 seconds is applied.

546

K.-H. Fei et al.

It means that after every node reaches the current waypoint, it pauses for 30 seconds, and then randomly chooses its next waypoint. The standard deviation of nodes’ energy is measured in every 30 seconds. We average these results before the network lifetime and report this value as the energy standard deviation of the protocol. We should notice the significant energy consumption of the overhearing between nodes in mobile ad hoc networks through the experiment results in [21]. Due to the nonexistence of any wireless base station or central controller which can be in charge of buffing the traffic packets for sleeping neighbors in current power-aware routing protocols, the nodes cannot sleep in the ad hoc mode. Because of that, all of the mobile nodes will consume energy unnecessarily due to overhearing the transmission of their neighbors. Although the overhearing feature obviously wastes lots of valuable energy resources of nodes, the nodes of power-aware routing protocols based on on-demand manner should remain active all the times so as to participate in the route discovery by broadcasting the RREQ and the RREP packets. Somehow, under some dense network environments, the energy consumption of the overhearing engages around 80 % of total energy consumption of the whole network [21]. However, we do not disable the overhearing feature in any of our experiments due to more practical reflecting the actual network environment behaviors. The parameters in the PMRTR protocol are assigned as following setup: the weighting factor Kinit of the routing decision index I is 10%, and the threshold T HCM in the weighting factor K is set as 25% of the initial energy of nodes (i.e., T HCM = 25%). In our experiments, all intermediate nodes have their initial energy which are randomly selected in 200 ± 0.5. Each experiment result is obtained from 20 different runs at least. The simulation time in each run is set to 1000 seconds. 3.2

Power-Aware Routing Protocols Comparison

In the experiment of this sub-section, we compare the energy-efficiency performance with the shortest-path routing, the PMRTR, and two well-known poweraware routing protocols, such as the MMBCR and the CMMBCR. We fully implement the functionalities of the MMBCR and the CMMBCR (with that threshold is half of the initial energy of nodes) in the ns-2 and also modify the route maintenance procedure of these protocols. The mechanism that protocol will flush its route cache and establish a new route discovery for any active transmission in order to update the route information and the energy usage information is added into the route maintenance procedure of these routing protocols. Since the PMRTR is also a routing protocol, the criteria of traditional routing protocols such as the delivery ratio and the end-to-end delay should also perform with maintaining in a good condition. Besides the system lifetime of network and the average energy standard deviation, we also measure and compare the delivery ratio and the end-to-end delay of these protocols. The system lifetime comparisons of the candidate protocols are illustrated in Figure 2, while the average energy standard deviation comparisons are shown in

Power-Aware Routing Protocol Using MRT

547

Fig. 2. System Lifetime for Protocols Comparison

Fig. 3. Average Energy Standard Deviation for Protocols Comparison

Figure 3. The simulation results show that, the PMRTR performs the longest system lifetime in every mobility scenarios. It proves that the concept of the multi-route transmission and our novel routing cost metric lead to more balanced energy consumption, thus, obviously extends the system lifetime of the network. However, the difference between the simulation results of protocols is

548

K.-H. Fei et al.

not quite large because of the significant influence of the overhearing power consumption. In regard to the average energy standard deviation, the PMRTR also shows the best results, which provide most evenly energy usage between nodes in the network. Through this simulation, we can see that the PMRTR is the most fairness protocol in balancing the energy consumption among these candidate power-aware routing protocols. We also note that, as can be seen in the Figure 3, the average energy standard deviation decreases when the mobility of the network increases because that the energy consumption which is caused by the traffic can be more evenly distributed to different nodes through the high network mobility.

4

Conclusion

In this paper, the Power-aware Multi-Route Transmission Routing (PMRTR) protocol for MANETs is proposed. The PMRTR uses the concept of the multiplepath transmission to evenly distribute the traffic loading among the mobile nodes in the network, thus maximizing the system lifetime of the network. The route selection mechanism is based on a routing cost metric that takes both the shortest-path and the maximum system lifetime into consideration and dynamically adjusts the weightings between them according to the energy usage status of the network. The experiment results show that, the PMRTR provides longer system lifetime and more balanced energy consumption between the mobile nodes than the shortest-path routing and other power-aware routing protocols. In addition, the proposed approach can also keep a good delivery ratio and a low end-to-end delay.

Acknowledgments The work was partially supported by MediaTek Inc. Taiwan and partially supported by National Science Council, Taiwan, under the grant no. NSC 94-2213E-002-003.

References 1. Chen, B., Jamieson, K., Balakrishnam, H., Morris, R.: Span: Energy-efficient coordination for topology maintenance in ad hoc networks. ACM Wireless Networks Journal 8 (2002) 2. Xu, Y., Heidemann, J., Estrin, D.: Geography-informed energy conservation for ad hoc routing. Proceedings of the Seventh Annual ACM/IEEE International Conference on Mobile Computing and Networking (2001) 3. K.Scott, N.Bambos: Routing and channel assignment for low power transmission in PCS. ICUPC ’96 (1996) 4. Doshi, S., Bhandare, S., Brown, T.X.: An on-demand minimum energy routing protocol for a wireless ad hoc network. ACM SIGMOBILE Mobile Computing and Communications Review (2002)

Power-Aware Routing Protocol Using MRT

549

5. Stojmenovic, I., Lin, X.: Power-aware localized routing in wireless networks. IEEE Transactions on Parallel and Distributed Systems (2001) 6. Zhang, B. Mouftah, H.T.: Localized power-aware routing for wireless ad hoc networks. IEEE International Conference on Communications (2004) 7. Li, J., Cordes, D.: Hybrid greedy-multicasting power-aware routing protocol in ad hoc networks. International Conference on Information Technology: Coding and Computing (ITCC’04) 2 (2004) 8. Singh, S., M.Woo, Raghavendra, C.S.: Power-aware routing in mobile ad hoc networks. Proceedings of Mobicom (1998) 9. Toh, C.K.: Maximum battery life routing to support ubiquitous mobile computing in wireless ad hoc networks. IEEE Communications Magazine (2001) 10. Maleki, M., Dantu, K., Pedram, M.: Power-aware source routing protocol for mobile ad hoc networks. International Symposium on Low Power Electronics and Design, and Proceedings of the 2002 international symposium on Low power electronics and design (2002) 11. Sheu, J.P., Lai, C.W., Chao, C.M.: Power-aware routing for energy conserving and balance in ad hoc networks. Proceedings of the 2004 IEEE International Conference on Networking, Sensing & Control (2004) 12. Zhou, Y., Laurenson, D.I., McLaughlin, S.: High survival probability routing in power-aware mobile ad hoc networks. IEE Letters 40 (2004) 13. Wang, K., long Xu, Y., liang Chen, G., feng Wu, Y.: Power-aware on-demand routing protocol for MANET. 24th International Conference on Distributed Computing Systems Workshops (2004) 14. Nasipuri, Das, S.: On-demand multipath routing for mobile ad hoc networks. Proceedings of the 8th int. Conf. On Computer Communications and Networks(IC3N) (1999) 15. Pearlman, M., Z.J. Hass, P.S., Tabrizi, S.: On the impact of alternate path routing for load balancing in mobile ad hoc networks. Proceedings of IEEE/ACMMobiHoc (2000) 16. Wu, K., Harms, J.: Performance study of a multi-path routing method for wireless mobile ad hoc networks. Proceedings of the Ninth International Symposium in Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS’01) (2001) 17. Park, V.D., Corson, M.S.: A highly adaptive distributed routing algorithm for mobile wireless networks (TORA). IEEE Infocom (1997) 18. Safwat, A., Hassanein, H., Mouftah, H.: Energy-aware routing in MANETs: Analysis and enhancements. ACM Workshop on Modeling, Analysis and simulation of Wireless and Mobile Systems (2002) 19. http://www.isi.edu: The ns-2 network simulator. (obtain via http://www.isi.edu/ nsnam/ns/) 20. CMU: Cmu monarch extensions to ns. (obtain via http://www.monarch.cs.cmu. edu/) 21. Cano, J.C., Kim, D.: Investigating performance of power-aware routing protocols for mobile ad hoc networks. International Mobility and Wireless Access Workshop (MobiWac’02) (2002)

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay Kang Jin Yoon, Tae Sung Kim, and Young Yong Kim Department of Electrical and Electronic Engineering, Yonsei University, 134 Shinchon-dong, Seodaemun-gu, Seoul, 120-749, Korea {mecem, xinia0214, y2k}@yonsei.ac.kr

Abstract. We propose a novel multicast scheme that can provide quality-of-service (QoS) to multicast service over IEEE 802.11 wireless LANs by utilizing medium access control (MAC) layer relay. It is well known that IEEE 802.11 provides a physical layer multi-rate capability in response to different channel conditions, and hence packets may be delivered at a higher data rate through a relay node than through the direct link if the direct link has low quality and low data rate. We develop the distributed relay node selection algorithm and the relay channel selection algorithm. The effectiveness of proposed scheme is examined by numerical method and simulation. Simulations show that the proposed relayed multicast significantly improves throughput and delay performance.

1

Introduction

As wireless technologies grow rapidly, multimedia contents delivery through multicast scheme over the wireless networks is emerging as an important area in communication networks. We focus on multicast service over the Wireless Local Area Networks (WLANs) technology which is well known that IEEE 802.11 provides a physical layer multi-rate capability in response to different channel conditions. In the WLANs standard, IEEE 802.11b supports transmission rate of 1, 2, 5.5, and 11 Mbps, and IEEE 802.11g supports data rate of 1, 2, 5.5, 6, 9, 54 Mbps. However, there is a problem that multicast data rate is limited by the node which has the lowest data rate. It can make more users received multicast data, but causes some nodes which are in good channel condition to lose their data rate. The degradation of multicast data rate can reduce total throughput, and then increase the drop ratio of the multimedia contents, which is due to an increment of the transmission delay. As a result, nodes may suffer poor quality-of-service (QoS). Therefore, we propose a novel multicast scheme that can provide higher data rate for the QoS guarantee of the multicast service over IEEE 802.11 wireless LANs by utilizing MAC layer relay, called relayed multicast. In our proposed multicast scheme, the nodes which have a good channel relay multicast data to the bad channel nodes. For adopting relay scheme to the multicast, we design the distributed relay node selection algorithm which helps choosing the relay nodes X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 550–559, 2006. c IFIP International Federation for Information Processing 2006 

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay

551

among good channel nodes efficiently. We also develop the relay channel selection algorithm to pick a proper relay channel, which makes transmit simultaneously relayed data. The rest of this paper is organized as follows. Section 2 gives an overview of the related works, as well as the motivation behind the design of our scheme. The details of relayed multicast including the distributed relay node selection and the relay channel selection algorithm are presented in Section 3. Section 4 describes the analysis of the relayed multicast and shows the simulation results that illustrate the effectiveness of the proposed schemes. We conclude the paper in section 5.

2

Related Works and Motivation

In recent years, many papers proposed various solutions for the QoS guarantee of multimedia contents delivery over IEEE 802.11 [3, 4, 5]. Moreover, some researchers developed many relay schemes to acquire higher data rate and the QoS enhancement for the unicast service [6, 7, 8]. Nevertheless, to the best of our knowledge, there is no work have been studied for the QoS guarantee through the increment of the multicast transmission rate. Data packets may be delivered at higher data rate through a relay node than through the direct link if the direct link has low quality and low data rate. Therefore the multi-rate capability can be further exploited by MAC layer multihop transmission. In [6], the authors propose the relay schemes to increase the unicast data rate in IEEE 802.11 networks. Similar to [6], by adopting a multihop relay into the multicast, we can acquire multicast data rate gain, which can guarantee better QoS for received nodes. We consider a wireless network based on IEEE 802.11 WLANs operated as infrastructure mode. The physical layer uses IEEE 802.11b, and, similar to [9], we use multi-channel scheme that contains one general channel to communicate with AP and two relay channel to relay multicast data with single transceiver. To support MAC-level QoS for multicast data, the Enhanced Distributed Coordinate Function (EDCF) is used for the MAC. The EDCF provides the differentiated channel access, which is achieved through varying the amount of time a station would sense the channel to be idle and the length of the contention window.

3

Relayed Multicast

To exploit the multi-rate capability of IEEE 802.11, we organize multicast nodes into two groups based on channel condition between the AP and a multicast node; the multicast group and the relayed multicast group. The nodes in the multicast group have a good channel condition enough to receive data packets at the 5.5 Mbps data rate. The multicast group also includes all nodes which can receive data in 11 Mbps. The remaining nodes which are able to receive data packets at only 2Mbps are put into the relayed multicast group.

552

K.J. Yoon, T.S. Kim, and Y.Y. Kim

Fig. 1. An example of the relayed multicast

Fig. 1 illustrates an example of the relayed multicast. The Multicast group nodes (MNs) are connected with the AP by dotted lines, and the relayed multicast group members are connected with their relay nodes (RNs) by solid lines. First of all, the RMNs select their relay nodes out of the multicast group using the distributed relay node selection algorithm, and then choose relay channels to communicate with their relay nodes using the relay channel selection algorithm. Through these two methods, relayed multicast nodes (RMNs) can find the relay nodes appropriate for the relayed multicast that are able to relay data to the relayed multicast group in 11 Mbps. 3.1

Distributed Relay Node Selection Algorithm

In the wireless environments, because of the wireless multicast advantage [10], all MNs need not to relay multicast data. To relay efficiently, only a few nodes are needed. Moreover, the wireless multicast is the same mechanism as the broadcast in the physical layer. For reasons of that, it is not important for the RNs to know to transmit which RMNs. Instead of that, it is reasonable that RMNs decide to select their RNs. Our proposed selection algorithm, the distributed relay node selection, is designed in the relayed nodes side. We assume receiver-initiated channel condition measurement and let the receiver notify the sender’s transmission rate via control packets. Each node can overhear all ongoing control packets, and know the channel condition between the sender and itself by sensing the signal strength and extracting the piggybacked transmission rate in control packets. At first, AP sends the multicast service advertisement (MSA) to whole nodes in its transmission range. The MNs respond to AP with the service request message (SRM). They put in their maximum data rate between AP and themselves in the SRM. The RMNs can overhear this message. By extracting the piggybacked transmission rate in the SRM, they find the nodes that are able to communicate with AP in 5.5 Mbps. Among those nodes, they select some nodes that have the signal strength of the SRM is high enough to communicate with

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay

553

themselves in 11 Mbps. Each RM Ni has the individual the candidate set of the relay nodes, Xi . After constructing Xi , RM Ni sends the request to relay (RTR) message to the MN which was sensed the SRM in the strongest signal strength. The node that receives the RTR will perform the relay nodes (RNi ). At the same time, RM Nj (i = j), other nodes among the rest of the RMNs that are in the transmission rage of RM Ni extract the RTR, and then check the destination address. If the address is the entry of their candidate set Xj , they also set that node as their RN. They do not have to send RTR to the other MNs. The algorithm continues until all RMNs have their RNs. 3.2

Relay Channel Selection Algorithm

In conventional IEEE 802.11 WLANs that operate under single channel PHY, all nodes in the transmission range of transmitting node should wait until the end of transmission because it protects collisions. However, it leads to transmission delay when the RNs relay data. In that case, the relayed multicast may show lower performance than conventional multicast. To solve this problem, we utilize the multi-channel approach. As we mentioned section 2, there are 3 non-overlap channels in the IEEE 802.11. Unfortunately, with one receiver constraint, the standard only defines the MAC operations for single channel mode. We design a simple multi-channel MAC algorithm for relayed multicast. We use 3 channels (C1 , C2 , and C3 ) for relay, and the algorithm operates as below. At first, RNi broadcasts the channel assignment message (CAM) for C1 . After receiving CAM from RNi , RM Nij which is in the overlap zone checks the relay channel list (RCH). If C1 is not in the list, C1 is entered into the RCH = C1 , and RM Nij send the channel assignment success message (CAS) to RNi . Then, RNj broadcasts the CAM for C1 . At this time, because C1 is the entry of RCH, RMNij send the channel assignment failure message (CAF) to RNj . In the CAF, the available relay channel is piggybacked. In this case C2 is available, so RNj broadcasts the CAM for C2 . After receiving CAM for C2 from RNj , RM Nij enters C2 into the RCH = C1 , C2 , and then sends the CAS to RNj . 3.3

Temporal Operation of the Relayed Multicast

We now consider the temporal operation of the relayed multicast. Transmission/reception activity between AP and nodes is used a general channel (G-channel). In addition, each RN has a relay channel (R-channel) it uses to relay multicast data from AP to RMNs. Because we assume a single transceiver case, each node has only a single channel at a time. Thus, we use a new frame for changing channel before relay operation, the relay channel change message (RCH). If RMNs receive the RCH from their RNs, they jump to their R-channels that were determined by using the relay channel selection algorithm. After receiving relayed data, RMNs return to the G-channel. For a reliable MAC-layer multicast, we adopt leader-based-ack mechanism. A leader of each group is selected by the first node to send the SRM and RTR.

554

K.J. Yoon, T.S. Kim, and Y.Y. Kim Table 1. Simulation Parameters Paylod 8000 bits SIFS MAC header 224 bits AIFS(3) PHY header 192 bits AIFS(2) ACK, CTS 112 bits + PHY header AIFS(1) RTS, CCM 160 bits + PHY header AIFS(0) Slot time 20 μs CWmin(0. . . 3) Simulation time 100 s CWmax(0. . . 3)

10 μs SIFS + 1 * Slot time SIFS + 1 * Slot time SIFS + 1 * Slot time SIFS + 1 * Slot time [31, 31, 15, 7] [1023, 1023, 31, 15]

Our proposed scheme operates in the following order. 1. The AP multicasts data to the multicast group in the 5.5 Mbps after waiting AIFS(1) and backoff when the channel is sensed idle. 2. A leader of the multicast group sends an ACK to the AP after SIFS. 3. RNs send the RCH to the RMNs, and then relay the data after SIFS. 4. Leaders of RMNs respond to RNs with the ACK, while other RMNs return to the RMNS by overhearing the ACK.

4

Performance Evaluation

In this section, the performances of our design is examined by the numerical method and our event-driven simulation program, written in the MATLAB. In order to select a suitable data rate, we assume the distance thresholds for 11Mbps, 5.5 Mbps, and 2 Mbps are 100m, 200m, and 250m respectively, similar to [12]. The payload size for best effort is set to be 1000 bytes and all nodes are always backlogged. The best effort data uses AC(0), and RTS/CTS mechanism. To support QoS for multicast data and relay data, AC(1) and AC(2) are adopted respectively. Nodes are uniformly distributed centering around AP, and the service area is within 250m radius of the AP. Other simulation and IEEE 802.11e MAC parameters are set as in Table 1. We investigate the overall throughput and transmission delay compared with conventional multicast service which uses only 2Mbps. With this setup, we investigate the overall throughput, transmission delay performances. 4.1

Numerical Result

In [7], Hao Zhu and Guohong Cao show an analysis of their proposed relay scheme for unicast traffic by using Bianchi’s Markov Chain model [11]. In this section, similar to [7], we analyze the saturation throughput gain of the relayed multicast as compared with conventional multicast operating 2 Mbps. For simplicity, we assume the channel condition is ideal, and do not apply IEEE 802.11e in this analysis. Assume that each node applies the binary

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay

555

exponential backoff algorithm with the maximum backoff stage m, the number of flows is represented n, and the initial backoff window size W . Then, the probability τ that a flow transmits in a slot time is obtained from the following functions: 2(1 − 2p) (1) τ= (1 − 2p)(W + 1) + pW (1 − (2p)m ) p = 1 − (1 − τ )n−1

(2)

p denotes the conditional collision probability that a transmitted packet encounters a collision because at least one of the n-1 remaining nodes transmit in the same time slot. If there are no hidden terminals, multicast is exactly same as unicast operation because we can treat the set of receiver as one node. In the relayed multicast case, if it is possible for RNs to transmit concurrently to their RMNs, the relayed multicast can be analyzed similar to multicast. There exists only one difference that relayed multicast uses DCF scheme twice; for the multicast, and the relay. RM are denoted the average time for the channel being T sM , T sRM M , and T sR sensed busy because of successful transmission under conventional multicast, RM multicast from AP to MNs, relay from RNs to RMNs. T cM , T cRM M , and T cR are the average time for the channel being sensed busy because of during a collision conventional multicast, multicast from AP to MNs, relay from RNs to RMNs respectively: T sM = DIF S + data(2M bps) + SIF S + ACK + 2 × δ T cM = DIF S + data(2M bps) + δ T sRM M = DIF S + data(5.5M bps) + SIF S + ACK + 2 × δ T cRM M = DIF S + data(5.5M bps) + δ

(3)

= DIF S + RCH + SIF S + data(11M bps) + SIF S T sRM R +ACK + 3 × δ = DIF S + RCH + SIF S + data(11M bps) + 2 × δ T cRM R The data includes the overhead of PHY and MAC header and payload, and δ means propagation delay. From the result of [11], the average time to transmit one packet is calculated as follows. TM and TRM correspond the average packet transmission time under conventional multicast and relayed multicast: TM = (1 − Ptr )σ + Ptr Ps T sM + Ptr (1 − Ps )T cM RM TRM = (1 − Ptr )σ + Ptr Ps T sRM M + Ptr (1 − Ps )T cM RM +(1 − Ptr )σ + Ptr Ps T sR + Ptr (1 − Ps )T cRM R

(4)

556

K.J. Yoon, T.S. Kim, and Y.Y. Kim

σ is the duration of an empty slot time. Ptr is the probability that there is at least one transmission in the considered slot time, and Ps means the probability that a transmission occurring on the channel is successful. Ptr = 1 − (1 − τ )n Ps =

(5)

nτ (1 − τ )n−1 nτ (1 − τ )n−1 = Ptr 1 − (1 − τ )n

(6)

Then, the ratio between the saturation throughput of conventional multicast and relayed multicast is represented in the proportion of TM to TM , denoted by TM . M γ = TTRM (7) (1−Ptr )σ+Ptr Ps T sM +Ptr (1−Ps )T cM = 2(1−Ptr )σ+P RM +T sRM )+P (1−P )(T cRM +T sRM ) tr Ps (T s tr s M

R

M

R

We show the numerical analysis of the saturation throughput gain as the function of payload size, and also validate our analysis through simulation. We assume m = 5, n = 5, and W = 31. As shown in Fig. 2, the gap between numerical result and simulation is slightly small. This gap is due to transmit an RCH before relaying. We assumed every RN can transmit simultaneously, but they have different start times since each RN contends to get a transmission opportunity of RCH in the G-channel. We can see that throughput gain increases as payload size increases. There are additional overheads in relayed multicast because of transmitting RCH and relaying data packet. However, since overheads are much smaller than the reduced transmission time by relaying, relayed multicast always shows better performance than conventional multicast regardless of payload size.

Fig. 2. Throughput gain of relayed multicast

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay

4.2

557

Simulation Results

Throughput Enhancement. Fig. 3 shows the system throughput of relayed multicast and conventional multicast. Throughput is calculated by the total amount of payload (in bits) delivered divided by the simulation time. The maximum throughput gain, 28%, can be achieved in the case that user density is 0.3. Throughput curve decrease exponentially according to increase user density, and when the user density is over 7, the throughput of relayed multicast is less than that of conventional multicast. The reason of throughput decrease is MAC protocol of IEEE 802.11 which use contention based CSMA/CA. Relayed multicast needs 2 contention period, one is for multicast to MNs and the other is for relay to RMNs. Thus, the collision and waiting time will increase as the user density increase. In relayed multicast, since RCH message is transmitted in G-channel, it causes the additional transmission delay at the RNs, and then the efficiency of relayed multicast decrease rapidly.

Fig. 3. The throughput comparison

Transmission Delay Performances. Fig. 4 and 5 show the transmission delay performances according to user density and data rate. Each case use data rate = 256Kbps and user density = 1. Both cases, relayed multicast shows much better performance. Especially, when user density is fixed, relayed multicast keeps transmission delay under 1 second. Through these results, despite additional transmission for relay packets, relayed multicast can reduce transmission delay compared with conventional multicast. Considering that almost multicast are video services, relayed multicast needs less buffering time than that of conventional multicast to maintain the video quality.

558

K.J. Yoon, T.S. Kim, and Y.Y. Kim

Fig. 4. The transmission delay according to user density

Fig. 5. The transmission delay according to data rate

5

Conclusions

In this paper, we design a new multicast scheme for IEEE 802.11 wireless LANs by utilizing MAC layer relay, called relayed multicast. For effective relayed multicast, we develop the distributed relay node selection and relay channel selection algorithm. Numerical results and Simulation show that the proposed scheme can increase the throughput, and significantly reduce the transmission delay. Therefore, multicast nodes can be served higher data rate multicast service and guaranteed the QoS of the multimedia service.

A Novel Multicasting Scheme over Wireless LAN Systems by Using Relay

559

Acknowledgement This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment)(IITA-2005-C1090-0502-0012).

References 1. IEEE 802.11 WG, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, ANSI/IEEE Std 802.11, 1999 Edition. 2. IEEE 802.11b WG, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, IEEE Std 802.11b-1999/Cor 1-2001, November 2001. 3. Miheala van der Schaar, Santhana Krishnamachari, Sunghyun Choi, and Xiaofeng Xu,: Adaptive Cross-Layer Protection Strategies for Robust Scalable Video Transmission Over 802.11 WLANs, in IEEE J. Select. Areas Commun., vol. 21, NO. 10, December 2003. 4. Qiong Li, and Mihaela van der Schaar,: Providing Adaptive QoS to Layered Video Over Wireless Local Area Networks Through Real-Time Retry Limit Adaptation, IEEE Transaction on Multimedia, vol. 6, NO. 2, April 2004. 5. Abhik Majumdar, Daniel Grobe Sachs, Igor V. Kozintsev, and Minerva M. Yeung,: Multicast and Unicast Real-Time Video Streaming Over Wireless LANs, IEEE Trans. on Circuits and Systems for Video Technology, vol. 12, NO. 6, June 2002. 6. Hao Zhu, and Guohong Cao,: On Improving the Performance of IEEE 802.11 with Relay-Enabled PCF, ACM/Kluwer Mobile Networks and App. 9, 423-434, 2004. 7. Hao Zhu, and Guohong Cao,: rDCF: A Relay-Enabled Medium Access Control Protocol for Wireless Ad Hoc Networks, IEEE INFOCOM 2005. 8. Dongmei Zhao, and Terence D. Todd,: Real-Time Traffic Support in Relayed Wireless Access Networkd Using IEEE 802.11, IEEE Wireless Commun., April 2004. 9. Jenhui Chen, Shiann-Tsong Sheu, and Chin-An Yang,: A New Multichannel Access Protocol for IEEE 802.11 Ad Hoc Wireless LANs, IEEE PIMRC 2003. 10. J. Wieselthier, G. Nguyen, and A. Ephremides,: On the construction of energyefficient broadcast and multicast trees in wireless networks, IEEE INFOCOM 2000. 11. G. Bianchi,: Performance Analysis of the IEEE 802.11 Distributed Coordination Function, IEEE J. Select. Areas Commun., pp. 535-547, March 2000. 12. B. Sadeghi, V. Kanodia, A. Sabharwal and E. Knightly,: Opportunistic media access for multirate Ad Hoc networks, ACM Mobicom 2002, July 2001.

An Adaptive Concurrency Control QOS Agent for Ubiquitous Computing Environments Eung Nam Ko Department of Information & Communication, Baekseok University, 115, Anseo-Dong, Cheonan, ChungNam, 330-704, Korea [email protected]

Abstract. This paper presents the design of the adaptive concurrency control QOS agent, which is running on RCSM(Reconfigurable Context Sensitive Middleware) for ubiquitous networks. RCSM provides standardized communication protocols to interoperate an application with others under dynamically changing situations. It describes a hybrid software architecture that is running on situation-aware middleware for a web based distance

education system which has an object with a various information for each session and it also supports multicasting with this information. There are two approaches to software architecture on which distributed, collaborative applications are based. Those include CACV(CentralizedAbstraction and Centralized-View) and RARV(Replicated-Abstraction and Replicated-View). We propose an adaptive concurrency control QOS agent based on a hybrid software architecture which is adopting the advantage of CACV and RARV for situation-aware middleware.

1 Introduction A variety of collaborative applications have been developed ranging from video conferencing tools to shared whiteboard and text editors to distributed virtual environments to video recording on-demand systems[1,2]. The multimedia distance education is concentrated an interest about new education methods by join an education engineering and an information communication technology[3]. A general web-based distance system uses video data and audio data to provide synchronize between teacher and student. In a ubiquitous computing environment, computing anytime, anywhere, any devices, the concept of situation-aware middleware has played very important roles in matching user needs with available computing resources in transparent manner in dynamic environments [4]. It is difficult to avoid a problem of the seam in the ubiquitous computing environment for seamless services. Thus, there is a great need for concurrency control algorithm in situation-aware middleware to provide dependable services in ubiquitous computing. The system for a web based multimedia distance education includes several features such as audio, video, whiteboard, etc, running on situation-aware middleware for internet environment which is able to share HTML format. This paper describes a hybrid X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 560 – 569, 2006. © IFIP International Federation for Information Processing 2006

An Adaptive Concurrency Control QOS Agent

561

software architecture that is running on situation-aware middleware for a web based distance education system which has an object with a various information for each session and it also supports multicasting with this information. There are two approaches to software architecture on which distributed, collaborative applications are based. Those include CACV(Centralized-Abstraction and Centralized-View) and RARV(Replicated-Abstraction and Replicated-View). We propose an adaptive concurrency control QOS agent based on a hybrid software architecture which is adopting the advantage of CACV and RARV for situation-aware.

2 QOS Layered Model Traditional QoS (ISO standards) was provided by the network layer of the communication system. An enhancement of QoS was achieved through inducing QoS transport services. For multimedia communication system, the QoS notion must be extended because many other services contribute to the end-to-end service quality. The multimedia communication system consists of three layers: application, system (including communication services and operating system services), and devices (network and multimedia devices). As shown in Figure 3, the organization of QoSlayered model for the multimedia communication system include 4 layers. The four layers consist of a user QoS layer, an application QoS layer, a system QoS layer and a network QoS layer[5].

User

Application

System

MM Devices ( Device QoS)

(User QoS)

(Application QoS)

(System QoS)

Networks (Network QoS)

Fig. 1. QoS Layering

562

E.N. Ko

3 Our Approach 3.1 RCSM(Reconfigurable Context-Sensitive Middleware) In the Context Toolkit, a predefined context is acquired and processed in context widgets and then reported to the application through application-initiated queries and callback functions. In this Reconfigurable Context-Sensitive Middleware(RCSM), Stephen S. Yau et al.[6] proposed a new approach in designing their middleware to directly trigger the appropriate actions in an application rather than have the application itself decide which method(or action) to activate based on context. RCSM provides an Object-based framework for supporting context-sensitive applications. Figure 2 shows how all of RCSM’s components are layered inside a device.

Situation-Aware Application Objects RCSM

Optional Components RCSM Ephemeral Group Communication Service

Other Services

Core Components

O S

Adaptive Object Containers (ADCs) [Providing awareness of situation] RCSM Object Request Broker (R-ORB) [Providing transparency over ad hoc communication]

Transport Layer Protocols for Ad Hoc Networks

Sensors

Fig. 2. RCSM’s integrated components

All of RCSM’s components are layered inside a device. The Object Request Broker of RCSM (R-ORB) assumes the availability of reliable transport protocols; one R-ORB per device is sufficient. The number of ADaptive object Containers (ADC)s depends on the number of context-sensitive objects in the device. ADCs periodically collect the necessary “raw context data” through the R-ORB, which in turn collects the data from sensors and the operating system. Initially, each ADC registers with the R-ORB to express its needs for contexts and to publish the corresponding context-sensitive interface. RCSM is called reconfigurable because it allows addition or deletion of individual ADCs during runtime (to manage new or existing context-sensitive application objects) without affecting other runtime operations inside RCSM. Ubiquitous applications require use of various contexts to adaptively communicate with each other across multiple network environments, such as mobile ad hoc

An Adaptive Concurrency Control QOS Agent

563

networks, Internet, and mobile phone networks. An example of SmartClassroom is illustrated in [7]. However, it did not include concurrency control QoS support in the architecture. 3.2 QOS Layered Model for Multimedia Distance Education System Our proposed model aims at supporting concurrency control mechanism running RCSM in order to provide ubiquitous, seamless services. An example of situationaware applications is a multimedia distance education system. As shown in Figure 3, multimedia distance education systems include advances services, coordination services, cooperation services, and media services. Advances services consist of various subclass modules. This subclass module provides the basic services, while advances services layer supports mixture of various basic services. Advances services include creation/deletion of shared video window and of creation/deletion of shared window. Shared window object provides free hand line, straight line, box, text to collaboration work participant and the participants can use such as the same file in this shared windows. Coordination services include session control module, and floor control module. Session control module controls the access to the whole session. This session can be meeting, distance learning, game and development of any software. Session control also facilities the access and limits the access to the whole session. Session control module monitors the session starts, terminates, joins and invites and it also permit another sub-sessions. Session control module has an object with an various information for each session and it also supports multicasting with this information. Floor control controls the person who can talk, and person who can change the information. Mechanism of the floor control consists of braining storming, priority, mediated, token-passing and time-out, In floor control module, it provides explicit floor and braining storming. Cooperation services include window overlays module, and window sharing module. Window overlays module is laid a simple sketching tool over a copied window. It provides all users with transparent background and tele-pointers. So, all users can point and gesture. Window sharing module is a combination of window copying, window overlays, floor control and session control. All users are able to interact through application shared by them. One user is running a single user application. The other users get to see exactly what this user sees. The application can allow different users to interact with the application by selecting one of the user’s keyboard and mouse the source of input. Media services support convenient services for application using DOORAE environment. Supplied services are the creation and deletion of the service object for media use, media share between remote user. Media services modules limit the service by hardware constraint. We assumed throughout this paper the model shown in Figure 3. This model consists 3 QoS layer: Application QoS(including application layer and DOORAE layer), System QoS(including system layer), Network QoS(including communication layer). In this paper, we concentrate in the application QoS layer. There are several constraints which must be satisfied to provide guarantees during multimedia transmission. They are time, space, device, frequency, and reliability constraints. Time constraints include delays. Space constraints are such as system buffers.

564

E.N. Ko

Application services (Application QOS)

Advanced services (Application QOS) Common services Coordination services

Cooperation services Server

Operating services

Media services

(System QOS)

Network services (Network QOS)

Fig. 3. QOS Layered Model for Multimedia Distance Education System

Device constraints are such as frame grabbers allocation. Frequency constraints include network bandwidth and system bandwidth for data transmission. In this paper, we discussed concurrency control constraints. 3.3 Web Based Multimedia Distance Education System This paper proposes an URL synchronization function used in WebNote with remote collaborative education system based on situation-aware middleware for CBM (Computer Based Multimedia). It retrieves the common characteristics of these tools and designs an integrated model including all these methods for supporting concurrent collaborative workspace. As shown in Figure 4, this paper describes an integrated model which supports object drawing, application sharing, and web synchronization methods of sharing information through a common view between concurrently collaborating users. This proposed model consists of multiple view layout and each layout control, a unified user interface, and defines the attributes of a shared object.

An Adaptive Concurrency Control QOS Agent

565

User Interface Multiple View Manager White Board & Error Control Module

HTML Layout Module Web Synchronization Agent

Image Layout Engine

Application Sharing Agent

Network Transport Module Fig. 4. An Integrated Model with Web Synchronization

3.4 URL Synchronization As shown in Figure 5, you can see the relationship between WebNote Instance and WebNote SM. This system is used to be one of services that are implemented on Remote Education System. This Remote Education System includes several features such as Audio, Video, Whiteboard, WebNote running on Internet environment which is able to share HTML(Hyper Text Mark-up Language). We have implemented WebNote function to do so either. While session is ongoing, almost all participants are able to exchange HTML documents. For this reason, we need the URL synchronization. To win over such dilemma for centralized or replicated architecture, a combined approach, CARV(the centralized abstraction and replicated view) architecture is used to realize the application sharing agent. This system is used to be one of services that are implemented on Remote Education System. This Remote Education System includes several features such as Audio, Video, Whiteboard, WebNote running on Internet environment which is able to share HTML(Hyper Text Mark-up Language). We have implemented WebNote function to do so either. While session is ongoing, almost all participants are able to exchange HTML documents. For this reason, we need the URL synchronization. To win over such dilemma for centralized or replicated architecture, a combined approach, CARV(the centralized abstraction and replicated view) architecture is used to realize the application sharing agent. 3.5 Hybrid Software Architecture for Concurrency Control As shown in Figure 6, to win over such dilemma for centralized or replicated architecture, a combined approach, CARV(the centralized abstraction and replicated

566

E.N. Ko

Daemon

WebNote Instance

WebNote Instance

WebNote Session Manager

Daemon

WebNote Session Manager

Internet

Web URL/Hook/Application Synchronization Server Session Monitor

GSM

Traffic Monitor

Fig. 5. The relationship between WebNote Instance & WebNote SM

Local window

Local window

Shared window

GSM

Shared window

Local window

Shared window

Fig. 6. Web Based CARV Architecture for Concurrency Control

view) architecture is used to realize the application sharing agent. The shared window is a window shared by all the participants, and the modification carried out by the speaker is notified to every other participants. The local window is not shared except

An Adaptive Concurrency Control QOS Agent

567

initial file. The tool box provides various tools for edting contents of both the shared window and the local window. Figure 6 shows that teacher and students use their local windows and shared window indivisually. The local window has the lecture plans which is distributed at the beginning, and enables participants to memo and browsing other parts in the lesson plans, and has functions as a whiteboard.

4 Simulation Results As shown in Table 1, conventional multimedia distance education systems are Shastra, MERMAID, MMconf, and CECED. You can see the characteristic function of each system function for multimedia distance education. A proposed main structure is distributed architecture but for application program sharing, centralized architecture is used. The problem of rapid increase in communication load due to growth in number of participants was solved by letting only one transmission even with presence of many users, using simultaneous broadcasting. Basically, there are two architectures to implement such collaborative applications; the centralized architecture and replicated architecture, which are in the opposite side of performance spectrum. Because the centralized architecture has to transmit huge amount of view traffic over network medium, its performance is reduced to contaminate the benefits of its simple architecture to share a copy of conventional application program. On the Table 1. Analysis of Conventional Multimedia Distance Education System

Function

ShaStra UNIX Purdue Univ. USA 1994

MERMAID UNIX NEC, JAPAN

MMconf UNIX CamBridge USA

CECED UNIX SRI, International

1990

1990

1993

Server /client

Server /client

Replicated

protocol

TCP/IP

TCP/IP

Centralized or Replicated TCP/IP

Concurrency Control running on RCSM Web Based running on RCSM

No

No

No

TCP/IP multicast No

No

No

No

No

OS Development Location Development Year Structure

568

E.N. Ko

other hand, the replicated architecture guarantees better performance in virtue of its reduced communication costs. However, because the replicated architecture is based on the replication of a copy of application program, it is not suit to use for application sharing realization. The figure on the vertical line means relative overheads compared with maximum value on RARV.

Fig. 7. Serialization Overhead of Each Architecture

5 Conclusions The focus of situation-aware ubiquitous computing has increased lately. An example of situation-aware applications is a multimedia education system. The development of multimedia computers and communication techniques has made it possible for a mind to be transmitted from a teacher to a student in distance environment. The roles of application program sharing are divided into two main parts; abstraction and sharing of view generation. Application program sharing must take different from each other according to number of replicated application program and an event command. There are two different structures. Those are CACV and RARV. In this paper, we discuss a hybrid software architecture which is adopting the advantage of CACV and RARV. CACV is centralized architecture where only one application program exists among entire sharing agents and centralized server takes care of input processing and abstraction is the same. RARV is replicated architecture at which application data input(event) that is generated when sharing takes place is transferred and executed. This means that only event information is separately performed. We proposed an adaptive concurrency control QOS agent based on a hybrid software architecture which is adopting the advantage of CACV and RARV for situation-aware middleware. It described a hybrid software architecture that is running on situation-aware ubiquitous computing for a web based distance education system which has an object with a various information for each session and it also supports multicasting with this information. This paper proposed a new model of concurrency control by analyzing the window and attributes of the attributes of the object, and based on this, a mechanism that offers a seamless view without interfering with concurrency control is also suggested. We remain these QoS resolution strategies as future work.

An Adaptive Concurrency Control QOS Agent

569

References [1] Holfelder W, “Interactive remote recording and playback of multicast videoconferences”, Proc. of IDMS’97, Darmstadt, Germany, Sep. 1997. [2] G.Fortino and L. Nigro, “A Cooperative Playback System for On-Demand Multimedia Sessions over Internet”, 2000 IEEE International Conference on Multimedia and Expo ICME2000 Proceedings Volume I, July 30 – August 2, NY USA, pp.41-44. [3] T. Boyle, “Design for Multimedia Learning”, Prentice Hall Europe, 1997. [4] S. S. Yau and F. Karim, "Contention-Sensitive Middleware for Real-time Software in Ubiquitous Computing Environments", Proc. 4th IEEE Int’l Symp. on Object-Oriented Real-time Distributed Computing (ISORC 2001), May 2001, pp. 163-170.

[5] Ralf Steinmetz and Klara Nahrstedt, “Multimedia: computing, communications & Applications”, Prentice Hall P T R. [6] S. S. Yau, Y. Wang, D. Huang, and H. In “A Middleware Situation-Aware Contract Specification Language for Ubiquitous Computing”, FTDCS 2003. [7] Saha, D.; Mukherjee, A.; “Pervasive computing: a paradigm for the 21st century”, IEEE Computer, Volume: 36, Issue:3, March 2003, Page(s): 25-31.

An Efficient End-to-End QoS Supporting Algorithm in NGN Using Optimal Flows and Measurement Feed-Back for Ubiquitous and Distributed Applications Se Youn Ban1, Seong Gon Choi2, and Jun Kyun Choi1 1

Information and Communication University 2 ChungBuk National University [email protected], [email protected], [email protected]

Abstract. This paper proposes an efficient end-to-end QoS supporting mechanism in Next Generation Network (NGN) with heterogeneous QoS capability to support ubiquitous and distributed applications. To address this, there should be proper admission control mechanism and adaptive provisioning to sustain endto-end QoS and maximize network utilization. Resource and Admission Control Subsystem of NGN has unique feature of centralized network resource control rather than other network control protocol system in IP network. By showing optimal flows in heterogeneous QoS capability network, NGN can support average delay of end-to-end which the applications could receive proper Quality of Service over network. Keywords: NGN, end-to-end QoS, resource admission and control, differential service.

1 Introduction Today’s hottest issue is a Next Generation Network (NGN) to provide users consistent and ubiquitous services. The NGN discussed in ITU-T has such characteristics; packet-based transfer, broadband capabilities with end-to-end services, interworking with legacy networks, converged services between fixed and mobile network, and so on [1]. There are various data transport network with own QoS supporting technologies. Diffserv IP network shall be core network of NGN and the network resource shall be controlled by RACS in NGN [2]. Even though core network supports Diffserv, there are many different access network technologies which are usually layer 2. Therefore we need end-to-end QoS supporting mechanisms for user applications in heterogeneous network environment where various layer 2 QoS technologies in access network and Diffserv QoS capability in core network coexist. Three QoS provisioning mechanisms consist of classification, admission and reservation [9]. IntServ and DiffServ are main models to provide end-to-end QoS. RSVP [4] of IntServ guarantees absolute QoS for end-to-end QoS by per-flow basis reservation but it is very complex and there is scalability problem for all network X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 570 – 578, 2006. © IFIP International Federation for Information Processing 2006

An Efficient End-to-End QoS Supporting Algorithm

571

equipments to understand it and support QoS. DiffServ model is scalable and easy to interwork with other QoS technologies but it provides relative QoS. Absolute DiffServ [8] is considered to give each class absolute QoS by aggregate basis reservation. It needs admission control schemes to guarantee absolute bound of specific QoS parameters. Admission control can be planning-based or measuring-based. Utilization-based admission control [9] based on planning is simpler and more scalable than RSVP [4] based on probing but it only concerns homogeneous Diffserv network. Applications want network QoS based on IP 5-tuple flow for their services. NGN core network has Diffserv ability and Edge nodes between core and access network have per-flow control capability. Access Networks consist of various layer 2 technologies such as Ethernet, WirelessLAN, ADSL and so on. Theses layer 2 technologies have lack of supporting QoS of per-flow level. RACS of NGN tries to control and monitor all network equipments with assuming at least minimum interfaces between RACS and the equipments. The most of these mechanisms assume pure Diffserv network and under NGN environment, we need a QoS-supporting mechanism over heterogeneous networks which could not have Diffserv capability and RACS controllability. Admission control is the most efficient way to protect core network to keep its ability to support end-to-end QoS. We can treat core network as Diffserv network and access networks as best effort network because data network technologies can not differentiate IP 5-tuple based flows. As RACS knows network topology, we can calculate optimal Diffserv flows among access and core network with heterogeneous environment. Edge nodes can perform admission control with pre-calculated optimal flows map. It can guarantee absolute QoS even in heterogeneous network. Also by changing classification of flows with class of Diffserv based on run-time measurement, it can maximize network utilization. This paper consists of the following; Section 2 describes the related works in admission control mechanism in packet network. Section 3 proposes an architecture and algorithm of admission control to support end-to-end QoS with RACS of NGN and Section 4 shows numerical analysis. Finally, we conclude in section 5.

2 Related Works Admission control in IP network can be categorized by two areas; Planning-based admission control like utilization-based admission control [3] uses arbitrary thresholds as admission control parameter. It is very simple and commonly used, but not easy to find optimal threshold to restrict traffic. Another approach in admission control is measuring-based admission control like RSVP[4] and agent-based selection[5]. It is efficient of using network resource and dynamically adapted to any network situation, but very complex and overhead because it sends a probe in network or measure every user request over core network. In this paper, we propose finding optimal threshold to maximize network utilization and adaptive QoS provisioning for end-to-end QoS based on QoS measurement.

572

S.Y. Ban, S.G. Choi, and J.K. Choi

2.1 Measurement-Based Admission Control [10] Measurement-based admission control algorithms (MBAC) were designed to achieve high levels of network utilization for such relaxed real-time services in IntServ model. The conservative worst-case parameter-based methods are wasting network resource to low utilization and hard to find even worst-case parameters. The MBAC for controlled-load service uses measurement to estimate existing traffic load and admits a new flow of rate r if the following test succeeds of Measured Sum, νˆ % υμ − r where νˆ is the measured load of existing traffic, and υ is a user-defined utilization target intended to limit the maximum link load. Upon admission of the new flow the load estimate is increased by νˆ = νˆ + r . It calculates the equivalent bandwidth for a set of flowing using the Hoeffding bounds. The MBAC uses three measurement mechanisms: Time-window, Point Sampling and Exponential Averaging. Time-window measurement mechanism is to measure network load and used for the Measured Sum of admission control. It computes an average load every S sampling period. At the end of a measurement window T, it uses the highest average from the just ended T as the load estimate for the next T window. When a new flow is admitted to the network, the estimate is increased by the rate of the new flow. If a newly computed average is above the estimate, the estimate is immediately raised to the new average. At the end of every T, the estimate is adjusted to the actual load measured in the previous T. Point Sampling mechanism is the measurement mechanism which the sampling time window is in T/S ratio of 1. Hoeffding bounds algorithm of MBAC uses Exponential Averaging mechanism to get an exponential average load. An average load is measured once every S sampling period. The exponential average load is computed using aninfinite impulse response (IIR) function The MBAC allows for the greatest degree of flexibility in operation by relying on historical data for the tuning of its parameters. But in the view point of end-to-end differential service, it is hard to measure all user flows over network because it is studied in IntServ model and find optimal upper utilization parameters because it does not concern multi-node network. 2.2 Utilization-Based Admission Control [9] Utilization-based Admission Control (UBAC) provides statistical guarantees within the diffserv model in a network, that uses static-priority schedulers. It derives delay bounds without specific information on flow population to employ a utilization-based admission control approach for flow admission. The UBAC does not require explicit delay computation at admission time and hence is scalable to large systems. In Integrated Services, connections are controlled both by admission control at connection establishment time and packet scheduling during the lifetime of the connections. The mechanism of UBAC defines a utilization bound below which all the workload using the resource is guaranteed to meet its deadline. UBAC was first proposed in [22] for preemptive scheduling of periodic tasks on a single server. This idea was used in general multi-node networks in the diffserv setting for providing deterministic guarantees. It has assumptions about network nodes and network traffic follow the Differentiated Services architecture: In the network, they differentiates flow-aware

An Efficient End-to-End QoS Supporting Algorithm

573

edge routers from core routers, which are only aware of aggregations of flows in form of flow classes. The network traffic consists of flows. They limits our solution to the system with two flow classes. Each flow belongs to one of two flow classes: (1) highpriority class with deadline constraints, i.e., real-time class and (2) a low priority, best-effort class. The UBAC consists of three mechanisms; Statistical flow-population-insensitive delay computation and utilization bound verification, Efficient admission control and Packet forwarding control. In configuration time, The UBAC estimates the delay upper bound for every class at each router with Statistical flow-population-insensitive delay computation and utilization bound verification using the flow populationinsensitive delay method. This verifies whether the end-to-end delay bound in each feasible path of the network satisfies the deadline requirement as long as the bandwidth usage on the path is within a pre-defined limit, i.e., the utilization bound. As the delay has been verified at configuration time, Efficient admission control mechanism can check only if the bandwidth is available along the path of the new flow. In packet forwarding control mechanism, routers transmits packets according to their priorities which are marked in their header. Within the same priority, packets are served in FIFO order. The UBAC gives good theoretical background of efficient admission control in Diffserv model to support end-to-end QoS with delay bound. If the network is not defined as one Diffserv model, the UBAC does not apply its mechanism directly. In next chapter, this paper gives idea of how to get utilization bound with give class delay in heterogenous network with DiffServ and best-effort model and reduce the measurement overhead to sustain end-to-end QoS.

3 Architecture and Mechanism of Admission Control to Support End-to-End QoS in NGN NGN network consists of two parts; access network and core network. There are many kinds of access networks which support network layer 2 technologies. They can support QoS for network layer 3. But many ubiquitous and distributed applications want end-to-end QoS of network layer 4; IP 5-tuple based QoS. NGN assumes that IP Diffserv and MPLS Diffserv are supported in core network [6]. RACS of NGN is one of solutions to supports resource and admission control to ensure end-to-end network resource for session service of applications. A problem of RACS is that when it provides like session service, it should check and handle network resource for each session service. This situation causes overhead in core network and access network, because all of service request from each access network flows into a core network and access network generally does not handle IP 5-tuple based flows. The rate to check and handle network resource in core network is much bigger than in access network and it is necessary to reduce complexity in core network. Edge Router (ER) is a gateway between core and access network. The admission control mechanism is located in ER. Generally, various access networks (ex,ADSL,LAN...) do not support IP 5-tuple based QoS and they look like best-effort network in the point view of transport

574

S.Y. Ban, S.G. Choi, and J.K. Choi

Fig. 1. Network Architecture of NGN

Fig. 2. Hop-based proportional Diffserv priority provisioning

network. NGN core network supports differential service and edge routers have perflow control capability. Of course, per-flow control capability can be in access nodes in access networks but cost and complexity are so high.

An Efficient End-to-End QoS Supporting Algorithm

575

The algorithm has two parts of provisioning and feedback. First, it processes admission and network resource provisioning. Second, it modifies the provisioning based on performance measurement. Because network situation is changing, the provisioning could change to satisfy end-to-end QoS. Additionally, because measureing performance of all flow is so complex, the algorithm also gives the way to reduce measurement of flow and period. It can extend the interval of measurement until the request QoS is not satisfied. Let’s assume that user want real-time session service such like video conference. User requests Service Control Function (SCF) to support his service. SCF request Policy Decision Function (PDF) of RACS with bandwidth and QoS class. PDF processes network resource provisioning for end-to-end QoS. It can decide admission control of the request flow and give priority to guarantee the request QoS. After provisioning, it needs to confirm the service request satisfied by measuring performance. If measured QoS is worse than the requested QoS, ascend priority and decrease measure interval. If measured QoS shows lower priority could satisfy the request QoS, descend priority and decrease measure interval. If measured QoS shows the requested QoS is satisfied, increase measure interval.

4 Numerical Analysis Let s think about [Fig 6] network architecture. Access network is network layer 2 network and its topology is based on tree architecture. Of course it does not need any routing capability and care IP 5-tuple flows. We assume the access network is besteffort network. Core network has differential service (Diffserv) capability. Edge Router of ingress node has per-flow control capability to classify, mark and admit packets. We assume the core network is Diffserv network with priority queueing.

Fig. 3. Access and core network of different flow QoS capabilities

Diffserv network in real world is so complicate and there is a little proper formula to provide total average delay. So I consider Priority Queueing service to bound delay to satisfy quality of priority class and modify Optimal Flow Control Problem with packet network. Final objectives is to find optimal rate of priority class and hops to satisfy priority class delay bound even if it gives lower priority. In this formulation, I try to find optimal rate of priority class in simple case and the later will remain a future study. Priority queuing model is one node analysis to find average delay and throughput with priority class. There are three kinds of Priority Discipline; Non-preemptive,

576

S.Y. Ban, S.G. Choi, and J.K. Choi

Preemptive resume and Preemptive non-resume. Non-preemtive is used to formulate the problem. Average waiting time for priority class p is below:

[ ]

p

p −1

k =1

k =1

E W p = E[T0 ] + ¦ E[Tk ] + ¦ E[Tk' ] where T0 : the completion time of current service Tk : service time of mk messages of priority 1,2,..., p already waiting Tk' : service time of k = 1,2,..., p - 1 high priority message during the waiting time

[ ]

p

p −1

p

k =1

k =1

k =1

[ ] (1 − σ E[T)(1]− σ )

E Wp =

0

p −1

p

p −1

[ ]¦ ρ

E W p = E[T0 ] + ¦ E[Tk ] + ¦ E[Tk' ] = E[T0 ] + ¦ ρ k E[Wk ] + E W p

k

k =1

p

wh ere σ p = ¦ ρ k k =1

Fig. 4. Flows with two best-effort and one DiffServ network

Let’s assume other situations: 1. Two priority classes, High priority 2. 3. 4. 5. 6. 7.

average delay bound to 100msec,Low

priority no average delay bound nodes can accept traffic within max arrival rate Core node has Non-preemptive priority queueing capability Fixed Routing - Three flow paths Processing (departure) rate of node is fixed Average delay at node follows queueing model No link delay (0.3 msec link delay per 100km in real world)

And we want to maximize network utilization subjected to sum of arrival rates in a node is bound to max arrival capacity and sum of average delay of priority flow is bound. Maximize:

¦ U (λ ) + ¦ U ¦ λi ≤ λmax high

high

Subject to:

node

i

low

(λi )

low

(ρ1 μ1 ) + (ρ 2 μ2 ) + (ρ μ ) ≤ D ¦ ¦ proirity − 1 ρ ( ) ( DiffServ _ node BestEffort _ node 1 − ρ ) 1

An Efficient End-to-End QoS Supporting Algorithm

577

Let’s utilization function follows logarithm, High class is 30% more utility than low class and Utility is directly proportional to the number of hops of flow. Network supports IP class 0 QoS [7] and capacities of network are 10 Mbps. Maximize: 3.9 ln(λ11 ) + 1.3 ln(λ 21 ) + 1.3 ln(λ 31 ) + 3 ln(λ12 ) + ln(λ 22 ) + ln(λ 32 ) Subject to:

λ11 + λ21 + λ12 + λ22 ≤ 10 M λ11 + λ12 ≤ 10 M

λ11 + λ31 + λ12 + λ32 ≤ 10M

y1 + y2 + y3 ≤ 0.1 λ11 + λ12 ≤ y1 λ11

1−

10M

λ11 + λ12 + λ21 + λ22 ≤ y2 λ11 + λ12 + λ21 + λ22

1−

10 M

λ11 + λ12 + λ31 + λ32 ≤y λ11 + λ12 + λ31 + λ32 3

1−

10M

With this optimization problem, we can find the following result.

Fig. 5. Optimal flow with delay bound

Because total network capacity is 10, this network utilization is about 25%. Max utilization of best-effort queueing network is about 60%.In heterogeneous QoS environment, it must use a third of network utilization to provide differential service and guarantee average delay bound for high QoS class. Of course, as average delay bound looses, the network utilization increases. If it increases average delay bound infinite, it is removing the delay bound constraint. The sum of optimal flow rate at node is as same as maximum flow rate capacity at node. It shows co-relationship between rate capacity and the saturation point and it means we can calculate node capacity given delay bound in Diffserv network vice versa. As we see the result, long path flow causes network performance low. We can find the optimal flow rate given delay-bound and node capacity. If we know the optimal flow rate, we can use these pre-calculated optimal flows for admission control and modify Diffserv traffic with the optimal flow rate – like increasing or decreasing high priority flow to the optimal flow. We show the optimal flow and our algorithm is useful to optimize network utility.

578

S.Y. Ban, S.G. Choi, and J.K. Choi

5 Conclusion and Future Works In this paper, we have present category of admission control in IP network in NGN, architecture and algorithm of efficient admission control using pre-calculated optimal flows and measurement feed-back mechanism. The admission control based on optimal flows can guarantee end-to-end QoS among heterogeneous QoS capabilities of access networks and core network. Measurement feed-back mechanism can sustain the request QoS, reduce network overhead and maximize network utilization. We need to verify the algorithm for specific access networks and core network such as Ethernet and MPLS. Furthermore, we will develop general equation to find optimal flows for networks with heterogeneous QoS capabilities. Acknowledgments. This work was supported in part by the MIC, Korea under the ITRC program supervised by the IITA and the KOSEF under the ERC program. T

T

References [1] SG13, Functional Requirements and Architecture of the NG ,ITU-T,May 2004. [2] SG13, Functional Requirements and Architecture for Resource and Admission Control in Next Generation Networks , ITU-T, May 2004. [3] D. Xuan, C. Li, R. Bettati, J. Chen, W. Zhao, Utilization- Based Admission Control for Real-Time Applications, The IEEE International Conference on Parallel Processing, Canada, Aug. 2000. [4] L. Zhang, S. Deering, D. Estrin, S. Shenker and D. Zappala, RSVP: a new resource reservation protocol, IEEENetworks Magazine, vol. 31, No. 9, pp. 8-18, September 1993. [5] G. Papaioannou, S. Sartzetakis, and G.D. Stamoulis. Efficient agent-based selection of DiffServ SLAs over MPLS networks within the ASP service model. Journal of Network and Systems Management, Special Issue on Management of Converged Networks, Spring 2002. [6] SG13, An end-to-end QoS architecture based on centralized resource control for IP networks supporting NGN services , ITU-T, May 2004. [7] SG13, Network Performance Objectives for IP-Based Services , ITU-T, Feb. 2003. [8] B. Teitelbaum, "QBone Architecture (vl.O)", Internet2 QoS Working Group Draft, http:iiww.inlemet2 .eduiqosiwglpapersiqbArchi I .Oidrafti2-qbone-arch-l .O.html, Aug. 1999. [9] S. Wang, D. Xuan, R. Bettati and W. Zhao, Providing Absolute Differentiated Services for Real-Time Applications in Static Priority Scheduling Networks, Proceedings of IEEE INFOCOM 01, April, 2001. [10] Jamin, P. B. Danzig, S. J. Shenker, and L. Zhang. A Measurement-based Admission Control Algorithm or Integrated Services Packet Networks (Extended Version) . ACM/IEEE Transactions on Networking, Feb. 1997.

An RFID System Based MCLT System with Improved Privacy Jin Kwak1, , Keunwoo Rhee2 , Namje Park2,3, Howon Kim3 , Seungjoo Kim2 , Kouichi Sakurai1 , and Dongho Won2, 1

2

Faculty of Information Science and Electrical Engineering, Kyushu University, Japan {jkwak, sakurai}@itslab.csce.kyushu-u.ac.jp Information Security Group, Sunkyunkwan University, Korea {kwrhee, skim, dhwon}@security.re.kr 3 Information Security Research Division, ETRI, Korea {namejepark, khw}@etri.re.kr

Abstract. Radio Frequency Identification (RFID) systems are increasingly becoming accepted for many EPC Network applications. However, RFID systems have some privacy problems. In this paper, a system for missing child location tracking in the EPC Network applications, is proposed. The proposed system improves security and privacy compared to existing applications, while also keeping in line with traditional procedures, commonly accepted by most industrial applications. The proposed MCLT (Missing Child Location Tracking) system can protect users’ privacy while providing location tracking of the RFID tag. Keywords: EPC Network, RFID system, application service, privacy, security, location tracking.

1

Introduction

The main technology of the EPC Network consists of a RFID system that recognizes and manages RFID tags by use of the Radio Frequency (RF) signal. Low-cost RFID tags can be read, and information can be updated without any physical contact. Therefore, RFID systems have become popular for automated identification in EPC Network applications [8,14,20,23,25]. However, this technology creates new problems, the most important being the invasion of users’ privacy. Thus, several methods for protecting the users’ location privacy have been proposed [11,12,17,19,21,22,28,29]. However, previous protocols do not resolve security and privacy problems such as location tracking, location history disclosure, and counterfeiting (see [19] for 



The first author was supported by the Korea Research Foundation Grant funded by the Korean Government (MOEHRD). (KRF-2006-214-D00152). Corresponding Author: Dongho Won ([email protected]), He was supported by the University IT Research Center Project funded by the Korean Ministry of Information and Communication.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 579–590, 2006. c IFIP International Federation for Information Processing 2006 

580

J. Kwak et al.

more details). In addition, the proposed protocols are not suitable for ubiquitous computing environment, and using distributed databases. In particular, although the RFID tag enables location based applications to be more effective, it may also allow access to information regarding users location, without their agreement. Location based services rely on the availability of user location information. However, location information is sensitive, therefore, releasing this information to random entities may create security and privacy problems. In particular, the previous protocols are not suitable for location based systems for missing child location tracking in EPC Network applications. In this paper, a system for missing child location tracking using EPC Network applications is proposed. In this proposed MCLT system: (1) the user registers with the registration authority (RMA in this paper), (2) the registration authority issues the user with a tag which, for privacy, includes an anonymous-EPC, (3) access to tag information is permitted only by authorized administrators, and (4) for anonymity, the authentication process is performed using a random response at each authentication process between the tag and the reader. In addition, the location of a user can be securely and effectively tracked by authorized administrators, such as in the case of finding a missing child (the tagged user (tag holder)). The subsequent sections of this paper are organized as follows. After shortly discussing the EPC Network and the associated components in Section 2, security and privacy requirements for the proposed system are presented in Section 3. In Section 4, the EPC Network based MCLT (Missing Child Location Tracking) System is proposed, enabling the protection of users’ privacy, while allowing location tracking of the tagged user (tag holder) by authorized administrators when a child is missing. Finally, conclusions are presented in Section 5.

2

The EPC Network

The EPC Network includes several components, the EPC, tag, reader, EPC Information Server (EPCIS), Object Name Service (ONS), and Middleware [1,2,5,6,7,10,16,24]. •EPC: The binary representation of the EPC (Electronic Product Code), a combination of Header, EPC Manager, Object Class, and Serial Number. Header identifies the version, length, tag type, and structure of the code. EPC Manager identifies a company, a manager, or an organization. In short, it indicates a manufacturer ID. Object Class indicates article classification (manufacturer’s product ID). The class number must be unique for all given domains. Serial Number is unique for every class and non-repeating for each object class code. •EPC Middleware: EPC Middleware manages EPC data received from the reader, provides alerts, and reads information for communication to the EPCIS (EPC Information Services) or the company’s other existing information systems. EPCglobal is developing a software interface standard for services

An RFID System Based MCLT System with Improved Privacy

581

enabling data exchange between an EPC reader or network of readers and information systems. EPC middleware designed to process the stream of tag data coming from one or more readers, and this particular piece of software manages readers. •RFID Tags and Readers: RFID systems are basically composed of tags and readers. The tag generally consists of an IC chip and an antenna. The IC chip in the tag is used for data storage and logical operations, whereas the coiled antenna is used for communication with the reader. The reader generally consists of an RF module, control unit, and coupling element to interrogate electronic tags via RF communication. The RFID tag is either an active or a passive tag1 . The EPC is stored on this tag. Tags communicate their EPCs to readers using a RF signal. The readers communicate with tags using the RF signal and deliver information to application systems with EPC middleware. •EPC Information Service: EPCIS (EPC Information Services) enables users to exchange EPC-related data with trading partners through the EPC Network. EPCIS provides EPC Network related data available in PML format to request services. Data available through the EPCIS may include tag data collected from EPC middleware such as date of manufacture, expiry date, and product information. •Discovery Service: The ONS provides a global lookup service, translating EPCs into one or more Internet Uniform Reference Locators (URLs), where further information regarding the object may be retrieved. In short, the ONS provides yellow page services for the EPC Network, allowing participants to quickly discover the server in the EPC Network containing the information associated with a particular EPC. The ONS works same as Domain Name Service (DNS), the foundation naming protocol for the Internet.

3

Security and Privacy Requirements for the Proposed System

In EPC Network applications, especially location based services such as missing child location tracking services, the availability of the users’ location information is depended on. However, users usually prefer their location information to be kept secret, because their personal location information is regarded as sensitive. Therefore, only authorized entities should have access to users’ location information, and only when necessary [15]. In this section, security and privacy requirements for the proposed system are described. For users’ privacy, the EPC of the tag should not be known to the reader or system; only authentication of the tag should be provided. In addition, only authorized administrators should have access to location information, and only when necessary [15]. 1

The active tag possesses a battery and actively transmits information to the reader for communication. The passive tag must be inductively powered from the RF signal of the reader since RFID tags usually do not possess their own battery power supply. In this paper, the passive tag used to accomplish a hash operation.

582

J. Kwak et al.

Anonymity: The recipient of a response generated by the tag can verify that it is a valid response of the query, but cannot discover which tag created it. Unlinkability: The recipient of a response generated by the tag can verify that it is a valid response of the query, but cannot be decided whether two responses have been generated by the same tag. Traceability: The EPC of the tag should be encrypted and stored in a Registration and Management Authority (RMA). Location tracking of the tag holder should be possible only through the cooperation of authorized administrators, and only in an emergency situation, such as when a child goes missing.

4

Proposed MCLT System

For the proposed system, the Registration and Management Authority (RMA) is defined. The RMA is a trusted security center managed by a public institution for the registration and location tracking of a user. The RMA consists of a Registration Server and EPC Network components. The Registration Server issues a tag to the user and stores related information such as telephone number and address of the user in the database. To satisfy security and privacy requirements (see section 3.), the Registration Server generates the EIDi (encrypted value of the EPCi ) of the Tagi . In this paper, for encryption of the EIDi , cryptographic secret sharing methods are adopted [3,4,9,13,18,26,27].

a

Header

EPC Manager

w™–—–šŒ‹Glpka

Header

EID Manager (RMA’s ID)

lwj

Object Class (OC)

Serial Number (SN)

Encrypted value

Fig. 1. EID : encrypted value of the EPC

Fig. 1 present EID and Fig. 2 presents the proposed system. For the proposed system example, it is assumed that the user travels around three local EPC Network zones in a regular sequence (e.g., school, wear shop, and restaurant zone). 4.1

User Registration

Fig. 3 presents the user registration process for the proposed system. [ Notations and Parameters ] – – – – –

P : a set of participant Admi s, P = {Adm1 , Adm2 , · · · , Admn } p : a large prime number, where p > 2512 q : a prime number, where q | p − 1 g : an element over ZZ p , where ord(g) = q Admi (1 ≤ i ≤ n) : administrators of RM A.

An RFID System Based MCLT System with Improved Privacy

583

Fig. 2. The EPC Network based MCLT System with Improved Privacy

– – – – – – – –

yAdm : a group public key of administrators EN C() : a public key encryption scheme H() : cryptographically secure hash-functions EPCi : the EPC of the tagi EIDi : encrypted value of EPCi (EIDi =ENC(EPCi )) MIDi : meta-ID of Tagi IDi : ID of the local EPC Network RR , Ri : random number chosen by the reader and the tagi

[ User Registration ]

Fig. 3. User Registration for the proposed system

1. Useri make an application2 for registration to RMA. 2. Registration server in RMA, (a) issues an EPCi and then subsequently encrypts it. (b) the encrypted value EIDi is written to the Tagi . 2

For registration, useri provide information such as an address, telephone number, family exemplification, and so on. The RMA stores this information in a database.

584

J. Kwak et al.

(The generation of the Group public key) ① Every administrator (Admi | i ∈ {1, · · · , n}) selects ri ∈R Zq at random and broadcasts yi = g ri mod p to all other administrators in the set Si . Si = {Admj | j ∈ {1, · · · , n} AND i = j} ② To distribute ri , each Admi randomly selects a polynomial fi of degree t − 1 in Zq such that fi (0) = ri , i.e., fi (x) = ri + ai,1 x + ai,2 x2 + · · · + ai,t−1 xt−1 with ai,1 , · · · , ai,t−1 ∈R Zq , and transmits fi (j) mod q to Admj in a secure manner (∀j = i). Each Admi also broadcasts values g ai,1 mod p , · · · , g ai,t−1 mod p ③ From distributed fj (i) (∀j = i), Admi checks whether, for each j, 1 t−1 g fj (i) = yj · (g aj,1 )i · · · (g aj,t−1 )i mod p ④ Let H = {Admj | Admj is not detected to be cheating at step 3 }. Every Admi computes the share si secretly, and computes the group public key yAdm .  & si = fj (i) , yAdm = yj j∈H

j∈H

(The encryption of EPC ) ⑤ To encrypt each EPCi , Adm1 picks ti,1 ∈R Zq and computes g ti,1 mod p. Then, Adm1 transmits the result to Adm2 . ⑥ The Adm2 selects ti,2 ∈R Zq and computes (g ti,1 )ti,2 mod p. Then, Adm2 transmits the result to Adm3 . ⑦ The final participant Admi (i = n) computes g ti = (g ti,1 ,ti,2 ,··· )ti,n mod p and broadcasts the result to all other Admn . ⑧ Through the cooperation of n Admi , the ciphertext of EPCi is generated as follows. Where OC SNi is the value of concatenated object class and serial number, detailed in Fig. 1. EIDi = EN C(EP Ci ) = (g ti , A), where A = ((yAdm )ti · (OC SNi ) mod p) 3. The Tagi is issued to useri . The Tagi contains the encrypted value EIDi instead of the EPCi . 4.2

MID Registration and Tag Authentication

The following steps demonstrate the MID registration and authentication process in each local EPC Network. In this subsection, the registration and authentication processes in the school zone (local EPC Network) are described. The processes of other local EPC Network zones are identical to the processes in the school zone. Fig. 4 demonstrates MID registration and tag authentication in the case of the school zone. [ MID Registration ] The following steps represent the MID registration process in each local Network, through the EPC Network system [7,16]. The detailed protocol of MID registration in the school zone as follows:

An RFID System Based MCLT System with Improved Privacy

585

Fig. 4. MID Registration and Tag authentication processes in the School zone

1. The school zone EPC Network system transmits the registration request to the Tagi . 2. Tagi generates a random number Ri , and then computes MIDSCH and stores it. Then the Tagi transmits MIDSCH to the system. Fig. 5 presents the updated information in the Tagi . · tag −→ system : MIDSCH =H(EIDi , Ri ), Ri EIDi

MIDSCH

MIDWEAR

MIDRES

…..

Updated information

Fig. 5. Updated information in the Tagi

3. When the local middleware receives data from the Tagi , the local middleware can be configured to transmit the data further to the local EPCIS. Then local EPCIS stores MIDSCH in a database for authentication of the Tagi . 4. After Step 3, the local EPCIS searches the URL of the Tagi ’s issuer for MIDSCH registration. In the case where the URL of the Tagi is unknown to the system, the system will consult the ONS to obtain the URL of the Tagi . 5. If the local ONS is unable to transform the Tagi into an URL, the ONS will query other ONS systems higher in the ONS hierarchy, and may potentially make an enquiry to the global ONS via the Internet. The correct URL will then be transmitted to the local EPCIS. 6. Then, local EPCIS transmits the registration message and Ri to the RMA. The RMA performs a brute-force search to retrieve the EPC; Upon receiving the Ri , the RMA calculates MIDSCH for all EPC’s stored in the database. Only when it finds a match to MIDSCH (received from the system) has it identified the right EPC. If the above procedure is successful, the RMA stores

586

J. Kwak et al. [ EPC Database ] EPCi Useri Info

Ri

Rj

Rk

…..

Updated information

Fig. 6. Updated information of the Tagi in RMA

Ri in their database (see fig. 6-demonstrates how information is updated in the RMA for the Tagi .). [ Tag authentication ] After completing MID registration, the local EPC Network performs authentication of the tag [15,19]. Fig. 7 presents the detailed protocol of authentication in the school zone.

Reader

School Zone

Tag i

query, RR S, RR , Ri’ H (MIDSCH , R’i )

S, Ri’ H (MIDSCH , R’i )

Fig. 7. Tag authentication protocol

① RFID reader transmits a query to the Tagi with RR . ② The Tagi generates random number Ri . Then the Tagi computes a response S(= H(M IDSCH , Ri , RR )) and transmits it to the reader with Ri . ③ The reader transmits RR to the system with S and Ri . ④ The local EPC Network system computes hash value S  using the stored M IDSCH . Then the system subsequently compares it with S, received from the reader to authenticate the Tagi . · System : received S

?

=

computed S 

If the authentication is successful, the system transmits H(MID SCH , Ri ) to the reader. ⑤ The reader transmits the H(MID SCH , Ri ) received from the system to the Tagi . Then, to authenticate the system, the the Tagi computes H(MID SCH , Ri ) and compares it with the value received from the reader. If authentication is successful, the system is authenticated. ?

· tag : computed H(MID SCH , Ri ) = received H(MID SCH , Ri )

An RFID System Based MCLT System with Improved Privacy

4.3

587

Location Tracking Process

In this subsection, the location tracking process in the proposed system in case of finding a missing child, is described. Fig. 8 presents the processes of location tracking the Tagi .

Fig. 8. Missing child location tracking

1. When parents are missing a child, an occurrence of a missing child is reported and location tracking of the tag is requested to the RMA. The parents transmit related information (e.g., such as address, telephone number, and family exemplification for verify the identity of the requestor) with a request message. 2. The RMA verifies the identity of the requestor using the received information and the stored information in the user registration phase. 3. The RMA searches the local EPC Network related specific to the Tagi . To achieve this step, the RMA requires at least t (n ≥ t) shared information among n. Since the MIDi is encrypted. Therefore, only authorized administrators can identify the MIDi of the tagi . If X = {Adm1 , Adm2 , · · · , Admt } is a qualified subset to recover the MIDi , the recovery phase is operated as follows; ① Through the cooperation of every Admi ∈ X, the value r1 + r2 + · · · + rt modp is recovered using polynomial interpolation [26]. ② Each Admi ∈ X computes (g ti )r1 + r2 + ··· + rt using a stored g ti . ③ Each Admi ∈ X computes the EIDi as follows; EIDi = A / (g ti )r1

+ r2 + ··· + rt

4. To retrieve the specific local EPC Network for the Tagi , the RMA computes the meta-ID (MIDi of the Tagi ). · computes computes computes

H(EIDi ,Ri ) H(EIDi ,Rj ) H(EIDi ,Rk )

−→ −→ −→

MIDSCH MIDW EAR MIDRES

588

J. Kwak et al.

5. Then, the RMA requests the log information of the Tagi and reads the Tagi at each local EPC Network. Then the local EPC Network responds to the Tagi read with a success or failure. If each local EPC Network fails to read the Tagi , the local EPC Network transmits the log information of the Tagi to the RMA. (see fig. 9)

Fig. 9. Response of each local EPC Network

6. After receiving responses, the RMA analyzes the received information (see in Fig. 9) and predicts where the child located, in the example below, this is between the wear shop and the restaurant. 7. The RMA requests a remote local EPC Network (the local EPC Network of the wear shop, restaurant, and its outskirts) to read the Tagi via the hierarchical ONS system. If the process does not find a missing child, the RMA requests an extension to neighboring districts. 8. Finally, the RMA retrieves the location of the missing child successfully. As a result, the missing child is now found.

5

Conclusion

In this paper, a system for missing child location tracking in EPC Networks, with improved privacy, is proposed. In the proposed system, the tag embeds EID instead of the EPC, to provide improved privacy for the user. Then registration authority issues tag to the user, which, for privacy, includes an anonymous-EPC. In conclusion, the following four points are stated: (1) access to the information of the tag is permitted only to authorized administrators, (2) the authentication process is performed using a random response at each authentication process between the tag and the reader, and (3) the location of the tag user can be securely and effectively tracked by authorized administrators, such as, in the case of retrieving a missing child. (4) In addition, although the authorized administrator kept one tag, other tags do not add any security and privacy

An RFID System Based MCLT System with Improved Privacy

589

problems. Therefore, the proposed system can be satisfied with unlinkability, anonymity and traceability. Acknowledgement. The 6th author, Kouichi Sakurai, is partially supported by Strategic International Cooperative Program, Japan Science and Technology Agency (JST).

References 1. D. L. Brock. The electronic product code (EPC): A naming scheme for objects. Technical Report MIT-AUTOID-WH-002, MIT Auto ID Center, 2001. Available from http://www.autoidcenter.org. 2. D. L. Brock. EPC Tag Data Specification. Technical Report MIT-AUTOID-WH025, MIT Auto ID Center, 2003. Available from http://www.autoidcenter.org. 3. C. Cachin. On-Line Secret Sharing. Cryptography and Coding: The 5th IMA Conference, LNCS 1025, pp. 190-198, Springer-Verlag, 1995. 4. L. Chen, D. Gollmann, C. J. Mitchell and P. Wild. Secret sharing with Reusable Polynomial. Australian Conference on Information Security and Privacy, ACISP 97, LNCS 1270, pp. 183-193, Springer-Verlag, 1997. 5. D. Engels. The Reader Collision Problem. Technical Report. MIT-AUTOID-WH007, MIT Auto ID Center, 2001. Available from http://www.autoidcenter.org. 6. D. Engels. EPC-256 : The 256-bit Electronic Product Code Representation. Technical Report MIT-AUTOID-WH-010, MIT Auto ID Center, 2003. Available from http://www.autoidcenter.org. 7. EPCglobal. The EPCglobal Network: Overview of Design, Benefits, and Security. 24 September 2004. Available from http://www.epcglobalinc.org. 8. D. M. Ewatt and M. Hayes. Gillette razors get new edge: RFID tags. Information Week, 13 January 2003. Available from http://www.informationweek.com. 9. P. Fedlman. A Practical scheme for Non-interactive Verifiable secret sharing. The 28th Annual Symposium on the Foundation of Computer Science, pp. 427-437, 1987. 10. K. Finkenzeller. RFID Handbook, John Wiley and Sons. 1999. 11. A. Juels and R. Pappu. Squealing Euros: Privacy protection in RFID-enabled banknotes. Financial Cryptography 2003, FC’05, LNCS 2742, pp. 103-121, SpringerVerlag, 2003. 12. A. Juels, R. L. Rivest and M. Szydlo. The Blocker Tag : Selective Blocking of RFID Tags for Consumer Privacy. 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 103-111, 2003. 13. S. Kim, S. Park and D. Won. Proxy Signatures, Revisited. International Conference on Information and Communications Security, ICICS’97, LNCS 1334, pp. 223-232, Springer-Verlag, 1997. 14. H. Knospe and H. Pobl. RFID Security. Information Security Technical Report, vol. 9, issue 4, pp. 39-50, Elsevier, 2004. 15. J. Kwak, K. Rhee, S. Oh, S. Kim, and D. Won. RFID System wuth Fairness within the frmaework of Security and Privacy. 2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks, ESAS 2005, LNCS 3813, Springer-Verlag, 2005. 16. K. S. Leong and and M. L. Ng. A Simple EPC Enterprise Model. Auto-ID Labs Workshop Zurich. 2004. Available from http://www.m-lab.ch

590

J. Kwak et al.

17. M. Ohkubo, K. Suzuki, and S. Kinoshita. A Cryptographic Approach to “PrivacyFriendly” tag. RFID Privacy Workshop, Nov 2003. http://www.rfidprivacy.org/ 18. T. P. Pedersen. A Threshold cryptosystem without a trusted party. Eurocrypt ’91, LNCS 547, pp. 522-526, Springer-verlag, 1991. 19. K. Rhee, J. Kwak, S. Kim, and D. Won. Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. Second International Conference on Security in Pervasive Computing, SPC 2005, LNCS 3450, pp. 70-84, Springer-Verlag, 2005. 20. S. E. Sarma. Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Available from http://www.autoidcenter.org. 21. S. E. Sarma, S. A. Weis, and D. W. Engels. RFID systems, security and privacy implications. Technical Report MIT-AUTOID-WH-014, AutoID Center, MIT, 2002. 22. S. E. Sarma, S. A. Weis, and D. W. Engels. Radio-frequency identification systems. Workshop on Cryptographic Hardware and Embedded Systems, CHES02, LNCS 2523, pp. 454-469, Springer-Verlag, 2002. 23. S. E. Sarma, S. A. Weis, and D. W. Engels. Radio-frequency-identification security risks and challenges. CryptoBytes, 6(1), 2003. 24. T. Scharfeld. An Analysis of the Fundamental Constraints on Low Cost Passive Radio-Frequency Identification System Design. MS Thesis, Department of Mechanical Engineering, Massachusetts Institute of Technology, Cambridge, MA 02139, 2001. 25. Security technology: Where’s the smart money? The Economist, pp. 69-70, 9 February 2002. 26. A. Shamir, How to share a secret. Communication of the ACM, vol. 21, pp. 120-126, 1979. 27. M. Tompa and H. Woll. How to share a secret with cheater. Journal of Cryptology, vol. 1, pp. 133-138, 1988. 28. S. A. Weis. Radio-frequency identification security and privacy. Master’s thesis, M.I.T. May 2003. 29. S. A. Weis, S. Sarma, R. Rivest, and D. Engels. Security and privacy aspects of low-cost radio frequency identification systems. First International Conference on Security in Pervasive Computing, SPC 2004, LNCS 2802, pp. 201-212, SpringerVerlag, 2004.

QT-CBP: A New RFID Tag Anti-collision Algorithm Using Collision Bit Positioning* Hyunji Lee and Jongdeok Kim Dept. of Computer Science and Engineering, Pusan National University [email protected], [email protected]

Abstract. The ability to recognize many tags simultaneously is crucial for many advanced RFID-based applications. The tag anti-collision algorithm of an RFID system, which arbitrates collisions on the air interface among tags in the same reading range of a reader, makes a great influence on the speed and the reliability in multiple tag recognition. This paper presents a new memoryless tag anti-collision algorithm, QT-CBP (Query Tree with Collision Bit Positioning), which is designed based on QT (Query Tree) algorithm. QT-CBP is likely to make more concise tree traversal than QT by extracting and making use of detailed information on a collision condition, such as the number of collision bits and their positions. Basically QT-CBP is an enhanced algorithm for readers running QT, so no change is required at tags. Simulation study shows that QT-CBP outperforms QT, especially on the condition where tags have similar tag IDs by having the same company or product ID prefixes.

1 Introduction Radio Frequency IDentification (RFID) is an automatic identification technology that a reader recognizes objects through wireless communications with tags attached to the objects. RFID systems have recently begun to find greater use in industrial automation and in supply chain management. The ability to recognize many tags simultaneously is crucial for many advanced RFID-based applications in these domains. However, multiple tags in the same reading range of a reader may interfere with each other, which make the reader hard to recognize the tags. RFID tag anticollision algorithms are developed to cope with this problem and the performance of multiple tag recognition is greatly influenced by the algorithm applied [1-8]. RFID tag anti-collision algorithms can be categorized into tree-based algorithms and aloha-based algorithms. While aloha-based algorithms can be faster in identification than tree-based ones, they have a serious problem that a tag may not be identified for a long time so called tag starvation. A tree-based algorithm can be categorized into either “memoryless” or “memoryful” whether it requires memory at tag. As memoryless tag is relatively cheap and easy to implement, memoryless algorithms are widely used in building cost effective RFID systems [8]. *

This work was supported by the Regional Research Centers Program (Research Center for Logistics Information Technology), granted by the Korean Ministry of Education & Human Resources Development.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 591 – 600, 2006. © IFIP International Federation for Information Processing 2006

592

H. Lee and J. Kim

This paper presents a new memoryless tree-based tag anti-collision algorithm, QTCBP (Query Tree with Collision Bit Positioning). QT-CBP is designed based on QT (Query Tree), a representative memoryless tree-based tag anti-collision algorithm developed at MIT’s Auto-ID Center [1]. When a collision occurs, QT interprets it as a simple boolean condition, but QT-CBP extracts more information about the collision, such as the number of collision bits and their positions. By making use of this information, QT-CBP can resolve collisions with fewer queries and fewer collisions than QT. The improvement gets clear if tags under interrogation have similar tag codes. Note that most of RFID code schemes, including the Electronic Product Code™ (EPC™) standard from the EPCglobal, adopt hierarchical structure [9]. Multiple tags to be identified simultaneously in the real world are likely to have similar tag codes, because they are likely to have the same prefix for its company and product IDs, which increases the efficiency of QT-CBP. Another good point of QT-CBP is that it does not require any change at tags, as it is basically an enhanced algorithm for readers running QT. The performance of QT-CBP is evaluated through simulation and the results show that QT-CBP reduces overall identification delay and the number of collisions than QT. The rest of this paper is organized as follows. In Section 2, we briefly introduce the existing tag anti-collision algorithms by categorizing them and make a detail review on the QT algorithm. Section 3 presents our QT-CBP algorithm in detail. The performance of QT-CBP is evaluated through simulation and analysis and addressed in Section 4. The conclusion of the paper is drawn in Section 5.

2 Related Studies 2.1 Classification of Anti-collision Algorithms An RFID tag anti-collision algorithm can be categorized into either an aloha-based algorithm or a tree-based algorithm. Aloha-based algorithms reduce the probability of tag collision by making tags randomly select their response time. Though aloha-based algorithms may be faster than tree-based algorithms, their performances are stochastic and they cannot perfectly prevent collisions which bring about a serious problem called tag starvation that a tag may not be identified for a long time. Aloha-based algorithms can be further classified into either Bit-slot type [5] or ID-slot type [6][7]. While ID-slot type transfers whole tagID, Bit-slot type transfers only a bit during the response time. A tree-based algorithm makes a binary tree by splitting the group of colliding tags into two subgroups and traverse the tree until the reader recognize the IDs of tags without collision. Though tree-based algorithms have relatively long identification delay, they do not cause tag starvation. A tree-based algorithm can be further classified into either “memoryless” or “memoryful” whether it requires memory at tag. In memoryless algorithms [1][2], the responses from tags are decided based only on the current query from the reader. However, in memoryful algorithms [3][4], tags

QT-CBP: A New RFID Tag Anti-collision Algorithm

593

are able to store their current status of tree traversal and respond to a reader’s query based on not only the query but also their status stored in memory. Though, more efficient tree traversal can be accomplished by making use of memory at tag, memoryful algorithm requires more complex tags which are difficult to implement and hard to be cost effective. The classification of RFID tag anti-collision algorithms is summarized at Table 1. Table 1. Classification of tag anti-collision algorithms

Anti-Collision Algorithm Tree-based Algorithm AlohaBased Algorithm

Memoryless

Query Tree [1] Tree Walking [2]

Memoryful

Splitting tree [3] Bit-arbitration [4]

Bit-Slot

Bit-Slot [5]

ID-Slot

I-Code [6] STAC [7]

2.2 Query Tree Algorithm The QT algorithm is a representative memoryless tree-based tag anti-collision algorithm developed at MIT’s Auto-ID Center. The QT algorithm consists of rounds. In each round, a reader transmits a query to tags, and then tags respond it with their IDs. The reader makes its query by popping a query stored in the query queue. Each query contains k-bits long prefix string which each tag compares with the prefix of its tagID. If it matches, the tag sends its whole tagID as a response or simply ignores the query and makes no response otherwise. When the query queue is empty, the reader makes a special query including the empty prefix string . Any tag receiving the query including the empty prefix string should response. If there is only one response for a query, the reader can successfully recognize the tag. However, if there are more than one responses, responses collide and the reader cannot recognizes the tag. In this collision case, the reader creates two queries by appending ‘0’ (zero) and ‘1’ (one) to the previous query and stores them into the query queue. In case of no tags matches the prefix, there is no tag response. And the reader does noting and begins the next round. The algorithm repeats the above procedure until all queries in the queue are popped (i.e., empty). Fig. 1 illustrates the process of QT algorithm with four tags which have IDs of 000, 001, 101 and 110. Each column represents a round. The first row ‘Reader’ shows the queries sent from the reader, the second row ‘response’ shows the aggregated responses from the tags, from the third to the sixth rows show the responses of each tags, the seventh row ‘Q’ shows stored queries in the query queue, and the eighth row ‘M’ shows identified tags and their IDs.

594

H. Lee and J. Kim Reader response

0 Collision Collision

1

00

Collision Collision

Tag1 (000)

000

000

000

Tag1 (001)

001

001

001

Tag3 (101)

101

Tag4 (110)

110 0 1

Q={ }

M em ory M

01

10

11

000

001

No Response

101

110

000

001

000 001 101

101 110 1 00 01

00 01 10 11

110 01 10 11 000 001

10 11 000 001

11 000 001

000 001

001

101

101 110

101 110 000

101 110 000 001

Fig. 1. Process illustration of QT algorithm for 4 tags with 3 bits long tag IDs, 000, 001, 101 and 110

3 QT-CBP Protocol When a collision occurs, QT interprets it as a simple boolean condition. The QT might be designed based on an assumption that a reader can not extract any valid information but collision itself when a collision occurs. However, we assert that more detailed information about the collision can be extracted. For example, in 900MHz EPC Class 0 RFID systems, one of most widely used RFID systems, each tag response is defined by two sub-carrier frequencies, one for binary 0, and the other for binary 1. As 0 and 1 are responded through different frequencies, a reader can identify them at the same time [10]. Though a reader cannot differentiate one 0 (from a single tag) from multiple 0s (from multiple tags), it does not matter for QT-CBP. From the above observation, we assume that a reader can extract more detailed information about the collision, such as the number of collision bits and the positions of colliding bits. Based on this assumption, we designed a new memoryless tree-based tag anti-collision algorithm, QT-CBP. Without changing tag operation, a QT-CBP reader makes use of information on collision bits and their positions to remove redundant queries which just make another useless collision. As a result, the QT-CBP can reduce overall identification delay and the number of collisions than QT. Figure 2 illustrates the pseudo codes of QT-CBP. The QT-CBP Protocol Reader has a query stack S and a TagId memory M. Let Ȧk be the k’th bits of a bit string Reader Begin Initially S = < İ >, M = < > while(stack is not empty) Pop a query q from S; Broadcast q; Switch (response result) Case “only one response”: Save the responded tagID r in M Break; Case “more than one response”:

QT-CBP: A New RFID Tag Anti-collision Algorithm

595

Get the aggregated response R R = Ȧ1Ȧ2Ȧ3...Ȧk-1X...; X -> collision bit count the collision(X) bits -> Nc resolve the position of the first colliding bit -> k If (Nc = 1) Get two new tagIDs r1, r2 from R r1=Ȧ1Ȧ2Ȧ3...Ȧk-10..., r2=Ȧ1Ȧ2Ȧ3...Ȧi-11... save r1, r2 in M else Push two new queries q1, q2 to S q1=Ȧ1Ȧ2Ȧ3...Ȧk-10, q2=Ȧ1Ȧ2Ȧ3...Ȧi-11 Break; Case “no response”: // Do nothing Break; end while end Tag Has a TagID r = Ȧ1Ȧ2Ȧ3...Ȧ|tagID Length| begin Wait (query q from the reader) if(q=İ or q=Ȧ1Ȧ2Ȧ3...Ȧ|q|) send r to the reader end

Fig. 2. A pseudo code illustration of QT-CBP

Figure 3 illustrates the process of QT-CBP for the same configuration of Figure 1. Note that while QT uses a queue to store the next queries, QT-CBP uses a stack. While QT requires four queries, which are 0, 00, 000 and 001, to resolve two tags, 000, 001, QT-CBP requires just one query, 0, to resolve them. The overall number of rounds required to resolve all tags reduced from nine to five. R eader

1

11

10

0

C o llis io n (1 X X )

110

1 01

(0 0 X ) 000 001

R e sp o n se

C o llis io n (XX X)

Ta g1 (00 0)

0 00

Tag2

(0 01 )

0 01

Ta g3 (10 1)

1 01

1 01

Ta g4 (11 0)

1 10

1 10

110

0 10 11

0 10

0

S={ }

0 1

110

1 10 1 01

000 001 1 01

M e m o ry M

110 101 000 001

Fig. 3. Process illustration of QT-CBP algorithm for 4 tags with 3 bits long tag IDs, 000, 001, 101 and 110

4 Simulation for Performance Evaluation The Electronic Product Code™ (EPC™) is an identification scheme for universally identifying physical objects via Radio Frequency Identification (RFID) tags.

596

H. Lee and J. Kim

EPCglobal has released the Tag Data Standards (TDS) specification – recently TDS version 1.3, which includes a General Identifier (GID) and several serialized version of the EAN.UCC (European Article Numbering - Uniform Code Council) legacy encoding schemes. Figure 4 shows general form of tag data structure as representative scheme – the GID-96 encoding scheme [9].

8

General Manager Number 28

00110101 (Binary value)

268,435,455 (Max. decimal Value)

Header GID - 96

Object Class

Serial Number

24

36

16,777,215 (Max. decimal value)

68,719,467,735 (Max. decimal value)

Fig. 4. EPCGlobal’s GID-96 Tag Sturcture

The GID-96 encoding scheme is used in modeling sample tag data of our simulation for performance evaluation. The GID-96 scheme consists of four fields, ‘Header’, ‘General Manager Number’, ‘Object Class’ and ‘Serial Number’. The Header field defines the overall length and format of the following fields and it is fixed to 00110101 for the GID-96 scheme. The General Manager Number identifies an organizational entity (essentially a company, manager or other organization) that is responsible for maintaining the numbers in subsequent fields, Object Class and Serial Number. EPCglobal assigns the General Manager Number to an entity, and ensures that each General Manager Number is unique. The Object Class is used by an EPC managing entity to identify a class or “type” of thing. These object class numbers, of course, must be unique within each General Manager Number domain. Finally, the Serial Number code, or serial number, is unique within each object class. In other words, the managing entity is responsible for assigning unique, non-repeating serial numbers for every instance within each object class. Because of the hierarchical structure of the standard encoding scheme, we assert that multiple tags to be identified simultaneously in the real world are likely to have similar tag IDs, as they are likely to have the same General Manager Number or even the same Object Class number. We applied the above assertion to our simulation. Sample tags are generated to reflect the above characteristics by sharing the same Object class number or sequentially assigned Serial Number. We carry out simulations for three different tag generation cases. In each case, we increase the number of tags to be identified from 100 to 1000. To evaluate the performance of QT and QT-CBP, we measured the total length of queries in bits and the number of rounds required to identify all the sample tags given. Case 1: Five Different Object Classes with Sequential Serial Codes. In this simulation, tags for five different object classes are generated. Tags belong to the same object class have sequentially assigned serial codes. The followings are examples of generated sample tags. The underlined parts are Object Class number.

QT-CBP: A New RFID Tag Anti-collision Algorithm

597

000011110001 , 000011110002, .... 000011101001 , 000011101002, ... 011100001021 , 011100001022, ... 5 ty pes of O bjec t Clas s , S erial N um ber s equential 2400

QT Q T-C B P

2200 2000 1800 1600 1400 1200 1000 800 600 400 0

200

400 600 The num ber of tags

800

1000

The total length of the reader query bits (bit)

Fig. 5. The number of rounds required – Case 1

2.5

x 10

5

5 Ty pes o f O bjec t Clas s , S erial Num ber s equential QT Q T-CB P

2

1.5

1

0.5

0

0

200

400 600 The num ber of tags

800

10 00

Fig. 6. The total length of queries in bits – Case 1

Case 2: The same Object Class with Random Serial Codes. In this simulation, the generated tags are different only in the Serial Code field. The 36-bit long Serial Code values are randomly assigned. Case 3: The same Object Class with Sequential Serial Codes. In this simulation, the generated tags are different only in the Serial Code field and their Serial Codes are sequentially assigned.

H. Lee and J. Kim S erial Num ber random 3500

The av erage rounds for identifying all tags

QT Q T-CB P 3000

2500

2000

1500

1000

500

0 100

200

300

400

500

600

700

800

900

1000

The num ber of tags

Fig. 7. The number of rounds required –Case 2

2.5 T he total length of reader query (bit)

598

x 10

5

S erial N um ber random QT Q T-CB P

2

1.5

1

0.5

0

0

200

400 600 The num ber of tags

800

1000

S erial Num ber s equent ial 2200 QT Q T-CB P

2000 1800 1600 1400 1200 1000 800 600 400 200

0

200

400 600 The num ber of tags

800

Fig. 9. The number of rounds required – Case 3

1000

QT-CBP: A New RFID Tag Anti-collision Algorithm

The total length of reader query (bit )

2

x 10

5

599

S erial Num ber s equential QT Q T-C B P

1.8 1.6 1.4 1.2 1 0.8 0.6 0.4 0.2 0

0

200

400 600 The num ber of tags

800

10 00

Fig. 10. The total length of queries in bits – Case 3

The previous simulation results show that QT-CBP is more efficient than QT. Note that the performance gap between QT and QT-CBP gets wider as the number of tags increases, and the most noticeable gap among the three cases is found in the case 3. This is because QT-CBP becomes more efficient as more tags have similar IDs.

5 Conclusions In this paper, we suggest a new memoryless tree-based RFID tag anti-collision algorithm, QT-CBP, based on the QT algorithm developed at MIT’s Auto-ID center. When a collision is detected, QT-CBP analyzes the number of collision bits and their positions to make more efficient tree traversal. Without changing tag operation, the QT-CBP identifies multiple tags with fewer reader queries and fewer collisions than QT, which makes faster identification possible. The performance of QT-CBP is evaluated through simulation and the results show that QT-CBP outperforms QT, especially on the condition where tags have similar tag IDs by having the same company or product ID prefixes.

References 1. Ching Law, Kayi Lee, and Kai-Yeung Sju, "Efficient Momoryless Protocol for Tag Identification", Proceedings of the 4th International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communication, pp. 75-84, Boston, MA, August 2000. 2. A. Juels, R. Rivest, and M. Szydlo, “The Blocker Tag: Selective Tag Blocking of RFID Tags for Consumer Pri-vacy”, Proceedings of the 10th ACM Conference on Com-puter and Communication Security, pp. 103~111, 2003. 3. Don R. Hush and Cliff Wood, “Analysis of Tree Algo-rithm for RFID Arbitration”, Proceedings of IEEE Interna-tional Symposium on Information Theory, pp. 107~116, 1998.

600

H. Lee and J. Kim

4. Marcel Jacomet, Adrian Ehrsam, Urs Gehrig, “Contact-less identification device with anticollision algorithm”, Proceedings of IEEE Conference on Circuits, Systems, Computers and Communications, Athens, July, 1999. 5. Changsoon Kim, Kyunglang Park, Hiecheol Kim, Shindug Kim, “An Efficient Stochastic Anti-Collision Al-gorithm using Bit-slot Mechanism”, PDP’2004, July 2004. 6. Harald Vogt, “Efficient Object Identification with Pas-sive RFID Tags”, Proceedings of International Conference on Pervasive Computing, Zurich, 2002. 7. Auto-ID Center, “13.56 MHz ISM Banc Class 1 Radio Frequency Identification Tag Interface Specification, Ver-sion 1.0”, Auto-ID Center, May, 2003. 8. Jihoon Myung and Wonjun Lee, “An Adaptive Mem-oryless Tag Anti-Collision Protocol for RFID Networks”, Proceeding of the 24th IEEE Annual Conference on Com-puter Communications (INFOCOM 2005), Miami, Florida, March 2005. 9. Auto-ID Center, “EPCTM Tag Data Standards Version 1.3”, Auto-ID Center. September 2005. 10. Auto-ID Center, “Draft protocol specification for a 900MHz Class 0 Radio Frequency Identification Tag”, Auto-ID Center. February 2003.

An RFID-Based Access and Location Service for Pervasive Grids Antonio Coronato2, Gennaro Della Vecchia1, and Giuseppe De Pietro1 1

ICAR-CNR, Via Castellino 111, 80131 Napoli, Italy {giuseppe.depietro, gennaro.dellavecchia}@na.icar.cnr.it 2 SASIT-CNR, Via Castellino 111, 80131 Napoli, Italy [email protected]

Abstract. Grid computing and pervasive computing have rapidly emerged and affirmed as paradigms for high performance computing and for user-friendly computing respectively. These two separate worlds, however, can now interact each other in such a way that both pervasive and grid computing communities can benefit from integrating the two paradigms into a whole. This conjunction is already taking place to yield the pervasive grid computing model, and the present paper is focused on this approach. Purposely, it describes an Access&Location service for pervasive grid applications which uses RFID and WiFi technologies to grant access and locate mobile objects within a pervasive environment. Since this service is compliant to the OGSA specifications, it can be easily integrated into classic grid environments, therefore enhancing them with pervasive capabilities.

1 Introduction During the last decade, new computing models have emerged and rapidly affirmed. In particular, terms like Grid Computing and Pervasive Computing have become of common use not only in the scientific and academic world, but also in business fields. The Grid computing model proved to be an effective way to face very complex problems. The term “The Grid” was primarily introduced by Foster and Kesselman to indicate a distributed computing infrastructure for advanced science and engineering [1]. Successively, it has been extended to denote the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications seamless access to vast IT capabilities. As a result, Grids are geographically distributed environments, equipped with shared heterogeneous services and resources accessible to users and applications for solving complex computational problems and accessing big storage spaces. On the other hand, the goal of Pervasive Computing lies in the development of environments where highly heterogeneous hardware and software components can seamlessly and spontaneously interoperate, in order to provide a variety of services to users independently of the specific characteristics of the environment and of the client devices [2]. Therefore, mobile devices should come into the environment in a natural way, as their owner moves through it, and interactions should occur in a transparent X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 601 – 608, 2006. © IFIP International Federation for Information Processing 2006

602

A. Coronato, G. Della Vecchia, and G. De Pietro

and proactive manner - that is, the owner will not have to carry out explicit operations for being able to approach services and resources, and the environment has to be able to self-adapt and self-configure in order to host and handle incoming mobile devices. These two worlds are now evolving towards a common paradigm, namely the Pervasive Grid Computing [8] where the final target is to build grid environments that have characteristics typically found in pervasive systems. As a matter of fact, from the Grid Computing community’s point of view, it is now time to integrate mobile devices into the grid because mobile devices are increasingly used for accessing services in any distributed environment. Moreover, it is possible to enhance the QoS of existing Grid services with characteristics like the context-awareness and the proactivity, which are proper of the Pervasive Computing. From the other side’s perspective, Pervasive Computing environments can proficiently benefit from grid technologies both to interconnect existing and emerging pervasive environments and to build and deploy new services that require high performance computing and large data resources [7]. This paper is organized as follows. Section 2 discusses some motivations and related works. Section 3 describes the architecture of the Access&Location service. Section 4 describes a running scenario. Finally, section 6 concludes the paper.

2 Motivations and Related Works 2.1 Motivations For a long while, mobile and wireless devices have not been seen as useful resources by traditional Grid environments. However, if we recall the Metcalfe’s law, which claims that the usefulness of a network-based system proportionally grows with the number of active nodes, and also consider that mobile devices capabilities have been substantially improved over the time, it can be rightly stated that mobile and wireless devices are now of interest for the Grid community [3]. In particular, they may and can be incorporated into the Grid either as service/ resource consumers or as service/resource providers [5]. Obviously, such an integration is not costless [6]. This is mainly due to the fact that current Grid middleware infrastructures do not support mobile devices, first because they do not take into account any pervasive requirements like heterogeneity, spontaneity, transparency, context-awareness etc., and then because i) they are still too much heavy to be implemented on mobile and wearable equipments, ii) they are not network-centric, i.e. they assume fixed TCP/IP connections and do not deal with wireless networks and other mobile technologies and iii) they typically support only one interaction paradigm, i.e. SOAP messaging, whereas the Pervasive model requires a variety of mechanisms [9]. 2.2 Other Related Works Over the last years, some valuable efforts have been done in making Grid architecttures able to support wireless technologies and mobile devices. In particular, the paradigm of Mobile Grid or Wireless Grid has been proposed [3-6]. More recently, this paradigm has evolved into the Pervasive Grid model [7-8], which still aims at

An RFID-Based Access and Location Service for Pervasive Grids

603

making Grid environments able to integrate mobile devices, but within a pervasive framework, which is to say in seamless and transparent ways to the user. Moreover, the final objective is to enhance Grid environments with characteristics the like of context-awareness and pro-activity that are typically found in Pervasive environments. This effort has been officially formalized in the year 2003, when Ubicomp-RG -a Global Grid Forum Research Group- was established in order to explore the feasibility of synergy between Pervasive and Grid communities. Some interesting works towards the realization of Pervasive Grids have been done and are here reported. In [4] mobile devices are viewed as active resources for the Grid. In particular, the authors developed a software infrastructure for deploying Grid services on mobile nodes and making them active actors in the Grid. This solution relies on a lightweight version of the .NET framework, namely the .NET Compact Framework, which enables to deploy on mobile devices simple Grid Services that require limited amount of resources. It is important to note that such a solution applies only to mobile devices equipped with the Microsoft Pocket PC operating system and requires several manual operations for installation and configuration. In [9] authors argued that the SOAP messaging, which is the current interaction paradigm for standard grid middleware infrastructures, is not well suited for pervasive grids. They developed several plug-ins plus a handling component for enlarging the set of available interaction mechanisms in order to make grids able to support heterogeneous software components. Another middleware infrastructure for pervasive grids has been presented in [10]. In that case, authors have concentrated their effort on the extension of existing resource manager components in grid applications for making them able to register mobile devices. In recent years, the fast growing RFID technology, initially developed for applications in logistics and industry, suggested to integrate mechanisms for locating and tracking mobile objects based on RFID tagged entities in a pervasive computing environment. Many papers can be found in literature dealing with this novel approach. In [11], a location sensing prototype system that uses Radio Frequency Identification (RFID) technology for locating objects inside buildings is presented, where the authors demonstrate that active RFID is a viable and cost-effective candidate for indoor location sensing. In [12] the authors analyze the general interaction patterns in pervasive computing settings using Bluetooth-Enabled Active Tags and Passive RFID Technology together with Mobile Phones, and show how information about the user’s context is derived by a combination of active and passive tags present in the user’s environment. In [13], based on the pervasive deployment of RFID tags, the authors propose a novel ubiquitous architecture followed by a protocol for tracking mobile objects in real-time, and give delay analysis and simulation results. In [14] and [15] the author presents a general-purpose infrastructure for building and managing location-aware applications in ubiquitous computing settings, with the goal of providing people, places, and objects with computational functionalities to support and annotate them.

604

A. Coronato, G. Della Vecchia, and G. De Pietro

2.3 Our Contribution Our contribution consists of a set of basic functionalities that provide a grid environment with some pervasive characteristics. In particular, the realized service supports the following requirements: a. Locating RFID mobile objects – RFID tagged objects are located within the environment and integrated as active resources in the grid; b. Locating WiFi enabled mobile devices – WiFi mobile devices are located within the environment; c. Detecting leaving RFID and WiFi mobile objects – Leaving RFID tagged objects and WiFi mobile devices are detected in order to reliably handle pending computations and allocated resources.

3 Access and Location Service This service is able to locate active mobile objects like WiFi enabled devices and RFID tagged entities. It offers both locating and location functions, that is, the function Locate_Object returns the position of a specific object, whereas the function Get_Objects returns the list of objects that are active at a specific location. Moreover, the service uses an asynchronous communication mechanism for notifying the environment of the following events: 1. NEW_DEVICE – This event is notified when a new WiFi enabled device enters the environment; 2. NEW_LOCATION – This event is notified when a WiFi enabled device moves in a new location of the environment; 3. DEVICE_HAS_LEFT – This event is notified when a WiFi enabled device leaves the environment; 4. RFID_OBJECT – This event is notified when an RFID tagged object is detected by an RFID antenna. The event carries an information on the physical location of the object. 5. RFID_OBJECT_HAS_LEFT – This event is notified when a previously detected RFID tagged object is no more sensed by the RF antenna. Such events are logically grouped in a class named LOCALIZATION. In addition to location and locating functions, Access&Location service provides basic network connectivity facilities for incoming mobile devices and detects leaving objects. This service’s architecture consists of two layers with the following components: •

WiFiLocatingComponent – This component is in charge of locating WiFi enabled mobile devices. In particular, a WiFi location is identified by the area covered by a specific wireless Access Point (AP). Within the environment, one WiFiLocatingComponent is deployed for each wireless AP. Current implementation uses 3Com Office Connect Wireless 11g Access Points. Whenever a mobile device connects with the AP, the AP writes an

An RFID-Based Access and Location Service for Pervasive Grids

605

Class LOCALIZATION

Asynchronous Interface WSDL Interface

Access&Location Service Notify

Locate_Object

LocationComponent Get_Objects

WiFi Locating Components

WiFi Access Points

RFDI Locating Components

Eco Component

DHCP Component

RFID Antennas and Readers

Fig. 1. Interfaces and architecture of the Access&Location Service









event on its log file. The WiFiLocatingComponent periodically interrogates such a log file and updates the LocationComponent when a new device has been detected. The WiFiLocatingComponent maintains information on devices locally connected to its AP. RFIDLocatingComponent – This component is in charge of locating RFID tagged objects. An RFID location is identified by the area covered by the RF antenna of a specific RFID reader. Current implementation uses the passive, short-range, Feig Electronic model ISC.MR 100/101. When a tagged object is sensed by the antenna, the RFID reader generates an event that is caught by the RFIDLocatingComponent which, in turn, updates the LocationComponent. DHCPComponent – This component implements a DHCP service. It provides network connectivity to incoming IP enabled devices as a standard DHCP, but it has also additional functionalities. In particular, it is able to release an IP address on demand. In this way, if a device has left the environment, the LocationComponent requires that the DHCPComponent free the IP address of that device. EcoComponent – This component sends ping messages towards mobile IP devices in order to detect leaving objects. When an implicit disconnection is detected, the component communicates such an event to the LocationComponent that notifies the DEVICE_HAS_LEFT event. LocationComponent – This component is in charge of handling global location states obtained by combining information coming from the underlying components. In particular, it notifies the environment with events of the class LOCALIZATION.

In addition to these components, we are developing BluetoothLocatingComponents in order to grant access and locate Bluetooth enabled devices.

606

A. Coronato, G. Della Vecchia, and G. De Pietro

4 Experimental Scenario The experimental scenario consists of a physical site located in a three-floors building. The virtual environment uses two floors of the building. Floor zero has a computing laboratory in which a cluster of 24 linux PCs, a 12 processors Silicon Graphics workstation and a motion capture system are deployed. Such resources are collected in a wired grid built at the top of the Globus Toolkit 4.0 platform. On floor two, wireless access to the grid is available. Here, two 3Com Office Connect Wireless 11g Access Points identify two distinct locations. L1 is a student laboratory where our students develop their activities and periodically perform ETests. L2 is a multimedia room equipped with a projector, an interactive monitor, and other multimedia devices. Some services are available: •

• •



MotionCaptureService – This service relies on the motion capture system. An actor (equipped with optical markers) moves around in the multimedia laboratory. Several cameras capture his movements that are reproduced on a graphic station. The graphic station shows a skeleton, which moves accordingly with the actor, and records data movement in a file; RenderingService – This service enables users to submit row motion data and to build 3D graphic applications. This service is exposed as a Grid Service and is available at every location (L1, L2); PresentationService – This service enables a user to project its presentation in the multimedia room. The service receives a pdf/ppt file via a dialog form and then enables speaker to control the presentation flow. This is an interactive service, which requires the speaker to be in the room for presentation. As a consequence, the service must be available only in the multimedia room (L2); ETestingService – This service performs on-line evaluation tests for courseware activities. When a session test starts, students must be in the student laboratory. Evaluation tests are synchronized and students have a predefined length of time for completing each test section. Students can interrupt their test by explicitly closing the service or by leaving the multimedia room. This service is exposed as a Grid Service, but it must be available only in the student laboratory (L1).

In this environment, services availability depends on user location, rights, and context. Purposely, we can report some example scenarios: 1. The PresentationService is available only to users that are located in L2. In particular, a WiFi mobile device, who moves in location L2, is located by the location service that notifies the environment. From now on, the mobile user can access the PresentationService. 2. The ETestingService is available to every mobile user in L1, who holds a personal RFID tag. In particular, while a test session is active, a mobile user that enters L1 can get access to the service. At the entrance, the mobile user is recognized by an RFID reader, then he is invited to sit to a specific desk that has already been configured for the e-test with the information of the incoming

An RFID-Based Access and Location Service for Pervasive Grids

607

Fig. 2. General architecture of a pervasive grid computing environment

user. On the other hand, if the user leaves its desk, this is detected by the RFID reader and notified to the environment. Then, the ETestingService automatically disconnects the leaving user and denies any further tentative of reconnection. 3. The RenderingService is available to authorized users at every location. The QoS of this service is enhanced with context-awareness features. Indeed, when a mobile user launches such a service while in location L1, rendered data are reproduced on his mobile device. Henceforth, if the user moves in the multimedia room (L2), rendered data are automatically switched on the interactive monitor (if idle). In the previous example, we have shown how our Grid environment already can draw benefits from location-awareness. In addition, we are realizing an advanced multimedia service for immersive virtual worlds by integrating into a whole 1) the MotionCaptureService, 2) the Real-Time RenderingService, 3) RFID locating technologies, and other wearable equipments like multimedia helmets and gloves. In particular, the service consists of a virtual world projected to a mobile user by means of an helmet. The mobile user interacts with the virtual world, which is rendered in real time by a Grid service. User actions and movements are caught and notified to the rendering service, which consequently builds a new scene. This is just another example of new application service that can be realized by combining Pervasive and Grid Computing.

5 Conclusions This paper is focused on pervasive grid environments, a novel approach aimed to combine together both the grid and the pervasive computing models, and is intended to show the benefits that the conjunction of these two worlds can yield. Purposely, we have presented an Access&Location service that enhances a real grid environment by augmenting its features with pervasive capabilities.

608

A. Coronato, G. Della Vecchia, and G. De Pietro

Such a service relies on WiFi and RFID technologies. In particular, it i) grants access to WiFi devices; ii) locates WiFi and RFID mobile objects; iii) detects leaving WiFi and RFID objects; iv) enables WiFi and RFID mobile objects to be registered as active objects for the grid and, more generally, v) enhances the QoS of existing services with location-awareness and allows for the realizations of new services.

References [1] I. Foster, C. Kesselman, “The Grid: Blueprint for a New Computing Infrastructure”. Morgan Kaufmann, 1999. [2] D. Saha and A. Murkrjee, “Pervasive Computing: A Paradigm for the 21st Century”, IEEE Computer, March 2003. [3] L. W. McKnight, J. Howinson, S. Bradner, “Wireless Grids”, IEEE Internet Computing, July-August 2004. [4] D. C. Chu and M. Humphrey, “Mobile OGSI.NET: Grid Computing on Mobile Devices”, International Workshop on Grid Computing, GRID 2004. [5] B. Clarke and M. Humphrey, “Beyond the ‘Device as Portal’: Meeting the Requirements of Wireless and Mobile Devices in the Legion of Grid Computing System”, International Parallel and Distributed Processing Symposium, IPDPS 2002. [6] T. Phan, L. Huang and C. Dulan, “Challenge: Integrating Mobile Devices Into the Computational Grid”, International Conference on Mobile Computing and Networking, MobiCom 2002. [7] N. Daves, A. Friday, and O. Storz, “Exploring the Grid’s Potential for Ubiquitous Computing”, IEEE Pervasive Computing, April-June 2004. [8] V. Hingne, A. Joshi, T. Finin, H. Kargupta, E. Houstis, “Towards a Pervasive Grid”, International Parallel and Distributed Processing Symposium, IPDPS 2003. [9] G. Coulson, P. Grace and G. Blair, D. Duce, C. Cooper and M. Sagar, “A Middleware Approach for Pervasive Grid Environments”, Workshop on Ubiquitous Computing and eResearchNational eScience Centre, Edinburgh, UK 18-19 May 2005. [10] C. F. R. Geyer et. al., “GRAPEp: Towards Pervasive Grid Executions”, III Workshop on Computational Grids and Applications, WCGA 2005. [11] Lionel M. Ni1, Yunhao Liu, Yiu Cho Lau and Abhishek P. Patil, “LANDMARC: Indoor Location Sensing Using Active RFID”, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications (PerCom’03), 0-7695-1895/03 © 2003 IEEE [12] Frank Siegemund and Christian Florkemeier, “Interaction in Pervasive Computing Settings using Bluetooth-Enabled Active Tags and Passive RFID Technology together with Mobile Phones”, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications (PerCom’03), 0-7695-1893-1/03 © 2003 IEEE [13] Pradip De, Kalyan Basu and Sajal K. Das, “An Ubiquitous Architectural Framework and Protocol for Object Tracking using RFID Tags”, Proceedings of the First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous’04), 0-7695-2208-4/04 $20.00 © 2004 IEEE [14] Ichiro Satoh, “Linking Physical Worlds to LogicalWorlds with Mobile Agents”, Proceedings of the 2004 IEEE International Conference on Mobile Data Management (MDM’04) 0-7695-2070-7/04 © 2004 IEEE [15] Ichiro Satoh, “A Location Model for Pervasive Computing Environments”, Proceedings of the 3rd IEEE Int’l Conf. on Pervasive Computing and Communications (PerCom 2005), 0-7695-2299-8/05 © 2005 IEEE

Autonomous Management of Large-Scale Ubiquitous Sensor Networks Jong-Eon Lee1 , Si-Ho Cha2, , Dae-Young Kim1 , and Kuk-Hyun Cho1 1

Department of Computer Science, Kwangwoon University, Korea {jelee, dykim, khcho}@cs.kw.ac.kr 2 Department of Computer Engineering, Sejong University, Korea [email protected]

Abstract. A framework for the autonomous management of large-scale ubiquitous sensor networks called SNOWMAN (SeNsOr netWork MANagement) is proposed in this paper. In large-scale ubiquitous sensor networks, a huge number of sensor nodes are deployed over a wide area and long distances and multi-hop communication is required between nodes. So managing numerous ubiquitous sensor nodes directly is very complex and is not efficient. The management of large-scale ubiquitous sensor networks therefore must be autonomic with a minimum of human interference, and robust to changes in network states. The SNOWMAN is responsible for monitoring and controlling ubiquitous sensor networks based on policy-based management paradigm. It allows administrators to simplify and automate the management of ubiquitous sensor networks. It can also reduce the costs of managing sensor nodes and of the communication among them using a new hierarchical clustering algorithm.

1

Introduction

A large-scale ubiquitous sensor network (USN) consists of a huge number of sensor nodes, which are tiny, low-cost, low-power radio devices dedicated to performing certain functions such as collecting various environmental data and sending them to sink nodes (or base stations). In this network, a large number of sensor nodes are deployed over a wide area and long distances and multi-hop communication is required between nodes and sensor nodes have the physical restrictions in particular energy and bandwidth restrictions. So managing numerous wireless sensor nodes directly is very complex and is not efficient. To intelligent autonomous management, sensor nodes should be organized and managed automatically and dynamic adjustments need to be done to handle changes in the environment. The autonomous management of large-scale USNs must be able to know the changes in networks and to deal with the changes in a minimum of human interference. 



The present research has been conducted by the Research Grant of Kwangwoon University in 2005. Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 609–618, 2006. c IFIP International Federation for Information Processing 2006 

610

J.E. Lee et al.

We therefore propose an autonomous management framework for large-scale USNs called SNOWMAN (SeNsOr netWork MANagement), which is based on policy-based management (PBM) [1] paradigm. It allows administrators to simplify and automate the management of ubiquitous sensor networks. The proposed framework can also reduce the costs of managing sensor nodes and of the communication among them using a new hierarchical clustering algorithm. This paper is structured as follows. Section 2 investigates related researches. Section 3 discusses the architecture, components, and clustering algorithm of the SNOWMAN. Section 4 presents the implementation of the SNOWMAN and the testbed of a USN. Finally in section 5 we conclude the paper.

2

Backgrounds

There is few related researches on the management of sensor networks. Linnyer B. Ruiz designed the MANNA architecture [2] for wireless sensor network (WSN), which considers three management dimensions: functional areas, management levels, and WSN functionalities. He also proposed WSN models to guide the management activities and the use of correlation in the WSN management. However, he described only conceptual view of the distribution of management functionalities in the network among manager and agent. He also suggested both locations of manager and agents and functions they can execute. Chien-An Lee [3] proposed an intelligent self-organization management mechanism for sensor networks. The nodes are classified into three levels according to their functionality. The nodes in the low level are managed by those in the higher level and form hierarchical management structures. His work indicates how high-level nodes form a cluster through a contest with low-level nodes. However, all of the previous works did not cover the implementation of management systems. Comparing to the previous works, our SNOWMAN provides an efficient management mechanism by integrating the functions of PBM and the hierarchical clustering architecture. Wireless & ubiquitous sensor networks have need data aggregation to reduce communication bandwidth and energy consumption. Considering this, it may be advantageous to organize the sensors into clusters. In the clustered environment, the data gathered by the sensors is communicated to the data processing center through a hierarchy of cluster heads. Nowadays, several clustering algorithms have been proposed. Noted two Schemes are LEACH and LEACH-C. LEACH (Low Energy Adaptive Clustering Hierarchy) [4] includes distributed cluster formation, local processing to reduce global communication, and randomized rotation of the cluster heads. These features leads a balanced energy consumption of all nodes and hence to a longer lifetime of the network. LEACH-C (LEACH-Centralized) [5] is use a central control algorithm to form the clusters may produce better clusters by dispersing the cluster head nodes throughout the network. This is the basis for LEACH-C, a protocol that uses a centralized clustering algorithm and the same steady-state protocol as LEACH. Therefore the base station determines cluster heads based on nodes’ location

Autonomous Management of Large-Scale Ubiquitous Sensor Networks

wt

w–“Š Gtˆ•ˆŽŒ”Œ•› h‹”•š›™ˆ›–™

w–“Š Gkš›™‰œ›–• w–“Š Gt–•›–™•Ž

p•›Œ™•Œ›

611

yŒš–œ™ŠŒGtˆ•ˆŽŒ”Œ•› x–z tˆ•ˆŽŒ”Œ•› l•Œ™Ž Gtˆ— tˆ•ˆŽŒ”Œ•›

n“–‰ˆ“Gw–“ŠŒš y–“ŒGtˆ•ˆŽŒ”Œ•› s–Šˆ“¡ˆ›–•GzŒ™ŠŒ

{–—–“–Ž Gtˆ•ˆŽŒ”Œ•› ‰ˆšŒGš›ˆ›–• OwhP

—–“Š  ‹ˆ›ˆ O™œ“ŒšP {Œ™GY O™ŒŽ–•šP

{Œ™GX OŠ“œš›Œ™GŒˆ‹šP

w–“Š  l•–™ŠŒ”Œ•› s–Šˆ“GkŒŠš–•š kˆ›ˆGm“›Œ™•Ž

wl

{Œ™GW OšŒ•š–™G•–‹ŒšP

s–Šˆ“Gw–“ŠŒš Š“œš›Œ™

Fig. 1. SNOWMAN Framework for autonomous management

information and energy level. This feature leads to organize robust clustering topology. However, frequent communications between the base station and other sensor nodes increases communication cost. To improve energy efficiency and consider management viewpoint, we introduce a hierarchical clustering scheme SNOWCLUSTER.

3 3.1

SNOWMAN(SeNsOr netWork MANagement) Overview of Architecture

To facilitate scalable and localizable management of sensor networks, SNOWMAN constructs 3 tier regional hierarchial cluster-based senor network: regions, clusters, and sensor nodes as shown in Fig. 1. In the architecture, a sensor network is comprised of a few regions and a region covers many clusters has several cluster head nodes. Sensor nodes should be aggregated to form clusters based on their power levels and proximity. In 3 tier regional hierarchical architecture of SNOWMAN, cluster heads constitute the routing infrastructure, and aggregate, fuse, and filter data from their neighboring common sensor nodes. The policy agent (PA) can deploy specific policies into particular areas (or clusters) to manage just singular regions or phenomena by more scalable manner. So, SNOWMAN framework is very useful to regionally manage the sensor networks. The policy manager (PM) is used by an administrator to input different policies, and is located in a manager node. A policy in this context is a set of rules

612

J.E. Lee et al.

that assigns management actions to sensor node states. The PA and the policy enforcer (PE) reside in the base station and in the sensor node, respectively. The PA is responsible for interpreting the policies and sending them to the PE. The enforcement of rules on sensor nodes is handled by the PE. In a USN, individual nodes will not be able to maintain a global view of the network. Such a task is well suited for a machine not constrained by battery or memory. This is the reason for having the PA on the base station. It is the job of the PA to maintain this global view, allowing it to react to larger scale changes in the network and install new policies to reallocate policies (rules). If node states are changed or the current state matches any rule, the PE performs the corresponding local decisions based on local rules rather than sends information to base station repeatedly. Such policy execution can be done efficiently with limited computing resources of the sensor node. 3.2

Functional Components

The PA consists of several functional components: policy distribution, policy monitoring, resource management, energy map management, QoS management, topology management, role management, and localization service. Localization service in the context implies the scalability of management to regionally manage the sensor networks. It is achieved via role management and topology management. Global policies are specified by a network administrator in a logically centralized fashion, and are expected to be static. Policy distribution is the first essential task in ensuring that nodes are managed consistently with the defined policies. We design and implement a TinyCOPS-PR protocol that is similar to COPS-PR [6] protocol to deploy policies into sensor nodes. COPS-PR protocol is an extension for the COPS protocol to provide an efficient and reliable means of provisioning policies. The PA communicates with the PE using the TinyCOPS-PR protocol to policy distribution. TinyCOPS-PR allows asynchronous communication between the PA and the PEs, with notifications (reports, changes in policies, etc.) conveyed only when required. However, to provide robust management of the network, it is desirable to have an independent policy monitoring process to ensure that the deployed policies behave well as defined in them. Though the policy monitoring is desirable, it is achieved via passive methods because of the resources of network are scarce. Energy map management continuously updates the residual energy levels of sensor nodes, especially of cluster heads and region nodes. This energy map management is also achieved via topology management process. Topology management consists of a topology discovery, resource discovery, and role discovery. Resource management and role management manage the detected resources and roles, respectively. QoS management is a part of policy management using QoS policies like bandwidth allocation for emergency. Energy map management and/or QoS management go through an aggregation and fusion phase when energy and/or QoS information collected are merged and fused into energy and/or QoS contours by means of cluster heads.

Autonomous Management of Large-Scale Ubiquitous Sensor Networks

613

The PE enforces local policies assigned by the PM to make local decisions and filter off unessential redundant sensed data. To do this, the PE consists of policy enforcement function, local decision function, data filtering function, and local policies. The PE communicates with the PA via TinyCOPS-PR protocol to be assigned local policies. 3.3

Hierarchical Clustering Algorithm: SNOWCLUSTER

We propose a clustering scheme solely from a self-management viewpoint of WSN. Each sensor node autonomously elects cluster heads based on a probability that depends on its residual energy level. The role of a cluster head is rotated among nodes to achieve load balancing and prolong the lifetime of every individual sensor node. To do this, SNOWMAN re-clusters periodically to re-elect cluster heads that are richer in residual energy level, compared to the other nodes. We assume all sensor nodes are stationary, and have knowledge of their locations. Even though nodes are stationary, the topology may be dynamic because new nodes can be added to the network or existing nodes can become unavailable with faults and battery exhaustion. SNOWMAN constructs hierarchical cluster-based senor network using SNOW CLUSTER clustering algorithm as seen in Table 1. SNOWCLUSTER takes a couple of steps to accomplish the hierarchical clustering: 1) cluster head selection and 2) region node selection. In order to elect cluster heads, each node periodically broadcasts a discovery message that contains its node ID, its cluster ID, and its remaining energy level. A node declares itself as a cluster head if it has the biggest residual energy level of all its neighbor nodes, breaking ties by node ID. Each node can independently make this decision based on exchanged discovery messages. Each node sets its cluster ID (c id) to be the node ID (n id) of its cluster head (c head). If a node i hears a discovery message from a node j with a bigger residual energy level (e level) than itself, node i sends a message to node j requesting to join the cluster of node j. If node j has already resigned as a cluster head itself, node j returns a rejection, otherwise node j returns a confirmation. When node i receives the confirmation, node i resigns as a cluster head and sets its cluster ID to node j ’s node ID. After forming clusters, region nodes are elected from the cluster heads. When the cluster head selection is completed, the entire network is divided into a number of clusters. A cluster is defined as a subset of nodes that are mutually reachable in at most 2 hops. A cluster can be viewed as a circle around the cluster head with the radius equal to the radio transmission range of the cluster head. Each cluster is identified by one cluster head, a node that can reach all nodes in the cluster in 1 hop. After the cluster heads are selected, the policy agent (PA) should select the region nodes in the cluster heads. The PA receives cluster information messages (c inf o msgs) that contain cluster ID, the list of nodes in the cluster, residual energy level, and location data from all cluster heads. The PA suitably selects region nodes according to residual energy level and location data of cluster heads.

614

J.E. Lee et al. Table 1. SNOWCLUSTER Algorithm // CLUSTER HEAD SELECTION 1. ∀x[node(x).role ← c head] 2. ∀x[node(x).c id ← node(x).n id] 3. ∀x[node(x).bcast(dis msg)] 4. if nodei .hears f rom(nodej ) 5. if nodei .e level < nodej .e level 6. nodei .req join(nodej ) 7. if nodej .role = c head 8. nodej .rej join(nodej ) 9. else 10. nodej .conf join(nodej ) 11. if nodei .rec conf (nodej ) 12. nodei .role ← c member, nodei .c id ← nodej .n id // REGION NODE SELECTION 1. ∀x[ if node(x).role = c head] 2. ∃x[node(x).bcast(c inf o msg)] 3. if P A.rec(c inf o msg) 4. P A.assign(r node), P A.bcast(r dec msg) 5. if nodek .rec(r dec msg) 6. if nodek .role = c head 7. if nodek .n id = r dec msg.r id 8. nodek .role ← r node, nodek .r id ← nodek .n id 9. else if nodek .n id ∈ r dec msg.r list 10. nodek .r id ← r dec msg.r id 11. nodek .bcast(r conf msg)

If a cluster head k receives region decision messages (r dec msgs) from the PA, the node k compares its node ID with the region ID (r id) from the messages. If the previous comparison is true, node k declares itself as a region node (r node) and sets its region ID to its node ID. Otherwise, if node k ’s node ID is included in a special region list (r list) from the message, node k sets its region ID to a corresponding region ID of the message. The region node selection is completed with region confirmation messages (r conf msgs) broadcasted from all of cluster heads. 3.4

Evaluation of SNOWCLUSTER Algorithm

Simulation Environments. In the experiment, ns-2 [7] network simulator was utilized and defined elements for establishing virtual experimental environment are as follows. – Sensor network topology formed with each of 50, 100, 150, 200 nodes – Sensor field with dimension of 100 ∗ 100 – Transmission speed of 1Mbps, Wireless transmission delay of 1ps

Autonomous Management of Large-Scale Ubiquitous Sensor Networks

615

– Radio speed of 3 ∗ 108 m/s, Omni Antenna – Lucent WaveLAN DSSS(Direct-Sequence Spread-Spectrum) wireless network interface of 914MHz – Use of DSDV(Destination Sequenced Distance Vector) for routing protocol Each experiment conducted on LEACH, LEACH-C, and SNOWCLUSTER. In addition, management messages were applied for all cases and the processing power of sensor nodes were eliminated because it was insignificant compared to the amount of energy consumed in communications. Energy Consumption during 10 Rounds based on the Number of Clusters Generated. Fig. 2 is a graph that shows the generation of 1 to 10 clusters in a network topology formed with 100 sensor nodes for each clustering algorithm and one that shows the results of energy consumption measurement during 10 rounds based on the number of each cluster generated.

ͣͦ͡

ͶΟΖΣΘΪ͑ΔΠΟΤΦΞΡΥΚΠΟ͙͑ͻ

ͣ͡͡

ͦ͢͡

ͽͶͲʹ͹ ͽͶͲʹ͹͞ʹ ΄Ϳ΀ΈʹͽΆ΄΅Ͷ΃

͢͡͡

ͦ͡

͡ ͢

ͣ

ͤ ͥ ͦ ͧ ͨ ͩ ͿΦΞΓΖΣ͑ΠΗ͑ΔΝΦΤΥΖΣΤ͑ΘΖΟΖΣΒΥΖΕ

ͪ

͢͡

Fig. 2. Energy Consumption during 10 Rounds based on the Number of Clusters Generated

In case of LEACH, until the number of clusters generated is 2, it shows significantly higher energy consumption compared to the other clustering algorithms, but after generation of more than 3, it stabilized showing gradual increase. LEACH-C shows the progressive increase in energy consumption from round 1 to round 10. Similar to LEACH-C, SNOWCLUSTER also shows the results of gradual increase, but its consumption rate is slightly less than that of LEACHC. However, in the case of LEACH-C and SNOWCLUSTER, due to the fact an unexpected increase in the number of cluster formation shows the increase in energy consumption, the most efficient number of clustering formation must be 1 from the perspective of energy consumption. Energy Consumption during Transmission of Management Messages. Fig. 3 is the result showing the amount of energy that is consumed during transmission of management message from base station to sensor nodes after formation of three clusters in the network topology of 200 nodes. In case of LEACH, because it does not have the position information of the nodes, inefficient routing is being resulted, and as a result, significantly

616

J.E. Lee et al.

ͪ ͩ

ͶΟΖΣΘΪ͑ΔΠΟΤΦΞΡΥΚΠΟ͙͑ͻ

ͨ ͧ ͦ ͥ ͤ ͣ ͢ ͡ ͽͶͲʹ͹

ͽͶͲʹ͹͞ʹ

΄Ϳ΀ΈʹͽΆ΄΅Ͷ΃

Fig. 3. Energy Consumption during Transmission of Management Messages from Base Station to Sensor Nodes

greater amount of energy is consumed in transmitting management messages. SNOWCLUSTER clustering algorithm showed a result of decrease in the amount of energy consumed in the transmission of message compared to LEACH-C, and this is because with the addition of region node selection process, it has a single region node that plays the role of primary message transmission compared to the three cluster heads for LEACH-C, and because it transmits messages using the remaining two cluster heads, total number of communication is reduced which results in reduction in communication expense.

4 4.1

Implementation Testbed Network

Our current work has focused on validating some of our basic ideas by implementing components of our framework on Nano-24 [8] platform using the TinyOS programming suite. The Nano-24 uses Chipcon CC4220 RF for transmission and support 2.4 Ghz, Zigbee. The sensor node uses atmega 128L CPU with 32KBytes main memory and 512 Kbytes flash memory. The Nano-24 also supports Qplus-N sensor network development environment that ETRI (Electronics and Telecommunications Research Institute) developed. We organized a testbed network was composed 10 Nano-24 nodes. Each node contains SNOWMAN’s PE to support policy-based management as shown in Fig. 4. In this testbed, all sensor nodes are configured to hierarchical clustering architecture according to the SNOWCLUSTER clustering mechanism. 4.2

SNOWMAN

The PM and PA of SNOWMAN framework are implemented on Windows XP systems using pure JAVA. The PE is implemented on TinyOS in the Nano-24 nodes using gcc.

Autonomous Management of Large-Scale Ubiquitous Sensor Networks

617

Fig. 4. Testbed Network for SNOWMAN

Fig. 5. Snapshot of SNOWMAN Policy Manager (PM)

Fig. 5 shows the input forms for policy information on the PM. We use the XML technologies to define and handle global policies. There are several advantages of using XML in representing global policies [9]. Because XML offers many useful parsers and validators, the efforts needed for developing a policy-based management system can be reduced. To define XML policies, we customized and used the Scott’s XML Editor [10]. The defined policies are stored locally in the policy storage of the PM and are stored remotely in the policy storage of the PA. PM communicates with PA via simple ftp for policy transmissions. To policy distribution to sensor nodes, we also design and implement TinyCOPS-PR that is simplified suitably for ubiquitous sensor networks.

618

5

J.E. Lee et al.

Conclusion

In this paper, we proposed and implemented a autonomous management framework for large-scale ubiquitous sensor networks, called SNOWMAN. The SNOWMAN can reduce the costs of managing sensor nodes and of the communication among them using hierarchical clustering architecture. SNOWMAN can also provide administrators with a solution to simplify and automate the management of USNs using PBM paradigm. This paper also presented and evaluated the clustering algorithm, SNOWCLUSTER. In performance evaluation of clustering and managing ubiquitous sensor networks, SNOWCLUSTER showed more improvement than LEACH and LEACH-C. We are currently at the stage of implementation of the business logic of SNOWMAN. We plan to experiment with and demonstrate the system on laboratory testbeds using Nano-24 sensor nodes.

References 1. R. Yavatkar, et al., A Framework for Policy-based Admission COntrol, IETF RFC 2753, January 2000. 2. Linnyer B. Ruiz, et al., MANNA: A Management Architecture for Wireless Sensor Networks, IEEE Communications Magazine, Volume 41, Issue 2, February 2003. 3. Chien-An Lee et al., Intelligent Self-Organization Management Mechanism for Wireless Sensor Networks, http://www.ndhu.edu.tw/˜rdoffice/exchange/CYCpaper.pdf. 4. W. Heinzelman, et al., Energy-Efficient Communication Protocol for Wireless Microsensor Networks, Proc. IEEE Int. Conf. System Sciences, vol. 8, January 2000. 5. W. Heinzelman, Application-Specific Protocol Architectures for Wireless Networks, PhD thesis, Massachusetts Inst. of Technology, June 2000. 6. K. Chen, et al., COPS usage for Policy Provisioning (COPS-PR), IETF RFC 3084, March 2001. 7. NS-2: http://www.isi.edu/nsnam/ns/ 8. Nano-24: Sensor Network, Octacomm, Inc., http://www.octacomm.net 9. Si-Ho Cha, et al., A Policy-Based QoS Management Framework for Differentiated Services Netwroks, LNCS 2662, August 2003. 10. Scott Hurring, XML Editor, http://hurring.com/code/java/xmleditor/.

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments Gunhee Lee, Song-hwa Chae, Inwhan Hwang, and Manpyo Hong Graduate School of Information Communication, Ajou University, Suwon, Korea {icezzoco, portula, pica00, mphong}@ajou.ac.kr

Abstract. In a ubiquitous computing environment, every service should have the characteristic of context-awareness and location information is an important factor to grasp a user’s context. Thus, location privacy is an major security issue of ubiquitous computing environment. Most research on location privacy is focused on protecting the location information itself. However, not only prohibiting acquirement of the sensitive information illegally but also forbidding abuse of the information obtained legally is important to protect user privacy. In order to satisfy this claim, we propose a new privacy-aware service protocol for a ubiquitous computing environment. The proposed protocol decouples the relation between a user’s identity and location. Moreover, it uses anonymous communication channel to hide the user’s service consume pattern.

1

Introduction

Recently, ubiquitous computing is in the spotlight of Internet’s next paradigm [1]. Invisible and ubiquitous computing aims at defining environments where human beings can interact in an intuitive way with surrounding objects [2]. In this environment, the user can use various services such as home networking, car navigation, cyber tour guide and finding friends, at anytime and at anywhere he/she wants. In order to satisfy this characteristic of service, different from current Internet services, user’s frequent movement should be considered more in the ubiquitous computing service. Therefore, the importance of location information is increased and the location information and user-specific data are sensitive. It is a serious threat to privacy that a user’s current location or currently using service is known to anybody else. By gathering this information, a malicious user is able to grasp any honest user’s private information such as what he/she is doing now. Thus they should be protected against abuse of any malicious user. Moreover, in a ubiquitous computing environment, privacy invasion by abusing the location information is more frequent and serious than current Internet services since the location based service is very popular. 

This research is supported by the ubiquitous Computing and Network (UCN) Project, the Ministry of Information and Communication (MIC) 21 st Century Frontier R&D Program in Korea.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 619–628, 2006. c IFIP International Federation for Information Processing 2006 

620

G. Lee et al.

In order to handle this, the only authorized entity is able to access user’s location information and user specific data. However, in the many cases, even if the authorized entity gains location information, the entity should not know user’s identity for strong privacy service. For instance, when a user Alice uses a cyber tour guide, she requests area information whenever she enters different area. The system is able to recognize where she is. In addition, according to contents she used, the system is able to perceive the user’s activity. In order to reduce the possibility of illegally gaining private information, service provider should be able to support user-specific service without user’s identity. For satisfying this requirement, the location information has to be decoupled from user’s identity and user-specific data. We propose a privacy-aware service protocol that decouples the relation between user identity and location information. In addition, we employ Mix-nets to hide users’ correct location information and to prevent any adversary from noticing a service, which a user consumes. The proposed protocol enhances the privacy-awareness of the location-based system in ubiquitous computing environment. This paper is organized as follows. Chapter 2 describes the previous approaches that protect the privacy in location based service. This is followed by the explanation of the threat model, which we aim to handle, in chapter 3. We describe the proposed privacy-aware service protocol in Chapter 4. Chapter 5 explains implementation details. In chapter 6, we discuss how the proposed system enhances privacy of customer in a location-based ubiquitous service system. Chapter 7 concludes.

2 2.1

Related Works Previous Researches on Location Privacy

Hengartner et al. suggest the system that controls the access on the location information in the Wireless LAN based people location system [3]. It has the hierarchy of the location system and the access control mechanism delegates the request to the lower level system. After all, the victim user’s device authenticates and authorizes the requester according to the victim’s policy. Gedik et al. introduce the cloaking method that provides vague temporal and spatial information in order to conceal a user within a group of k people [4]. The system employs an anonymous server act as the mix node. It prevents a malicious observer from linking ingoing and outgoing messages at the server. Different with any other k -anonymous system [5], it uses a customizable k that is changed by the environment. Stajano et al. solves the location privacy problem with the pseudonym that changes randomly and frequently [6]. It classifies every area into two zones; one is application zone where a user has registered for a service, another is mix zone that is a connected spatial region of maximum size in which none of users has registered for any services. Since applications do not receive any location information but pseudonym when users are in a mix zone, the identities are mixed.

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

621

These researches are focused on protecting the location information itself. They make it difficult to acquire the location information, and thus the system is able to protect the location privacy of the user. However, not only prohibiting acquirement of the sensitive information illegally but also forbidding abuse of the information obtained legally is important to protect the user privacy. Furthermore, the system should be also prevented to aware of the user’s context by gathering information. In order to handle the privacy invasion at this point of view, there have been several researches. These researches, however, are just getting off the ground. Hong et al. proposes Confab system architecture that provides a framework for ubiquitous computing applications [7], where personal information is captured, stored, and processed on the end-user’s computer as much as possible. It also provides several customizable privacy mechanisms as well as a framework for extending privacy functionality. These features allow application developers and end-users to support a spectrum of trust levels and privacy needs. It only shows a model and the detail of this mechanism is still progressing now. 2.2

Mix-Net for the Anonymity

For the privacy of the user, the system should support the anonymity, unobservability, and unlinkability. Mix-net is a remarkable architecture to provide those properties [8]. The Mix-net is one of methods for anonymous communications. The concept of Mix-net is introduced from Chaum [9] and it is extended and applied various domains by researchers. A Mix-net consists of several mixes. A mix takes a number of input messages, and outputs them in such a way that it is infeasible to link an output to the corresponding input or an input to the corresponding output. In order to do so, the mix collects messages in a message pool, and it changes the outlook of collected messages. Before flushing the messages in the pool, the mix reorders messages. It changes the output sequence of the input message in order to confuse the adversary. There are many applications using Mix-net at the different domain such as Web service, P2P communication and anonymous e-mail system [10], [11], [12]. We employ the Mix-net for anonymous authentication.

3

Threat Model

In this paper, we aim to improve the privacy-awareness of the location based service system, enabling their practical use in ubiquitous computing environment. We categorized the vulnerabilities of the service environment as followings; – First threat is an adversary who can monitor the communication between customer and service provider. – Second threat is an attacker who can compromise the server providing a service.

622

G. Lee et al.

Fig. 1. Threats to the customer privacy in location-based service system

While the adversary tries to break the anonymity of the system, the attacker tries to get private information of a customer from the compromised server. Fig. 1 shows the position of each threat in the service system. If an adversary monitors and analyzes the traffic between customer and service provider, he/she can identify a service used by a customer at the specific time. This is an important threat to the anonymity of the service environment. Furthermore, the adversary can trace the usage of services used by a customer during a specific time. If the adversary traces the service usage of a specific customer for a long time such as one or two weeks, the adversary can identify the usage pattern of the customer. Knowing the usage pattern of a customer means that the adversary knows what the customer does at any time. This is one of the most serious threats to the customer’s privacy. If an attacker compromises any server providing a location-based service, the attacker can illegally acquire the information where a customer is and what the customer does. From the information, the attacker keeps the customer under observation. This is also an important privacy invasion, specifically private information leakage at the server. Furthermore, the attacker might create fabrication of counterfeit service such as a spy-ware on the Internet. At the user’s view, it is one of virtuous services, and many users request services provided by the fabrication. Unfortunately, those users who consume the fabricated service are robbed of their private information. For the user’s privacy, we should prohibit both types of malicious user from abusing any honest user’s private information. As mentioned above in section 2, many solutions concentrate on just one type of two malicious users. In this paper, however, we focus on both types of malicious user to improve user’s privacy in location-based service system. We propose a novel authentication protocol and service protocol that enhance the privacy-awareness of the location-based system.

4

Privacy-Aware Service Protocol

The proposed privacy-aware service protocol consists of two parts; one is the authentication protocol, the other is the service supply protocol. Before a user

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

623

requests any service, he/she must acquire the authenticator, called service ticket. With the service ticket, the service provider can authenticate the user without his/her identity information. The authentication protocol controls acquirement of the authenticator. The service supply protocol manages the usage of service. 4.1

Service Network

In order to build a privacy-aware service protocol, we assume a service environment as shown in Fig. 2. There are five main entities such as user Alice, service provider (SP), trusted ticket server (TTP), access points (AP), and Mix-net. The SP provides required services to authorized users. This is location-based service. The TTP issues service tickets to users who are requested from the SP. An AP is a connecting point to service network. We assume that the system is based on wireless LAN, but it can be applied other wireless networks and ubiquitous computing system. The Mix-net is a network that breaks the link between sender and receiver. Because of it, an adversary does not know the sender and the receiver of a message in the network. The service network employs the Mix-net for anonymous communication. 4.2

Requirements for Privacy-Aware Service Protocol

When a user wants to consume any service, he/she must be authenticated by the SP. If the user is trusted and has proper rights, the SP provides the requested service. However, at this time, the SP might record the identity of the user. Then, whenever he/she uses the service, the SP is able to record the information where the user is and the SP can grasp the context or the situation, which the user is faced. This is one of the privacy invasions to the service network we assumed. In order to handle this problem, the proposed protocol decouples the relation between user identity and the current location of the user. In the protocol, the SP does not know the user’s identity, but the user’s current location. Thus, the

Fig. 2. The proposed system architecture and ticket issuing steps

624

G. Lee et al.

previous threat is prevented by the proposed protocol. In order to decouple the relation between user identity and location, the proposed protocol uses ticket for authentication. When a user wants to use any service, the user sends a ticket and a temporal ID instead of user identity (ID). The ticket is issued by the TTP before the user requests the service. We assume that both the TTP and the SP do not conspire with each other. Based on the above description and the characteristics of service network, we pick out several requirements to support privacy-aware service in ubiquitous computing environment. These requirements are as follows; – User can use the service properly and timely. – User who wants to use a service should acquire the service ticket before requesting a service. – Service Provider should not know the identity of user (i.e. Alice) except for authentication phase. – TTP should not know the location information of user (i.e. Alice) – All messages should not replay by any third party. – Ticket should include only available services’ information. – This protocol should prove that the ticket is valid. That is, the ticket provided by a user is not replayed. – Ticket should be issued to authorized user. It is sure that SP can’t create request of a ticket, and it is also sure that TTP can not issue a ticket to a user arbitrarily, unless SP authorizes the user. 4.3

Ticket Issuing Protocol

In order to provide a service without user identity, the proposed system uses tickets for authentication. The ticket issuing protocol (TIP) manages the user authentication and authorization in the privacy-aware manner. We assume that the user who has proper rights has to be already registered in the SP. This protocol consists of 3 steps among a user, a SP, and a TTP. The protocol is as follows. 1. A user Alice (A) requests the service provider (SP) to issue a service ticket. This request message (M SGA ) consists of three parts such as a Alice’s identity (IDA ), a password based hash value of the ID, and a ticket requesting service ticket. The ticket requesting service ticket consists of a return block, a session key, and a password based hash value of nonce. The return block is the return path that is encrypted with onion encryption [13] and the nonce is a hash value of a combination of the random number and the timestamp. The message is encrypted with the SP’s public key, and it is signed with the user’s private key. It is transferred via the Mix-net for hiding user’s current location. The following is the message that requests a service ticket. M SGA = EP USP [IDA |HA [IDA ]|T icketReq ]|DSA T icketReq = EP UT T P [RB|S|HA [N ]]

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

625

2. Service provider verifies the digital sign in order to be sure of Alice’s message. It also verifies Alice’s ID and password. To do so, the SP calculates a hash value HA [IDA ] with Alice’s identity and password stored in the SP’s database. If both hash values are the same, the SP generates a request that demands to issue a service ticket for the user Alice. Otherwise, the request will be failed. The service ticket consists of a SVI, a nonce, a password based hash value of the nonce, and ticket requesting service ticket, which is comes from Alice. The SVI is service information that contains service name, Alice’s user level, and Alice’s rights. Since the SVI is encrypted with the SP’s secret key, no one creates a fabricated SVI. The message is encrypted with the TTP’s public key and is signed with the SP’s private key. This message does not contain any information of Alice. M SGSP = EP UT T P [SV I|N |HSP [N ]|T icketReq ]|DSSP SV I = EKSP [name|level|rights] T icketReq = EP UT T P [RB|S|HA [N ]] 3. The TTP checks the digital sign of SP, and then it verifies the message. For this, the TTP calculates the hash value of nonce and compares it with the received hash value. If they coincide, the TTP decrypts the T icketReq . The TTP creates a message including SVI, SP’s digital signature, a hash value from Alice, and session time. The ticket will be fired after some periods of time because of security threat. The encryption algorithm is not perfect so if the attacker has enough time and resource, he/she might decrypt the ticket. Thus the ticket is used during the session time ts . This message encrypts with the session key from Alice, and it sends the message to Alice via Mixnet. The return path is conformed to the return block included the request ticket. M SGT T P = ES [SV I|DSSP |HA [N ]|ts ]|DST T P . 4.4

Service Protocol

When Alice requests a service, she completes the service ticket with the message received from the TTP. Every message should contain following information; nonce, service information received from the SP, random ID generated by Alice, requested service information (SVCs), and two digital signatures of the SP and the TTP. These are encrypted with SP’s public key. SP keeps the nonce and timestamp for checking whether the message is replayed or not. The following is the completed service ticket. T icketSvc = EP USP [SV I|DST T P |DSSP |RID|N |SV Cs] When the SP receives the service request containing above information, it decrypts it. In order to prohibit the replaying the ticket, the SP looks up the relation in the old-ticket table that contains the nonce and timestamp, which it has been used before. If there is no matching relation, then SP stores the nonce and

626

G. Lee et al.

timestamp. After that, it verifies the signature and checks the requested service is available. If so, it provides the service. Otherwise, the request is dropped. Because of the constraints on storage capacity in the system, the size of oldticket table should be managed properly. In the protocol, the relation in the table is automatically deleted after specific time duration td . There is no complete way to decide the td . It should be determined according to the characteristics of services. Nevertheless, it should be longer than the ts . 4.5

Consideration on Providing the Autonomous Service

In ubiquitous computing environment, every service should have the characteristic of context-awareness [14]. In order to support this characteristic, the service provider is able to keep track the usage of a user. However, the proposed protocol prevents the SP from tracing the usage pattern of a user since the SP does not know the user’s identity. To overcome this limitation, the client side program might be an alternative solution. The client traces the service usage and the user’s location and it stores and analyzes them. According to the result, the client program can grasp the user’s context and situation and it request the proper service to the SP.

5

Implementation

In order to validate the proposed protocol, we have implemented the privacyaware service protocol in C on Linux environment. The services are built as the Web Services and the user’s request is transferred as an HTTP request. The user’s client program has been implemented as a plug-in. When a user sends a request through his/her web browser, the request is forwarded to the client program, and then the client makes the service request. At this time, if the client does not have service ticket for the SP in the repository on the user’s machine, it sends the ticket request message to the SP. Otherwise, the service request transferred through the Mix-net. For the Mix-net, we have implemented the mixes that support the reordering the incoming messages. Each packet in the Mix-net has the same length. In order to prevent the replay attack, each mix node remains the old message table that stores the hash value of processed packets during specific time. In the implementation, we have not uses the dummy traffic policy for the performance of service protocol. All built-in cryptographic operations are implemented by the OpenSSL crypto libraries [15]. The payloads of all packets related to the protocol are encrypted in RSA cryptosystem. For the password based hash value, we have used HMAC algorithm with user’s password or SP’s symmetric key. The protocol employs MD5 for all cryptographic hash operations and the RSA public key cryptosystem to encrypt the forwarded-path and the return block with a 128 bit RSA key. The random identity of a user have been generated by the pseudo-random number generator based on a cryptographic hash function.

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

6

627

Security Discussion

The proposed model has several security advantages such as anonymity, pseudonymity, unlinkability and unobservability. They are important factor for the user’s privacy. In this section, we describe how the proposed model achieves these characteristics. We explain these based on the terminologies introduced by Pfitzmann and K¨ ohntopp [16]. Anonymity: In the proposed model, we accomplish the anonymity for two kinds of information; one is users’ identity against the SP and the other is users’ location against the TTP and the adversary. The SP only knows the temporal ID of the user requesting a service. Thus the server does not identify among users that use a service at the moment. In addition, since the user’s request transferred via the Mix-net, the TTP and the adversary do not identify the user’s location. Pseudonymity: In the proposed model, for requesting the service and consuming the service, user should do not use the user’s identity, but temporal ID. Since the temporal ID is different at every service session, we can say our model employ the transaction pseudonym according to the Pfitzmann’s definition of the pseudonymity [16]. Unlinkability and Unobservabilty: The proposed model employs the Mixnet with free-route topology [8]. In the Mix-net, the request message is transferred through several mixes that are randomly chosen by the user. At an adversary’s view, the message is drifted in the network. Thus the adversary is not able to link the requester and requestee. Moreover, the mix can reorder the messages being in its own message pool. The mix, that is, does not flush the message in inserted sequence. Thus the adversary does not trace a message’s route to the service provider. It means the proposed model can support the unobservability.

7

Conclusion

In the ubiquitous environment, every service providing system may have the characteristic of the context-awareness. User’s location is an important information in order to aware his/her context. For effective and strong privacy protection, not only prohibiting acquirement of location information illegally but also forbidding abuse of the information obtained legally is important to protect the user privacy. In order to satisfy this, we concentrate on dispersion of sensitive user information. As a result, we propose a new privacy-aware service protocol for ubiquitous computing environment. The proposed protocol decouples userspecific data and location information. In addition, it employs the Mix-net among users, SPs, and TTP to support unlinkability and unobservability. The protocol enhances the degree of privacy protection. We implement the protocol based on the wireless LAN but it is able to adapt other wireless networks. We believe that the proposed mechanism supports efficient privacy-aware service in ubiquitous computing environment.

628

G. Lee et al.

References 1. Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ubiquitous Computing, IEEE Computer, Vol. 35 (2002) 22-26 2. Bussard, L., Roudier, Y.: Authentication in Ubiquitous Computing, In Proc. of UbiComp 2002 Workshop on Security in Ubiquitous Computing (2002) 3. Hengartner, U., Steenkiste, P.: Implementing Access Control to People Location Information, In Proc. of SACMAT 2004, NewYork, USA (2004) 11-20 4. Gedik, B., Liu, L.: A Customizable k-Anonymity Model for Protecting Location Privacy, CERCS Technical Reports, GIT-CERCS-04-15 (2004) 5. Gruteser, M., Grunwald, D.: Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, In Proc. of International Conference on Mobile Systems, Applications, and Services (2003) 31-42 6. Beresford, R., Stajano, F.: Location Privacy in Pervasive Computing, IEEE Pervasive Computing, Vol. 2 (2003) 46-55 7. Hong, J., Landay, J.: An Architecture for Privacy-Sensitive Ubiquitous Computing, In Proc. of International Conference on Mobile Systems, Applications, and Services (2004) 177-189 8. D´ıaz, C., Preneel, B.: Taxonomy of Mixes and Dummy Traffic, In Proc. of I-NetSec 04: 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems, Toulouse, France (2004) 9. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudo-nyms, Communications of the ACM, Vol. 4, No. 2 (1982) 10. Danezis, G., Dingledine, R., Mathewson, N., Hopwood, D.: Mixminion: Design of a Type III Anonymous Remailer Protocol, IEEE Symposium on Security and Privacy (2003) 2-15 11. Reiter, M., Rubin, A.: Crowds: Anonymity for Web Transactions, In ACM Transactions on Information and System Security, Vol. 1, No. 1 (1998) 66-92 12. Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection, In Proc. of the Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (2002) 91-102 13. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router, In Proc. of the 13th USENIX Security Symposium (2004) 14. Garlan, D., Siewiorek, D.P.: Project Aura : Toward Distraction-Free Pervasive Computing, IEEE Pervasive Computing (2002) 22-31 15. The OpenSSL Project, http://www.openssl.org/ 16. Pfitzmann, A., Kohntopp, M.: Anonymity, unobservability and pseudonymity - a proposal for terminology, Proceedings of the International Workshop on the Design Issues in Anonymity and Observability (2001) 1-9

A Neural Network Model for Detection Systems Based on Data Mining and False Errors Se-Yul Lee1, Bong-Hwan Lee2, Yeong-Deok Kim3, Dong-Myung Shin4, and Chan-Hyun Youn5 1

Department of Computer Science, Chungwoon University, San 29 Namjang-Ri, Hongseong-Eup, Hongseong-Gun, Chungnam, 350-701, Korea [email protected] 2 Department of Electrical & Computer Engineering, University of Florida Gainesville, FL 32611-6200, U.S.A. [email protected] 3 Department of Computer Information Science & Engineering, Woosong University, 17-2 Jayang-Dong, Dong-Gu, Daejeon, 300-718, Korea [email protected] 4 IT Infrastructure Protection Division Applied Security Technology Team, Korea Information Security Agency, 78 Karak-Dong, Songpa-Gu, Seoul, 138-160, Korea [email protected] 5 School of Engineering, ICU 119 Munjiro, Yuseung-Gu, Daejeon, 305-732, Korea [email protected] Abstract. Nowadays, computer network systems play an increasingly important role in our society. They have become the target of a wide array of malicious attacks that can turn into actual intrusions. This is the reason why computer security has become an essential concern for network administrators. Intrusions can wreak havoc on LANs. And the time and cost to repair the damage can grow to extreme proportions. Instead of using passive measures to fix and patch security holes, it is more effective to adopt proactive measures against intrusions. Recently, several IDS have been proposed and they are based on various technologies. However, these techniques, which have been used in many systems, are useful only for detecting the existing patterns of intrusion. It can not detect new patterns of intrusion. Therefore, it is necessary to develop a new technology of IDS that can find new patterns of intrusion. This paper investigates the asymmetric costs of false errors to enhance the detection systems performance. The proposed method utilizes a network model considering the cost ratio of false errors. Compared with false positive, this scheme accomplishes both security and system performance objectives. The results of our empirical experiment show that the network model provides high accuracy in detection. In addition, the simulation results show that effectiveness of probe detection can be enhanced by considering the costs of false errors.

1 Introduction The rapid growth of network in information systems has resulted in the continuous research of security issues. One of key research areas is detection system that many companies have adopted to protect their information assets for several years. In order X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 629 – 638, 2006. © IFIP International Federation for Information Processing 2006

630

S.-Y. Lee et al.

to address the security problems, many automated detection systems have been developed. However, between 2002- 2005, more than 200 new attack techniques were created and announced which exploited Microsoft’s Internet Information Server (IIS), one of the most widely used Web servers. Recently, several detection systems have been proposed based on various technologies. A “false positive error” is an error that detection system sensor misinterprets one or more normal packets or activities as an attack. Detection system operators spend too much time distinguishing events. On the other hand, a “false negative error” is an error resulting from attacker is misclassified as a normal user. It is quite difficult to distinguish intruders from normal users. It is also hard to predict all possible false negative errors and false positive errors due to the enormous varieties and complexities of today’s networks. Thus, detection system operators rely on their experience to identify and resolve unexpected false error issues. This study proposes a method to analyze and reduce the total costs based on the asymmetric costs of errors in the detection system. This study adopts the network model that has shown successful results for detecting and identifying unauthorized or abnormal activities from the networks [1]. The objective of the proposed method is to minimize the loss for an organization under an open network environment. This study employs the network model for detection. Furthermore, the study analyzes the cost effectiveness of the false error levels and presents experimental results for the validation of our detection model. The remainder of this paper consists of four sections. The next section presents the introduction of detection systems and the studies of data mining approaches for detection systems. The research model of this study is addressed in detail in Section 3. In Section 4, the asymmetric costs of false negative errors and false positive errors are validated by experimental results. Finally, this paper is concluded with the summary, contributions and limitations.

2 Detection Systems An intrusion is an unauthorized access or usage of the resources of a computer system [2]. Intrusion Detection System (IDS) is software with functions of detecting, identifying, and responding to unauthorized or abnormal activities on a target system [3, 4]. The goal of the IDS is to provide a mechanism for the detection of security violations either in real-time or batch-mode [5, 6]. Violations are initiated either by outsiders attempting to break into a system, or by insiders attempting to misuse their privileges [7]. IDS collect information from a variety of systems and network sources, and then analyze the information for signs of intrusion and misuse [8]. The major functions performed by IDS are monitoring and analyzing user and system activity, assessing the integrity of critical system and data files, recognizing activity patterns reflecting known attacks, responding automatically to detected activity, and reporting the outcome of the detection process. Intrusion detection can be broadly divided into two categories based on the detection method: misuse detection and anomaly detection. Misuse detection works by searching for the traces or patterns of well-known port attacks. Clearly, only known attacks that leave characteristic traces can be detected this way. This model of the

A Neural Network Model for Detection Systems

631

normal user or system behavior is commonly known as the user of system profile. A major strength of anomaly detection is its ability to detect previously unknown attacks. IDS are categorized according to the kind of audit source location they analyze. Most IDS are classified as either network based intrusion detection or a host based intrusion detection approach for recognizing and deflecting attacks. When IDS look for these patterns in the network traffic, they are classified as network based intrusion detection. When IDS look for attack signatures in the log files, they are classified as host based intrusion detection. In either case, these products look for attack signatures and specific patterns that usually indicate malicious or suspicious intent. Host based IDS analyze host bound audit sources such as operating system audit trails, system logs, and application logs. Network based IDS analyze network packets that are captures on a network. The current IDS have contributed to identifying attacks using historical patterns. But they have difficulty in identifying attacks using a new pattern or with no pattern [9]. Previous studies have utilized a rule based approach such as USTAT, NADIR, and W&S [10-12]. They lack flexibility in the rule to audit record representation. Slight variations in an attack sequence can affect the activity rule comparison to a degree that intrusion is not detected by the intrusion detection mechanism. While increasing the level of abstraction of the rule base does provide a partial solution, it also reduces the granularity of the intrusion detection device. These limitations in rule based systems can be summarized as follows: the lack of flexibility and maintainability in the acquisition process of rules, lack predictive capability, lack of automatic learning capability, a high rate of false alarms or missing alarms, and difficulty in applying organizational security policies. Many recent approaches to IDS have utilized data mining techniques. Known examples are the Computer Misuse Detection System (CMDS), the Intrusion Detection Expert System (IDES), and the Multics Intrusion Detection and Alerting system (MIDAS) using neural networks. These approaches build detection models by applying data mining techniques to large data sets of an audit trail collected by a system [13]. Data mining based IDS collect data from sensors which monitor some aspect of a system. Sensors may monitor network activity, system calls used by user processes, and file system accesses. They extract predictive features from the raw data stream being for detection. Data gathered by sensors are evaluated by a detector using a detection technique. Table 1 shows the studies of data mining applications for IDS. Table 1. List of data mining applications in IDS [4-10] Detection method Misuse

Anomaly

Network based

Data mining methods CBR of Esmaili NN of Endler NN of Cannady GA of Balajinath NN of Kumar NN of Endler NN of Bonifacio GA of Sinclair CBR of Esmaili NN of Heatley GA of Balajinath

632

S.-Y. Lee et al.

3 Cost of Errors for Detection Systems 3.1 Network Models for Detection Systems The model consists of network based detection model and monitoring tool (Fig. 1) [14]. The model adopts the problem solving methodology which uses previous problem solving situations to solve new problems.

Fig. 1. Architecture of the proposed model

The model does preprocessing by packet analysis module and packet capture module. The packet capture module captures and controls packet. The packet capture module does real-time capturing and packet filtering by using the monitoring tool of Detector4win version 1.2 [15]. In the packet filtering process, packets are stored according to the features which distinguish between normal packets and abnormal packets. The packet analysis module stores data and analyzes half-open state. After storing packets, the packets, which are extracted by audit record rules in the packet analysis module, are sent to the detection module. The input and output of detection module, namely STEP 1 [16], is traffic and alert, respectively. The traffic is an audit packet and the alert is generated when an intrusion is detected. The detection module consists of session classifier, pattern extractor, and pattern comparator. The session classifier takes packet of the traffic and checks whether or not the source is the same as the destination. There is a buffer for the specific session to be stored. And, if the next packet is arrived, it is stored in the corresponding buffer. If all packets of the corresponding buffer are collected, all packets of the corresponding buffer are output as on session. The output session becomes an input to the pattern extractor or pattern comparator according to action mode. The action mode consists of learning mode and pre-detection mode. The output session from the session classifier is sent to the pattern extractor in the learning mode and to the pattern comparator in the pre-detection mode. Fig. 2 shows the block

A Neural Network Model for Detection Systems

633

diagram of the STEP 1. The pattern extractor collects the sessions, which have the same destination, and extract common pattern. Each consists of two features. The first feature is a head part which appears in common sessions, which have the same destination, when sessions are arranges by size packets using the time sequence. The second feature is the minimum length of the sessions which have the same destination. The length of session is the number of packets of session.

Fig. 2. A Block Diagram of STEP 1

The pattern comparator compares packets with the rule based pattern. If the probe packets and the rule based pattern do not correspond, the pattern comparator considers the probe packets as the abnormal session and generates an alert signal. Thus, the pattern comparator receives a session and the rule based pattern as an input. From the input session the data size and the length of session are extracted. If there is a mismatch in one of two features, the pattern comparator considers a session as the abnormal session. What we must consider for the pattern extraction is whether we extract the pattern continuously or we extract the pattern periodically. We generally call the former the real-time pattern extraction and the latter the off-line pattern extraction. The real-time patterns extraction is better than off-line pattern extraction in the viewpoint of updating the recently changed pattern. But, it is difficult to update the pattern when probes occur. For the pattern, if possible, normal traffic becomes a rule-based pattern. Otherwise, an abnormal traffic sometimes becomes a rule-based pattern. And an abnormal intrusion traffic is considered as an normal traffic. It is called false negative error. The model uses detection module, namely STEP 2, to compensate the false negative error by using fuzzy cognitive maps. The detection module of model is intelligent and uses causal knowledge reason utilizing variable events which hold mutual dependences. For example, because CPU capacity increases when syn packet increases, the weight of a node, Wik, has the value of rang from 0 to 1. The total weighted value of a node depends on path between nodes and iteration number. This can be written as the following equation.

634

S.-Y. Lee et al. n

N k (tn +1 ) = ¦ Wik (tn ) N i (tn ) , i =1

where Nk(tn) : Tthe value of the node k at the iteration number tn tn : Iteration number Wik(tn) : Weight between the node i and the node k at the iteration number tn On the above equation, the sign of weight between the node i and the node k depends on the effect from the source node to the destination node. 3.2 Analysis for Costs of Errors For the network modeling in the Fig. 1, the analysis of costs of errors is presented in Fig. 3. The purpose of Fig. 3 is to analyze the relationship between the total costs and detection system errors, and find the optimal threshold of network model that minimizes the total costs for intrusion detection. The solution provides the weights of errors while the weights can be adjusted to enhance the effectiveness of intrusion detection according to the threshold value of the activation function. The activation function produces the level of excitation by comparing the sum of these weighted inputs with the threshold value. This value is entered into the activation function, i.e. the sigmoid function, to derive the output from the node. The cost of attacks or errors has received attention in designing IDS [17], [18]. The cost of a false negative error is much higher than that of a false positive error because an organization may suffer from various security incidents compromising confidentiality,

Fig. 3. A Block Diagram of Error's Cost

A Neural Network Model for Detection Systems

635

integrity, and availability when not detecting real attacks. This study introduces the concept of the asymmetric costs of errors to calculate overall misclassification costs. The performance of detection system is optimized when the total costs are minimized. A false negative error, which is the cost of not detecting an attack, is incurred when the detection system does not function properly and mistakenly ignores an attack. This means that the attack will succeed and the target resource will be damaged. Thus, a false negative error should take a higher weight than a false positive error. The false negative errors are therefore described as the damage cost of the attack. The cost function for detection system can be defined as follows:

Atotal ( x) = ω1 A1 + ω2 A2 + ..... + ωn An n

=

¦ω A , i

i

i =1

where Atotal(x) : Total cost Ȧi : Weight for each cost Ai Ai : Cost for each error i To measure each cost, we used the errors that are the misclassified by our detection methods. The cost ratio of a false positive error and a false negative error varies depending on the characteristics of the organization. Thus, we found out the minimal total costs by the simulation of adjusting the weights one hundred times. The threshold values can be searched to minimize the total costs for a specific cost ratio of false negative errors to false positive errors.

4 Performance Evaluation For the performance evaluation of the proposed model, we have used the KDD data set (Knowledge Discovery Contest Data) by MIT Lincoln Lab, which consists of labeled data (training data having syn and normal data) and non-labeled data (test data). We utilize a network model to apply the proposed method for the above data. Three-layer feed-forward networks are used to detect an intrusion. Logistic activation function is utilized in the output layer. The number of hidden nodes is selected through experimentation with n/2, n, and 2n of nodes (n is the sum of input nodes) by fixing the input and output nodes. A series of experiments were conducted to analyze the effects of varying the value of the threshold values of false negative errors and false positive errors (Fig. 4). As the threshold value increases, false positive errors increase while false negative errors decrease. After the ratio of false negative errors over false positive errors is given, the threshold value that minimizes the total cost can be determined. Let us suppose that the cost of false negative error is equal to that of false positive error. We can find the optimal point of the threshold at 0.12 from Fig. 4. When the output is over the threshold value, the output is interpreted as an attack and normal vice versa. The performance of networks is calculated by the function of cost, which consists of false positive errors and false negative errors (Table 2).

636

S.-Y. Lee et al.

100 90 80 Errors(%)

70 60 50 40 30 20 10 0 0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Threshold False Postivie Error

False Negative Error

Cost

Fig. 4. The performance of the proposed model with cost of errors

The performance of network model is measured in the output sample data. The total cost of the network model is 15.32% when the threshold value is 0.5 which is a general value without considering costs of errors. When the optimal point of threshold of 0.12 is applied to the network model from Fig. 4, the cost is 15.95%. The cost decreases and the performance of the intrusion detection model are sensitive according to the threshold. A false negative error is more important in detection system as mentioned in the previous section. We need to concentrate on the decrease of false negative errors according to the change of the threshold value. The decreases of the false negative errors are 1.17% from 9.01 to 7.84%. The change in the total cost would be greater as weights are added to the negative false errors. Thus, we will analyze the results of the network model by the simulation for total costs of detection systems performance. We increase the cost ratio by 0.1 from 1.0 and 10.0 and search each minimal total by 250 times through the simulation. When a false negative error takes the weight value five times larger than a false positive error, the total percentage of errors is 9.95%. When the cost ratio is 1, the total percentage of errors is 15.94%. The decreased amount is about 38% compared to Table 2. The performance of network models Threshold Value 0.5

0.12

Sample Input Output Total Input Output Total

False positive errors(%) 24.63 21.63 23.13 25.49 24.06 24.78

False negative errors(%)

Cost(%)

9.23 9.01 9.12 8.45 7.84 8.15

16.93 15.32 16.13 16.97 15.95 16.46

A Neural Network Model for Detection Systems

637

the original cost, which has the cost ratio of 1. Thus we come to the conclusion that a success factor for detection system is the cost ratio and threshold as well as the classification accuracy.

5 Conclusions There have been a variety of studies and systems designed to detect intrusion by using data mining approaches. However, most studies addressed the measure of system performance as providing prediction accuracy without considering the costs of errors in intrusion detection. In this study we proposed a network model based on costs of false positive errors and false negative errors. The first diagram of this study develops a network model for intrusion detection, while the second diagram analyzes the system performance based on costs of errors. The results of the empirical experiment indicate that the network model provides very high performance in accuracy of intrusion detection. The cost of false negative errors must be much higher than that of the false positive errors to an organization. The total cost of errors is minimized by adjusting the threshold value for the specific cost ratio of false negative errors to false positive errors. For further study, other data mining methods such as genetic algorithms and inductive learning may be applied to detection system.

Acknowledgements This work was supported by University IT Research Center Project of MIC. It is also supported in part by MOCIE Regional Innovation Program.

References 1. Lee, W., Stolfo, S. J., "A data mining framework for building intrusion detection models," IEEE Symposium on Security and Privacy, pp. 209-220, 1999. 2. Es,ao;o, M., Safavi-Naini, R., Balachadran, B., "Case-based reasoning for intrusion detection," 12th Annual Computer Security Application Conference, pp. 214-223, 1996. 3. Denning, D. E., "An intrusion detection model," IEEE Trans. S. E., SE-13(2), pp. 222-232, 1987. 4. Richards, K., "Network based intrusion detection: a review of technologies," Computer and Security, pp. 671-682, 1999. 5. Debar, H., Dacier, M., "Towards a taxonomy of intrusion detection systems," Computer Networks, pp. 805-822, 1989. 6. Debar, H., Becker, M., "A neural network component for an intrusion detection system," IEEE Computer Society Symposium Research in Security and Privacy, pp. 240-250, 1992. 7. Weber, R., "Information Systems Control and Audit," IEEE Symposium on Security and Privacy, pp. 120-128, 1999. 8. Lippmann, R. P., "Improving intrusion detection performance using keyword selection and neural networks," Computer Networks, Vol. 24, pp. 597-603, 2000.

638

S.-Y. Lee et al.

9. Jasper, R. J., Huang, M. Y., "A large scale distributed intrusion detection framework based on attack strategy analysis," Computer Networks, Vol. 31, pp. 2465-2475, 1999. 10. Ilgun, K., Kemmerer, R. A., "Ustat: a real time intrusion system for UNIX," Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 16-28, 1993. 11. Hubbards, B., Haley, T., McAuliffe, L., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M., "Computer system intrusion detection," pp. 120-128, 1990. 12. Vaccaro, H. S., "Detection of anomalous computer session activity," Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 280-289, 1989. 13. Helman, P., "Statistical foundations of audit trail analysis for the detection of computer misuse," IEEE Transactions on software engineering, Vol. 19, pp. 861-901, 1993. 14. Lee, S. Y., "Design and analysis of probe detection systems for TCP networks," International Journal of Advanced Computational Intelligence & Intelligent Informatics, Vol. 8, pp. 369-372, 2004. 15. Lee, S. Y., An Adaptive probe detection model using fuzzy cognitive maps, Ph. D. Dissertation, Daejeon University, 2003. 16. Park, S, J., A Probe Detection Model using the analysis of the Session Patterns on the Internet Service, ph. D. Dissertation, Daejeon University, 2003. 17. Maxion, R. A., "Masquerade detection truncated command lines," International Conference on Dependable Systems and Networks, pp. 219-228, 2002. 18. Joo, D, J., The Design and Analysis of Intrusion Detection Systems using Data Mining, Ph. D. Dissertation, Korea Advanced Institute of Science and Technology, 2003.

An Analysis on the Web Technologies for Dynamically Generating Web-Based User Interfaces in Ubiquitous Spaces Ilsun You1 and Chel Park2 1

Department of Information Science, Korean Bible University, 205 Sanggye-7 Dong, Nowon-ku, Seoul, 139-791, South Korea [email protected] 2 Fasoo.com, Product Planning Team, KByeoksam bldg. 5th fl., Yeoksamdong, Kangnamgu, Seoul, 135-911, South Korea [email protected]

Abstract. In this paper, we study the web technologies that allow ubiquitous spaces to create dynamic web pages in accordance with user profiles. Especially, we explore the server-side scripting approach, the most popular technology for dynamic web pages. This approach mainly adopts the execute-while-parsing model, which suffers from the interpretation overhead. Recently, the compilethen-execute model was proposed to address the overhead. This paper compares and analyzes the two models, while performing benchmark test in Microsoft ASP and ASP.NET environment. The benchmark results show that, due to the high initialization overhead, the compile-then-execute model cannot substantially improve the execute-while-parsing model. Also, the best performance can be achieved through optimization rather than compiled execution. Based on the results of the benchmark test, we develop a speedup model, which estimates the maximum performance improvement achievable by the compile-then-execute model.

1 Introduction Since the introduction by Mark Weiser, ubiquitous computing technology has received significant attention in the last few decades [1-5]. In ubiquitous computing environment, users carry mobile access devices such as PDAs, mobile phones and wristwatches, through which they can seamlessly access resources and services within ubiquitous spaces. For example, as Alice enters an intelligent hotel room, which is a ubiquitous space, her mobile access device is automatically detected and joins the space. Then, her device alerts her that she is within the ubiquitous space, thus allowing her to use resources and services provided by the space. Nowadays, the dynamic web page service is becoming important in ubiquitous computing environment because of the followings: y It is preferred to use the web and its underlying HTTP protocol for interaction between mobile access devices and ubiquitous spaces because they are standard X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 639 – 649, 2006. © IFIP International Federation for Information Processing 2006

640

I. You and C. Park

and mature technology easy to implement. Furthermore, since most mobile access devices include a web browser, it is desirable to use the web browser as an interface to ubiquitous spaces. y Typically, ubiquitous spaces tend to offer various resources and services, all of which should not be given to users. Therefore, interfaces to the spaces need to be personalized according to user profiles. Such personalization requires a service that dynamically generates web-based user interfaces for controlling resources and services according to user profiles. In this paper, we study the web technologies that allow ubiquitous spaces to create dynamic web pages in accordance with user profiles. Especially, we explore the server-side scripting approach, the most popular technology, which mainly adopts the execute-while-parsing model. However, the execute-while-parsing model has a critical burden that server-side scripts must be interpreted every time they are requested. Recently, the compile-then-execute model was proposed to address this burden. This model allows a script page to be executed without any compilation, after the page is first compiled. Thus, it is expected that the compile-then-execute model improves the execute-while-parsing model. This paper compares and analyzes the two models, which are expected to be popular in ubiquitous computing environment. For the purpose, we design a benchmark program, implement three different versions of the program and perform benchmark test in Microsoft Active Server Pages (ASP) and ASP.NET environment. The rest of the paper is organized as follows. Section 2 reviews the web technologies that enable creating dynamic web pages, and section 3 gives a brief overview of ASP and ASP.NET. Section 4 describes test environment and our benchmark program. In section 5, the results of the benchmark test are analyzed, and then a speedup model is provided. Finally, section 6 draws some conclusions.

2 Web Technologies for Generating Dynamic Web Pages Since the introduction of the web, there has been a tremendous demand for mechanisms that enables creating dynamic web pages in accordance with user requests. The Common Gateway Interface (CGI), a standard for running external programs (CGI programs) on a web server, was the first widely means for generating dynamic web pages. Though CGI has benefits such as ease of understanding, language independence, platform independence and so forth, it has the two significant drawbacks [6-10]: low performance and high programming overhead. The limitations of CGI have led to various approaches such as web server extensions, Fast-CGI, java servlets and server-side scripting [7,8]. Unlike other approaches whose goal is to address the low performance, server-side scripting focuses on minimizing the programming overhead. Since script languages are easy and convenient to build, debug and modify, this approach achieves the purpose, while becoming a popular technology. However, it has a critical burden that server-side scripts must be interpreted every time they are requested. To address this burden, the web technologies such as Practical Extraction and Report Language (PERL), Microsoft Active Server Pages (ASP) and PHP: Hypertext Preprocessor (PHP) 3.0 implement an interpreter based on web server extensions. In spite of reducing the burden, the technologies still

An Analysis on the Web Technologies

641

require the web server to interpret the scripts. Unlike the interpreter-based technologies using an execute-while-parsing model, advanced technologies such as PHP 4.x/5.x, Sun Java Server Pages (JSP) and ASP.NET use a compile-then-execute model for removement of the interpretation overhead. This model allows a script page to be executed without any compilation, after the page is first compiled.

3 Overview of ASP and ASP.NET 3.1 Active Server Page Active Server Pages (ASP) is a server-side scripting technology that supports the creation of dynamic web pages [11]. This technology allows a web developer to combine Hypertext Markup Language (HTML), scripts, Extensible Markup Language (XML), and reusable Component Object Model (COM) including ActiveX controls to build powerful interactive web sites. An ASP page is an HTML page that contains server-side scripts, and is executed as shown in Fig. 1. ASP.dll interprets a requested ASP page and executes any script commands in it, while running as a script language interpreter in the web server process. Also, it provides access to COM objects including ADO and ASP components. Web Server

HellASP.asp

2. The web server finds, interprets and executes the requested page

Web Browser 1. The web browser requests an asp page

ASP Interpreter (ASP.dll) Result Page

9:58:29 Hello ASP!
Current Time: 2005-07-30

3. The web server sends the result page to the browser

4. The web browser displays the result page

Fig. 1. ASP page execution model

ASP offers the following competitive features: y Server-side scripting y Easy and Flexible Database Access y Extensibility through COM Objects 3.2 ASP.NET ASP.NET, which is more than the next version of ASP, is a set of technologies in the Microsoft .NET framework for building web applications and XML web services [12-14]. It provides a unified web development model that enables developers to build

642

I. You and C. Park

enterprise-scale web applications. Also, it uses a compiled, event-driven programming model that improves performance and enables the separation of application logic and user interface. Because of being based on the fundamental architecture of .NET framework, it allows web applications to be created in any .NET compatible language, such as Visual Basic .NET, C#, and JScript .NET. Furthermore, developers can easily leverage the benefits of .NET framework, which include the managed common language runtime environment, type safety, inheritance, and so on. Fig. 2 describes five key advantages of ASP.NET [13].

Developer Productivity ƒ Easy Programming Model Separation of Code from HTML Event-Driven Programming Model Graphical Development Environment ƒ Flexible Language Options ƒ Great Tool Support: Visual Studio .NET ƒ Rich Class Framework

Easy Deployment No touch application deployment ƒ ƒ Dynamic update of running application ƒ Easy Migration Path

Enhanced Reliability ƒ Memory Leak, DeadLock and Crash Protection

Improved Performance and Scalability ƒ Compiled execution ƒ Rich output caching ƒ Web-Farm Session State

New Application Models ƒ XML Web Services ƒ Mobile Web Device Support

Fig. 2. Key advantages of ASP.NET W eb Server

W eb Brow ser Request G ET /hello.aspx HTTP/1.1 Accept: ... Accept-Language: ko Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 Host: www.testsite.net:8080 Connection: Keep-Alive

HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: M on, 1 Aug 2005 05:10:59 GMT Content-Type: text/htm l; charset=ks_c_5601-1987 Content-Length: 5361

Page Parser: Get Compiled Page Instance Compiler

No

Compiled assembly already exsits?

Yes Mem ory Assembly IL

Result Page Assembly IL

Assembly IL Assembly IL

Execute Content-Type: text/htm l Content-Length: 1354 ....

Assem bly Cache

HTTP Runtime

Fig. 3. ASP.NET page execution model

In contrast to classic ASP pages, ASP.NET pages are compiled and then executed as illustrated in Fig. 3. When an ASP page is first requested, it is compiled into a .NET assembly. Without the requirement of interpretation, subsequent requests are directly processed by the assembly, which is cached in assembly cache until its source page is changed. Such a compile-then-execute model makes ASP.NET overcome the performance penalties caused by interpreting the scripts. In addition to the improved

An Analysis on the Web Technologies

643

performance, ASP.NET requires no explicit compile step, thus making web application development easier, faster and much more cost-effective.

4 Experiments A main goal of this paper is to analyze the execute-while-parsing and compile-thenexecute models, which are expected to be popular in ubiquitous computing environment. For this goal, we measure web server performance through benchmark test. 4.1 Test Environment For performance measuring, we use as a benchmark tool WebBench 5.0 developed by VeriTest [15]. Fig. 4 shows our test environment based on WebBench. In this environment, clients execute WebBench tests while sending repeated requests to the web server, and controller provides a means to set up, start, stop, and monitor the WebBench tests.

Fig. 4. Test environment architecture

System specification is as follows. y y y

Web Server H/W: Intel Pentium III 1GHz processor, 256MB main memory S/W: Microsoft Windows Server 2003, Internet Information Server 6.0 Controller H/W: Pentium III 733MHz processor, 256MB main memory S/W: Microsoft Windows XP Home Edition, WebBench Controller Client H/W: Pentium III 733MHz processor, 256MB main memory S/W: Microsoft Windows XP Home Edition, WebBench Client

4.2 Benchmark Program We design a benchmark program as shown in Fig. 5. The benchmark program is first implemented as an ASP page, which is then migrated into an ASP.NET page according to [16-19]. After migrated, the ASP.NET page is optimized. Especially, for migration from ASP to ASP.NET, we change just an ASP page's file extension from .asp to

644

I. You and C. Park

.aspx. Such a port allows the impact of compiled execution on performance to be measured. In order to examine performance improvement caused by new features of ASP.NET besides compiled execution, we optimize the migrated ASP.NET page by creating strongly typed variable declarations.

Migration i=0 j=0

no

= max){ T = T ∪ {g}; G = G\{g}; exist = true; break; }//end of if }//end of for if (exist) break; }//end of for }//end of while save group T; }//end of while }

Fig. 3. Computing R value and variable grouping

which are often sequentially accessed. Figure 2(c) shows result of variable grouping of five variables of 183.equake. Figure 3 gives the algorithms of variable regrouping.

5 Data Reorganization By the variable analysis, we can find variables which are often accessed together. In C programs, the attributes of a structure are stored together. If we reorganize the variables given by analysis result of section 4, program data locality can be improved. There are some existing data reorganization technologies for different data structures, such as array regrouping for array, structure splitting and structure field reordering for structure [6]. In this section we will introduce a regrouping technology for dynamic array. Our dynamic array regrouping technology includes two main steps: the first is memory allocation merging, by allocating a uniform memory region for an array and substituting pointer for array access; the second is normal array regrouping [6]. We implement a source-to-source transformer based on the SUIF compiler infrastructure of Stanford University [10] to do dynamic array regrouping. The transformer changes the allocation and the reference of the dynamic arrays. Figure 4 gives an example of two-dimensional dynamic array regrouping. Initially M23, C23 and V23 are three two-dimensional dynamic arrays whose elements are double type. After dynamic array regrouping they can be grouped into a region indicated by a pointer.

864

X. Fu, Y. Zhang, and Y. Chen

In dynamic array regrouping there are two problems: First, the dimensions and the each dimension’s size of dynamic array must be the same, but the type of element of array can not be the same. All of these are profiled by source-level instrumentation in our framework. Second, in program transformation, the alias of dynamic array must be considered. In our framework points-to analysis in [11] is implemented to solve this problem. //definition and initialization double **M23, **C23 **V23 M23 = (double **) malloc(ARCHnodes * sizeof(double *)); C23 = (double **) malloc(ARCHnodes * sizeof(double *)); V23 = (double **) malloc(ARCHnodes * sizeof(double *)); for (i = 0; i < ARCHnodes; i++) { M23[i] = (double *) malloc(3 * sizeof(double)); C23[i] = (double *) malloc(3 * sizeof(double)); V23[i] = (double *) malloc(3 * sizeof(double)); } //reference disp[disptplus][i][j] += 2.0*M[i][j]*disp[dispt][i][j]-(M[i][j]-Exc.dt/2.0*C[i][j]) * disp[disptminus][i][j] -Exc.dt * Exc.dt * (M23[i][j] * phi2(time) / 2.0+ C23[i][j] * phi1(time) / 2.0 +V23[i][j] * phi0(time) / 2.0); (a) Definition and reference before regrouping //definition and initialization struct MCV{ double M23; double C23; double V23; }; struct MCV *pmcv = (struct MCV*)malloc(ARCHnodes*3*sizeof(struct MCV)); //reference disp[disptplus][i][j] += 2.0 * M[i][j] * disp[dispt][i][j]-(M[i][j]-Exc.dt/2.0* C[i][j])* disp[disptminus][i][j]-Exc.dt*Exc.dt*((*(pmcv+i*3+j)).M23*phi2(time)/2.0+ (*(pmcv+i*3+j)).C23*phi1(time)/2.0+(*(pmcv+i*3+j)).V23*phi0(time)/2.0); (b) Definition and reference after regrouping Fig. 4. Regrouping example of two-dimensional dynamic array (183.equake)

6 Experiments As described earlier, we take use of two transformers based on SUIF [10] to do the source-level instrumentation and dynamic array regrouping. The transformed C code is compiled by GCC 3.2.2 at –O3. Experiments run on an Intel Celeron(R) (2.0G) processor running Red Hat Linux 9.0, which has 8K L1 data cache (4-way) and 128k L2 cache (2-way), and the cache line size is 64byte. Our testing programs are three programs from SPEC CPU2000 with some dynamic arrays: 183.equake, 179.art and 188.ammp. Our optimization framework analyzes relationship of all dynamic arrays at the test input, and regroups some dynamic arrays.

Data-Layout Optimization Using Reuse Distance Distribution

865

Table1 shows our optimization result. One program, 183.equake, has two groups including five dynamic arrays, and the other two programs, 179.art and 188.ammp, have only one group. For three programs with ten inputs, our framework gets speedup from 0.60% to 7.41%, and the average speedup is 4.22%.We find arrays grouped in the first two programs are two dimensions, but arrays grouped in 188.ammp are one dimension. Therefore, the dimension of array is quite sensitive to optimization. Table 1. Optimization Result Benchmark 183.equake

Grouped Array (M, C) (M23,C23, V23)

179.art

(tds, bus)

188.ammp

(x, y, z, xx, yy, zz)

Input Test train ref test train ref1 ref2 test train ref

Memory Reference Times Standard Optimized 542,890,080 539,682,079

1,390,572,801

1,388,948,481

2,733,856,332

2,733,633,990

Average

Fig. 5. Reuse distance and cache miss distribution at test input

Speedup 5.86% 7.41% 6.12% 6.74% 7.36% 2.74% 3.49% 0.77% 1.10% 0.60% 4.22%

866

X. Fu, Y. Zhang, and Y. Chen

To evaluate the impact on program data locality, we measure the reuse distance of three programs at test input, and analyze the cache miss based on reuse distance. In our experiments, Pin [12] is availed to trace program memory references. Memory Reference Times in table 1 shows the number of memory reference computed by Pin [12]. We can see that optimization reduces the number of memory reference. Figure 5 gives the comparison of reuse distance and cache miss between normal program and optimized program. Both reuse distance and cache miss are given in cache blocks; multiplying by 64 converts the range to bytes. For reuse distance distribution, the x-axis shows the distance in a log scale (the max cache size is 4M), and the y-axis shows the number of memory reference. For cache miss distribution, the x-axis shows the cache size in a log scale, and the y-axis shows the number of cache miss. From figure 5, we can observe that the reuse distance of whole program decreases and the cache miss number reduces in all kinds of cache size after optimization.

7 Related Work Program cache behavior analysis and data structure reorganization have been the subjects of much research. For example, T.M. Chilimbi [3] defines a cache behavior model named hot-streams, which uses the frequency of data sub-streams to quantitate relation of structure fields, and uses structure splitting to improve data locality. The model combines dynamic relation with frequency but does not give whole-program relation. Shai Rubin [5] proposes a parameterizable framework for data-layout optimization. Their framework finds out a good layout by searching the space of possible layouts, with the help of profile feedback, and takes use of field reordering and custom memory allocation to improve data locality. Yutao Zhong [6] defines a cache behavior model called reference affinity based on reuse distance signature, which measures how close a group of data are always accessed together in a reference trace. When applied for array regrouping and structure splitting, their model can effectively improve program data locality and program performance. This paper demonstrates that a similar model can serve as a metric of data structure reorganization. Together, we provide a new array regrouping method for dynamic array.

8 Conclusion and Future Work In this paper we present a data-layout optimization framework. Unlike prior works on data-layout optimization, our framework uses a variable relation model based on variables’ reuse distance distribution to find variables which are often accessed together. In addition, our framework introduces a new data reorganization technology for dynamic array to improve data locality. Our framework takes use of source code transformation and is platform independent. Experiments show that this framework can optimize program data locality and improve program performance. Three test programs have gotten an average speedup of 4.22% by improving data locality.

Data-Layout Optimization Using Reuse Distance Distribution

867

Our future work includes: (1)optimizing the variable relation model, and enabling it to find variable relation more accurately; (2)implementing more data reorganization on our data-layout optimization framework, such as normal array regrouping, structure splitting, and structure field reordering.

Acknowledgement The authors would like to thank Xiaofeng Li, Yan Guo for their useful discussions and the anonymous referees for their useful comments. This work is supported by the National Natural Science Foundation of China under Grant No. 60473068, with support from Intel China Research Center.

References [1] David Patterson, Thomas Anderson, Neal Cardwell et al. A Case for Intelligent RAM. In IEEE Micro, Apr 1997, pp 34–44. [2] K. S. McKinley et al. Improving Data Locality with Loop Transformations. ACM Transactions on Programming Languages and Systems, 18(4):424-453. [3] T.M. Chilimbi. Efficient Representations and Abstractions for Quantifying and Exploiting Data Reference Locality. In Proceedings of PLDI’01, pp. 191-202. [4] Youfeng Wu. Efficient Discovery of Regular Stride Patterns in Irregular Programs and Its Use in Compiler Prefetching. In Proceedings of PLDI’02, June 2002, pp210-221. [5] Shai Rubin, Rastislav Bodik, Trishul Chilimbi. An Efficient Profile-Analysis Framework for Data-Layout Optimizations. In Proceedings of POPL’02, 2002, pp 140-153 [6] Yutao Zhong, Maksim Orlovich, Xipeng Shen, Chen Ding. Array Regrouping and Structure Splitting using Whole-Program Reference Affinity. In Proceedings of PLDI’04, June 2004, pp. 255 - 266. [7] K. Beyls et al. Platform-Independent Cache Optimization by Pinpointing Low-Locality Reuse. In Proceedings of ICCS’04, volume 3, pp 463–470. [8] K. Beyls, E. D'Hollander. Reuse Distance as a Metric for Cache Behavior. In Proceedings of the Conference on Parallel and Distributed Computing and Systems, 2001, pp. 617–662 [9] Chen Ding, Yutao Zhong. Predicting Whole-Program Locality with Reuse Distance Analysis. In Proceedings of PLDI’03, San Diego, CA, June 2003.pp.245-257. [10] B.P. Wilson et al. SUIF: A Parallelizing and Optimizing Research Compiler. ACM SIGPLAN Notices, 29(12):31-37, December 1994. [11] Bjarne Steensgaard. Points-to Analysis in Almost Linear Time. Proceedings of POPL’96, St. Petersburg, FL, Jan 1996. [12] Chi-Keung Luk, Robert Cohn, et al. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of PLDI’05, Chicago, Illinois, USA, June 2005, pp. 190-200.

Co-optimization of Performance and Power in a Superscalar Processor Design Yongxin Zhu1 , Weng-Fai Wong2 , and S¸tefan Andrei2 1

School of Microelectronics Shanghai Jiao Tong University [email protected] 2 School of Computing National University of Singapore {wongwf, andrei}@comp.nus.edu.sg

Abstract. As process technology scales down, power wall starts to hinder improvements in processor performance. Performance optimization has to proceed under a power constraint. The co-optimization requires exploration into a huge design space containing both performance and power factors, whose size is over costly for extensive traditional simulations. This paper describes a unified model covering both performance and power. The model consists of workload parameters, architectural parameters plus corresponding power parameters with a good degree of accuracy compared with physical processors and simulators. We apply the model to the problem of co-optimizing the power and performance. Concrete insights into the tradeoffs of designs for performance and power are obtained in the process of co-optimization.

1 Introduction The tradeoffs between power and performance especially in embedded processors have attracted much attention. Although there have been many analytical models and simulators which address power or performance issue separately, there is still a need for a holistic model that provides insights into complex tradeoffs in an integrated manner. Because of the complexity, even integrated models tend to focus on a few processor components such as pipelines or the instruction queue without offering a system-wide view. In order to arrive at a more realistic system-wide view of the power-performance trade-off, we proposed an integrated model based on a previous performance model of superscalar processors. In that model, nearly all major processor components including instruction classes, instruction dependencies, the cache, the branch unit, the decoder unit, the central instruction buffer, the functional units, the retirement buffer, the retirement unit, and instruction issue policy were modelled. Later, we extended the model to out-of-order-issue processors. We further extended this performance model by linking the performance metrics with the dynamic capacitance of each processor components, thereby deriving the power consumption for each of the processor components and finally the processor as a whole. The major component of static power, leakage power [1, 7] was also incorporated in the model. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 868–878, 2006. c IFIP International Federation for Information Processing 2006 

Co-optimization of Performance and Power in a Superscalar Processor Design

869

We validated this model by comparing its predicted power consumptions with simulation over the same benchmarks using Sim-Wattch [4] and the results are on average within 10.9% accuracy. The average power consumption obtained by our model agrees with the measured result reported by Synopsys Power Compiler with a power library from Virginia Tech [12]. Our average result also agrees with analytical outcome of the Berkeley Advanced Chip Performance Calculator (BACPAC) [13]. We explain the definitions and results of the performance model in Section 3. We then present our power model in Section 5 and show how it is combined with the performance model. Section 6 describes the validation results. In Section 7, we interpret a co-optimization issue. Then we depict how the combined model handles the issue and other concrete tradeoffs for co-optimization. This is followed by a conclusion.

2 Related Work The performance component of our model resembles that of Noonburg and Shen [9] in terms of the similar separable components. Part of our model, namely the modelling of the instruction window, is based on the work of Pyun et. al. [10]. We go beyond their work by proposing a comprehensive model that accounts for all the key components of a state-of-the-art superscalar processor. In addition to many traditional issues such as performance, area, cost and reliability, power consumption has been recognized as a major concern of architects of portable and embedded computer processors. High level models have been proposed to identify areas of significant power density modelled by Cai [5]. The BACPAC calculator [13] also falls into the category. Bergamaschi and Wang [2] added power states and symbolic simulation into the calculation. These models are based on architectural complexity in terms of gate equivalents, activities in a circuit, instruction-level costs, behavior-level abstraction, or system-level power estimation. However, they did not consider powerperformance tradeoffs in an integrated way. Some unified approaches to address both the power and performance have been proposed recently. Brooks et. al. [3] introduced a measured metric called the powerperformance efficiency. Conte et. al. [6] separated architectural and technology components of dynamic power, and used a near-optimal search to tailor a processor design to different benchmarks. While Conte’s model used the trace-driven simulation to collect high level statistics about pipeline stages, our model dwells into greater details of each processor component. Their approach only considers a subset of the parameters accounted for in our integrated model. Most importantly, they do not account for the clock frequency. Some other unified approaches addressed part of parameters in our model. Srinivasan et. al. [11] focused on the pipeline optimization in terms of the best power-performance efficiency. Moreshet and Bahar [2] centered on the instruction issue queue. A recent work [16] briefed the model to integrate power and performance in an extended abstract. Another more recent work [17] focused on the co-optimization process without full details of proofs for the analytical model. In this paper, besides full details of the models, we provide for the first time, a generic solution to non-linear recurrences involved in the analytical model.

870

Y. Zhu, W.-F. Wong, and S¸. Andrei

3 Performance Model A multiple-class multiple-resource (MCMR) system is a queuing system where there are several classes of customers, each requiring a particular set of resources to service. To model a generic superscalar processor, we used a network of MCMR systems. Each stage of the pipelines contributes to the final results of the processor. The lowest throughput of all the pipeline stages is the bottleneck of the entire processor and determines the maximum possible throughput of the processor. We shall now recall the main results of the performance model. The throughput of the processor Θ is the minimum of the service rates of decoder unit (μdec ), central window (μwin ), and retirement unit (μret ): Θ = min{μdec , μret , μwin }.

(1)

Let Wdec denote the decode width, i.e. the maximum number of instructions that can be decoded in one cycle. Let I br be the average number of (non-branch) instructions between two branch instructions (inclusive of one of the branches), Tbr be the misprediction penalty time (the time taken to fetch and decode the correct instructions), pins,miss be the instruction cache hit ratio, tins,pen be the instruction cache miss penalty time, and pbr,prtd be the probability of a correct branch prediction. If I br < Wdec , the average decoding rate without overflow in the central window, μdec is: μdec =

C1 C2 +C3 ×tins,pen ×pins,miss

.

(2)

where C1 , C2 , and C3 are linear functions of I br , Tbr , Wdec , and pbr,prdt . The rest cases for I br and Wdec relations are available in [15]. Let Wret denote the retire width, i.e. the maximum number of instructions that can be retired in one cycle. Let D be the average dependence distance (inclusive of one of the instruction in the dependence) between two instructions that have a data dependence relation. Under an in-order retirement policy, the average retirement rate for D < Wret is given below: μret = (2×D)/(1 + Tdep ) ,

(3)

where the average time for an antecedent instruction to pass through functional units is: type 

(ti × Si )] × (1 + P dep ) .

Tdep = [

(4)

i

where type ∈ {ieu, f pu, lsu, br} is the set of types of functional units in the processor, namely the integer execution unit, the floating point unit, the load store unit and the branch unit. Si ∈ [0, 1] is the fraction of the total number of instructions that is executed on functional unit i for a given benchmark, and ti is the average service time of each functional unit of type i. Typically, tieu ∈ {1, 2}, tf pu ∈ {3, ..., 6}, tlsu = pd,prtd + tdat,pen × (1 − pd,prtd) and tbr = pi,prtd + tins,pen × (1 − pi,prtd). The parameters pd,prtd, pi,prtd ∈ [0, 1] represent the probabilities of the data cache prediction and the instruction cache prediction, respectively. These parameters are determined by benchmarks. Thus, they vary from one benchmark to another one.

Co-optimization of Performance and Power in a Superscalar Processor Design

871

In the model, the central window works as the instruction buffer. Instructions stay in the central window after they are decoded until they are issued. For out-of-order processors, any independent and ready instruction in the instruction window may be dispatched to an available functional unit. Given ρk,t (Zwin ) as the probability that k instructions of type t are issued from the window of size Zwin , then:  Ft μwin = type (5) k=1 (ρk,t (Zwin ) × k) . t and ρk,t (Zwin ) = Pk,t (Zwin ) × φpipe,t (k), where Pk,t (Zwin ) is the probability that k independent instructions are extracted from Zwin instructions and φpipe,t (k) is the probability that at least k pipeline units of type t are available [10, 15]. (Z

−1)

So, Pk,t (Zwin ) = Pk−1,t (Zwin − 1)×pt win + +Pk,t (Zwin − 1)×(1 − ptZwin −1 ) .

(6)

4 Solving the Recurrence Let us solve the above challenging non-linear recurrences (6) by abstracting the type t from it. In other words, we shall consider the simpler but an equivalent description of the non-linear recurrences. Initial cases (INI): P1 (1) = 1 and Pi (j) = 0, ∀ i > j; Recursive case (REC): Pk (Zwin ) = Pk−1 (Zwin − 1) × pZwin −1 + Pk (Zwin − 1) × (1 − pZwin −1 ) where k and Zwin are natural numbers, and p ∈ [0, 1]. In practice, usually k ∈ {1, ..., 10} and Zwin ∈ {4, ..., 20}. First, we show that the above recurrence has a finite number of iterations by determining the degree of the polynomial Pk (Zwin ) in variable p for any parameter k and Zwin . Moreover, for some particular cases, we can even point out the analytical form of that polynomial. For the polynomial P (X) given by a0 + a1 X+ ... +am X m , the following notations can be done: • deg(P ) = m if am = 0, that is, m is the maximum exponent of P with a non-zero coefficient. In this case, am is called the dominant coefficient; • deg(P ) = m if am = 0, that is, m is the maximum exponent of P with a non-zero coefficient. In this case, am is called the dominant coefficient; Lemma 4.1. The following relations hold for any k ≥ 2 and Zwin ≥ k: Zwin i+1 −1 i  p × (1 − pj ); (a) P2 (Zwin ) = (b) Pk (Zwin ) =

i=1 Zwin −k+1 i=1

j=Zwin −1

Pk−1 (Zwin − i) × pZwin −i ×

Zwin −i+1 

(1 − pZwin −j ).

j=1

Proof. (a) Considering the identity (REC) for k = 2, it follows that P2 (Zwin − i) = pZwin −1−i + P2 (Zwin − 1 − i) × (1 − pZwin −1−i ), for any i ∈ {0, ..., Zwin − 2}. According to (INI), the identity for Zwin − 2 is P2 (2) = p. By replacing P2 (2), ..., P2 (Zwin − 1), in this order, in the previous identities, it results the identity (a).

872

Y. Zhu, W.-F. Wong, and S¸. Andrei

(b) The identity is still a recurrence, but it is depending only in terms Pk−1 (Zwin −i), that is, both arguments are smaller than Pk (Zwin ). Considering the identity (REC) for Zwin , Zwin −1, ..., k, it follows that Pk (Zwin −i) = Pk−1 (Zwin −i−1)×pZwin −i−1 + Pk (Zwin − i − 1) × (1 − pZwin −i−1 ), for any i ∈ {0, ..., Zwin − k}. According to (INI), the identity for Zwin − k is Pk (k) = Pk−1 (k − 1) × pk−1 . By replacing Pk (k), ..., Pk (Zwin − 1), in this order, in the previous identities, it results the identity (b). The following result ensures the finiteness of (REC) by specifying deg, minDeg, as well as the dominant and subordinate coefficients for the polynomial Pk (Zwin ). Theorem 4.1. The following relations hold for any k ≥ 2 and Zwin ≥ k: Zwin (Zwin −1) (a) deg(Pk (Z and the dominant coefficient of Pk (Zwin ) 2 - win )) = . is (−1)k+n

Zwin −2 k−2

;

(b) minDeg(Pk (Zwin )) =

k(k−1) 2

and the subordinate coefficient of Pk (Zwin ) is 1.

Proof. We proceed by induction on k ≥ 2.

Base: k = 2. According to identity (a) of Lemma 4.1, the highest exponent of p in P2 (Zwin ) corresponds to p× p2 × ... ×pZwin −1 , so deg(Pk (Zwin )) = Zwin (Z2win −1) . Zwin (Zwin −1)

2 Moreover, the dominant coefficient is (−1) . The subordinate coefficient, as well as minDeg, can be easily obtained by considering i = 1 in identity (a) of Lemma 4.1.  Inductive Step: We suppose that (a) and (b) hold for any Pk (Zwin ), where k  < k,  Zwin < Zwin . Considering the identity (b) of Lemma 4.1, the subordinate coefficient can be obtained by taking i = Zwin − k + 1, that is, according to the inductive hypoth(k−1)(k−2) k(k−1) 2 × pk−1 = p 2 . esis, p To compute the dominant coefficient for Pk (Zwin ), we need to sum all the dominant the dominant terms for i = 1 to Zwin − k + 1. According to -the inductive . hypothesis, (n−i)(n−i−1) Zwin −i−2 k+Zwin −i−1 2 ×p × k−3 , ∀ i ∈ {1, term of Pk−1 (Zwin − i) is (−1)

..., Zwin − k + 1}. Applying the identity (b) of Lemma 4.1, it follows that the dominant k−3 i  Zwin (Zwin −1) 2 term of Pk (Zwin ) is (−1)k+Zwin × . Based on the k−3 × p i=Zwin −3 . m−1 m−1  Zwin −2 = = + , it follows that obvious combinatorial identity m j j j−1 k−2 . . k−3 i  Zwin −3 Zwin −3 + k−2 = ... = k−3 . Therefore, (a) and (b) hold for the k−3 i=Zwin −3

general case. The analytical form of the polynomial Pk (Zwin ) is very hard to be obtained. However, there are two general forms which allow that (Theorem 4.2). Theorem 4.2. For any k ≥ 2, we have Pk (k) = p p

k(k+1) 2

+

k(k+1) −1 2



i= k(k−1) 2

pi .

k(k−1) 2

and Pk (k + 1) = (1 − k)

Co-optimization of Performance and Power in a Superscalar Processor Design

873

Proof. Taking Zwin = k in (REC), it follows that Pk (k) = Pk−1 (k − 1) × pk−1 . By iterating this relation for k ≥ 1, it follows that Pk (k) = P1 (1)× pk−1 × ... ×p2 × p = k(k−1) p 2 . For obtaining Pk (k + 1), we proceed by induction on k. The case k = 2 holds obviously. According to (REC), we have Pk (k + 1) = Pk−1 (k)× pk + Pk (k)× (1 − k(k−1) pk ) = Pk−1 (k)× pk + p 2 × (1 − pk ). According to the inductive hypothesis, this (k−1)(k−2) (k−1)(k−2) k(k−1) +k +1+k 2 2 can be continued by p +p + ... +p 2 −1+k − (k − 2)× (k−1)(k−2) (k−1)(k−2) (k−1)(k−2) +k 2 2 2 +p −p , which is equivalent to what was needed to be p proved.

5 Power Model The power consumption of a resource consists of a dynamic and a static component, i.e., πtot,res = πstatic,res +πdyn,res . The static portion is given by πstatic,res = Istatic,res × Vdd . The leakage current Istatic,res is an exponential function of threshold voltage Vt (in mV) by Sylvester and Keutzer [14]: Istatic,res = 10 × ω × 10−Vt /95 .

(7)

where ω is the device width in micro meter. According to the formula, the static power increases with the downsizing process technologies. For any technology node, the static power takes a usually stable portion of the total power. Khouri and Jha [7] summarized the ratios of the static power over the total power based on 6 different circuits, which are listed in Table 1. For the dynamic power component, which is dependent on workloads, we used a model that is similar to that of several recent studies [2], [8]. We model dynamic power as a function of dynamic capacitance (Cres ), the supply voltage (Vdd ) and the clock frequency (Ω): 2 πdyn,res = Cres × Vdd ×Ω .

(8)

For each component of the processor, the capacitance is obtained by either using the same empirical formulas used by Sim-Wattch or by means of summing up the bit stream changes. With total dynamic capacitance and number of accesses of a resource, we can obtain the dynamic capacitance per access to the resource (Ca,res ) Table 1. The Proportions of Leakage Power in Total Power

Tech. 0.35μm 0.18μm 0.13μm 0.10μm 0.07μm

stat. pwr. /tot. pwr. stat. pwr./tot. pwr. without leakage opti. with leakage opti. 9.8% 6.6% 22.6% 11.7% 43.4% 26.9% 48.1% 25.5% 56.2% 25.1%

Vdd 3.3 1.8 1.5 1.2 0.9

874

Y. Zhu, W.-F. Wong, and S¸. Andrei

for each benchmark. The values of the various Ca,res used by the model are shown in Table 3. The total power of a processor is the sum of the power consumption by each resource/component. πdyn,tot = πwin + πret + πdec + πieu + πf pu + πlsu + πbr + +πicache + πdcache .

(9)

6 Validation of Models The earlier version of the performance model was for in-order-issue processors, and it was validated against the results measured physically on an UltraSPARC processor with an average error of 5.1%. This performance model was extended to out-of-order issue processors, and validated with SimpleScalar out-of-order issue simulated processor with a small average error of 5.9%. As further validations, we also compared our results with those of other power models. The BACPAC [13] calculator shows that the typical power consumption is 24.03 watts for a 5-million-transistor processor running at 600MHz and Vdd of 2.5V. The power consumption is close to the averaged analytical power of 27.38 watts. Using the same Vdd , clock frequency and a 0.25μm technology based power library by Sulistyo and Ha [12], we also obtained a total power of 32.1 watts reported by the Synopsys Power Compiler. for a similar RISC processor design in the scale. More details of the validations are available in [17]. The inputs to the performance model are given in Table 2. The capacitance parameters from Table 3 are inputs to our power model. Our architectural analysis yields values of Na,req,res : Na,req,win = 6, Na,req,regf ile = 2 and Na,req,dec = Na,req,ieu = Na,req,f pu = Na,req,lsu = Na,req,br = Na,req,icache = Na,req,dcache = 1. We assume the service rate of register file equals the one of retirement unit, that is μret = μregf ile . Table 2. Benchmark Characteristics for the performance model

Bench. Sieu Sf pu Sbr Slsu D I br P dep Tdep p q pins,miss pdat,miss

bzip2 equake mcf mesa vpr 45.7% 26.3 % 39.4 % 42.2 % 43.6 % 0.0% 15.3% 0.0 % 7.0 % 5.6 % 15.9% 6.1% 2.7 % 1.0 % 1.0 % 28.5% 41.5% 48.2% 53.4 % 53.4 % 1.996 1.955 2.016 1.873 1.911 7.26 6.69 3.65 4.18 4.74 0.562 0.504 0.620 0.425 0.589 1.972 2.403 2.085 2.248 2.187 0.438 0.4962 0.3802 0.5755 0.5178 0.991 0.975 0.995 0.95 0.983 0.0110 0.0343 0.0038 0.0296 0.0067 0.0227 0.0552 0.1589 0.0221 0.0820

Co-optimization of Performance and Power in a Superscalar Processor Design

875

Table 3. Capacitance (in 10−10 farad) Primitives for Our Power Model

Bench. Ca,win Ca,regf ile Ca,dec Ca,ieu Ca,f pu Ca,lsu Ca,br Ca,icache Ca,dcache

bzip2 equake mcf mesa vpr 0.631 0.898 1.004 0.762 0.769 2.665 3.806 4.527 3.330 3.590 0.421 0.603 0.614 0.485 0.501 16.32 24.09 26.18 19.56 20.33 16.32 24.09 26.18 19.56 20.33 2.527 3.981 4.087 3.912 3.035 38.90 53.14 37.39 28.84 43.83 2.751 3.911 3.846 3.152 3.194 17.09 27.02 27.72 27.35 24.33

7 Co-optimization Applications of the Models We shall now show by examples how the model can be used to explore the design space to reach a co-optimized solution. A Co-optimization Issue: To co-optimize power and performance, we need to minimize πdyn,tot in (10), while maximizing the throughput in terms of number of instructions per second, i.e. Θ × Ω. Firstly, we let the user set an upper limit, πU say, i.e. πdyn,tot ≤ πU . Within this constraint, we seek to maximize Θ in (1) along with varying Ω. In short, this approach is to maximize the throughout under a power budget. In order to obtain the configuration with the least energy consumption for a computation, we look for the minimal total energy to finish the task whose number of instructions is ni . Let πu,x be the upper power limit for the x-th optimization case, the constraint πdyn,tot ≤ πu,x ≤ πU should hold when seeking for the maximum performance θ × Ω. If such a case x exists, then the time to execute the application is ni /(θ × Ω). Consequently, this will also yield the minimal total energy, at the x-th case where the power is πdyn,tot : Ex = ni × πdyn,tot /(θ × Ω)

(2)

Impact of Clock Frequency: We will now use bzip2 as an example to show how co-optimization is achieved. To begin, we set an upper bound on the dynamic power, πdyn,U = 25 watts. The co-optimized solution is obtained by the following search procedure: 1. Read the performance values of 256.bzip2 from Table 2: {Sieu = 0.457, Sf pu = 0.0, Slsu = 0.285, Sbr = 0.159, D = 1.9960, I br = 7.26, pdep = 0.562, pins,miss = 0.0110, pdat,miss = 0.0227, pd,prtd = 1−pdat,miss , pi,prtd = 1−pins,miss , pbr,prtd = 1 − pins,miss }. These benchmark specific parameters along with architectural parameters {tieu = 1, tf pu = 3, tdat,pen = 3, tins,pen = 2, Zwin = 8, type = 4, Wdec = 4} are fed into (2), (3) and (5) to obtain μdec , μret , and μwin then μlsu = μdec × Slsu , μicache and μdcache.

876

Y. Zhu, W.-F. Wong, and S¸. Andrei

2. For the power constraint on the dynamic power, πu,x from 25 watts down to 1 watt in steps of −1 watt do: 2.1. For each clock frequency Ω from 100 to 600 MHz at a step of 100 MHz, we repeat the following steps to obtain the maximum performance θ × Ω under the power constraint of 25 watts. 2.1.1. With the above performance service ratios of resources and Ω, we obtain πres in (8), where Ca,res is obtained from Table 3. 2.1.2. Sum up πres for all components. If the total πdyn,tot is less than πu , then we have found a configuration within the constraints. We also note down the performance θ × Ω and πdyn,tot . 3. Find the maximum of θ × Ωi and its associated πdyn,tot and Ωi . Impact of Leakage Power: Using our model, we can study the impact of leakage power on the maximum clock frequencies and dynamic power consumptions If we vary the clock frequencies while keeping the rest parameters fixed, we can obtain clear changes in both leakage power and dynamic power. We find the leakage power without optimization grows consistently along with the reduction of feature size. For the technology node of 0.07μm, the leakage power overtakes the dynamic power as the dominant power factor. This trend hinders the increase of clock frequencies which ranges from 400 Mhz for 0.35μm technology to 3 Ghz for 0.07μm technology. With optimizations [7] on leakage power, the total power budget can be more effectively spent on the dynamic power consumption. The leakage power will be kept lower than the dynamic power. The maximum clock frequency for 0.07μm technology can be improved to 5.2 Ghz. Projection of Minimum Dynamic Power: We also apply our model to gauge the minimum dynamic power for different benchmarks. We keep the processor configuration fixed, and seek for a possible low for a certain workload. In practice, we use the service rates of resources μres and the capacitance primitives of resources Ca,res in Table 3 to obtain the dynamic capacitances of resources Cres . The dynamic power πdyn,res is obtained by feeding Cres , Vdd and Ω into Equ. (8). For example, the minimum Ca,win for the instruction window is 0.631 (10−10 farad) in Table 3, and the minimum μwin for the instruction window is 1.548. Along with the average number of access to the instruction window per request, Na,req,win = 6, we obtain the minimum Ca,win as Ca,win = 0.631 × 10−10 × 1.548 × 6 ≈ 5.861 × 10−10 . Then the minimum πdyn,win = 5.861 × 10−10 × 2.52 × 600 × 106 ≈ 2.198 watts. The minimum total dynamic power of 15.81 watts is found by repeating the above process for all the resources. This bound implies that the processor dynamic power can be reduced to lower than the bound with proper scheduling and choice of workloads.

8 Conclusion In this paper, we raise an approach to power and performance co-optimization using our unified model accounting for both issues. Validation against an established power simulator using large SPEC2000 benchmarks indicates the accuracy of the model. The results are also in agreement with previous analytical studies and experimental results.

Co-optimization of Performance and Power in a Superscalar Processor Design

877

In the process of co-optimization, we showed the impact of leakage power on the performance improvements for different technology nodes. We also obtained a bound of the minimum dynamic power. In addition, we found that the clock frequency is the dominant factor compared to the cache, instruction window and functional units in improving performance under dynamic power constraints. These results illustrate our model is a useful tool for designers to make power-aware decisions at early stages of co-optimization.

References 1. F. A. Aloul, S. Hassoun, K. A. Sakallah, and D. Blaauw. Robust sat-based search algorithm for leakage power reduction. In Proc. of the 12th Int’l Workshop on Integrated Circuit Design, Power and Timing Modeling, Optimization and Simulation, pages 167–177. SpringerVerlag, 2002. 2. R. N. Bergamaschi and Y. W. Wang. State-based power analysis for systems-on-chip. In Proc. of the 40th Int’l Design Automation Conference (DAC-40), pages 638–641, June 2003. 3. D. Brooks, P. Bose, S. Schuster, H. Jacobson, P. Kudva, A. Buyuktosunoglu, J. Wellman, V. Zyuban, M. Gupta, and P. Cook. Power-aware microachitecture: Design and modeling challenges for next-generation microprocessors. Micro, IEEE, 20(6):26–44, NovemberDecember 2000. 4. D. Brooks, V. Tiwari, and M. Martonosi. Wattch: A framework for architectural-level power analysis and optimizations. In Proc. of 27th Ann. Int’l Symp. Computer Architecture (ISCA), pages 83–94. IEEE Computer Society Process, Los Alamitos, California, USA, 2000. 5. G. Cai and C. Lim. Architectural level power/performance optimization and dynamic power estimation. In Cool Chips Tutorial Colocated with the 32nd Annual IEEE/ACM Int’l Symp. on Microarchitecture (MICRO-32), November 1999. 6. T. Conte, K. Menezes, S. Sathaye, and M. Toburen. System-level power consumption modeling and tradeoff analysis techniques for superscalar processor design. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 8(2):129–137, 2000. 7. K. Khouri and N. Jha. Leakage power analysis and reduction during behavioral synthesis. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 10(6):876–885, December 2002. 8. T. Moreshet and R. I. Bahar. Power-aware issue queue design for speculative instructions. In Proc. of the 40th Int’l Design Automation Conference (DAC-40), pages 634–637, June 2003. 9. D. Noonburg and J. Shen. Theoretical modeling of superscalar processor performance. In Proc. of 27th Annual IEEE/ACM Int’l Symposium on Microarchitecture (MICRO-27), pages 53–62, 1994. 10. Y. Pyun, C. Park, and S. Choi. The effect of instruction window on the performance of superscalar processors. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, E81A(6):1036–1044, June 1998. 11. V. Srinivasan, D. Brooks, M. Gschwind, P. Bose, V. Zyuban, P. N. Strenski, and P. G. E. Sylvester. Optimizing pipelines for power and performance. In Proc. of MICRO-35, pages 333–344, November 2002. 12. J. Sulstyo and D. S. Ha. A new characterization method for delay and power dissipation of standard library cells. VLSI Design, 15(3):667–678, 2002. 13. D. Sylvester, W. Jiang, and K. Keutzer. Bacpac - Berkeley Advanced Chip Performance Calculator. In Available online, http://www.eecs.umich.edu/ dennis/bacpac/, 1998. 14. D. Sylvester and K. Keutzer. Getting to the bottom of deep submicron. In Proc. of Int’l Conference on CAD, pages 203–211, November 1998.

878

Y. Zhu, W.-F. Wong, and S¸. Andrei

15. Y. Zhu and W. Wong. Sensitivity analysis of a superscalar processor model. In Proc. of the 7th Asia-Pacific Computer Systems Architectures Conference, Melbourne, Australia, pages 109–118, January 2002. 16. Y. Zhu, W. Wong, and S. Andrei. An integrated performance and power model for superscalar processor designs. In Proc. of IEEE Asia South Pacific Design Automation Conference (ASPDAC) 2005, Shanghai, China, pages 948–951, 2005. 17. Y. Zhu, W. Wong, and C. Koh. A performance and power co-optimization approach for modern processors. In Proc. of 5th Int’l Conference on Computer and Information Technology (CIT) 2005, Shanghai, China, pages 822–828, 2005.

FAST: An Efficient Flash Translation Layer for Flash Memory Sang-Won Lee1, Won-Kyoung Choi2, and Dong-Joo Park3 1

School of Information and Communication Engineering, Sungkyunkwan University, Korea [email protected] 2 Mobile Communication Division, Telecommunication Network Business, Samsung, Korea [email protected] 3 School of Computing, Soongsil University, Korea [email protected]

Abstract. Flash memory is used at high speed as storage of personal information utilities, ubiquitous computing environments, mobile phones, electronic goods, etc. This is because flash memory has the characteristics of low electronic power, non-volatile storage, high performance, physical stability, portability, and so on. However, differently from hard disks, it has a weak point that overwrites on already written block of flash memory is impossible to be done. In order to make it possible, an erase operation on the written block should be performed before the overwrite, which lowers the performance of flash memory highly. In order to solve this problem, the flash memory controller maintains a system software module called the flash translation layer(FTL). In this paper, we propose an enhanced log block buffer FTL scheme, FAST(Fully Associative Sector Translation), which improves the page usability of each log block by fully associating sectors to be written by overwrites to the entire log blocks. We also show that our FAST scheme outperforms the previous log block buffer scheme. Keywords: Operating Systems, Flash memory, FTL, Address translation, Associative mapping.

1 Introduction Flash memory is being rapidly deployed as data storage of PDAs, MP3 players, mobile phones, digital cameras, mainly because of its small size, low-power consumption, shock resistance, nonvolatile memory, and so on: [2], [6]. Moreover, compared to hard disk with the inevitable mechanical delay, such as seek time and rotational latency, in accessing data, flash memory provides fast uniform random access. However, flash memory suffers from the write bandwidth problem. That is, a write operation is relatively slower than a read operation, and the write operation may have to be preceded by an erase because overwrite is not allowed in flash memory. Unfortunately, write operations can be performed in a unit of sector, while erase operations can be done only in a unit of block of which the size is significantly larger than that of sector. Therefore, the cost of an erase operation is very costly, compared X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 879 – 887, 2006. © Springer-Verlag Berlin Heidelberg 2006

880

S.-W. Lee, W.-K. Choi, and D.-J. Park

to that of read or write operations1. These inherent characteristics of flash memory reduce the write bandwidth, which is the performance bottleneck in flash memorybased mobile devices. To relieve this performance bottleneck, it is very important to reduce the number of erase operations resulting from write operations. So a middleware called a flash translation layer(FTL) has been introduced between its upper-level file system and its lower-level flash memory: [3], [5], [6], [7]. The FTL plays a role of preparing empty locations in flash memory where to store data submitted by write operations. The well-designed FTL may soften the limitation of “erase-before-write” above. Among the various FTL schemes proposed so far, the log block scheme[6] is wellknown for its good performance[1]. This scheme maintains a small size of log blocks in flash memory as temporary storage for overwrites. If a collision, namely an overwrite, happens at a certain location of flash memory, this scheme writes data to an empty location in a dedicated log block, not erasing the corresponding block. Since these log blocks plays a role of cushions against overwrites, the log block scheme can significantly reduce the number of total erase operations against the same workload. However, when a collision occurs, only a dedicated log block has to be used to store data. Due to the lack of log blocks, they have to be frequently replaced for other collisions. Unfortunately, most of the log blocks being replaced, usually has many unused empty locations. That is, the space usage rate of each log block is low. In this paper, we try to make such space usage rate high and therefore, improve the performance of write operations in the flash memory system. In order to increase the space usage rate of the log blocks in the log block scheme, we see the role of log blocks with a different perspective. If we view the log blocks in [6] as “a cache for write operations”, each of logical sectors to be overwritten is mapped to only one log block, that is, the log block scheme writes each sector to its dedicated log block. In this respect, the address associativity between logical sectors and log blocks is of block-level. Thus, we call the log block scheme in [6] the BlockAssociative Sector Translation (hereafter, BAST) scheme. In this paper, we propose a novel FTL scheme, of which the main motivation is that the block-level associativity of the BAST scheme results in a poor write performance. If we make a degree of the associativity between logical sectors and log blocks higher, we can avoid the write performance degradation. In our scheme, a logical sector can be placed in any log block, so we call our scheme the Fully Associative Sector Translation (from now on, FAST) scheme. As in the computer architecture’s CPU cache realm [4], if we view the log blocks as a kind of cache for write operations and enlarge the associativity, we can avoid write miss ratio and therefore achieve a better FTL performance. The remainder of this paper is organized as follows. The next section gives an overview of the BAST scheme and its disadvantages. A detailed description of our proposed FAST scheme, including its fundamental idea, is presented in the following section. Next, we compare the performance of our scheme with that of the BAST scheme. Finally, we conclude this paper and provide future work. 1

Per-page costs of read, write, and erase operations are 25us, 300us, and 2ms, respectively, where the size of a page is 512Bytes[6].

FAST: An Efficient Flash Translation Layer for Flash Memory

881

2 The BAST Scheme 2.1 Overview In this subsection, we will briefly review the BAST scheme[6]. The file system views flash memory as a set of logical sectors; that is, a hard-disk-like block device. So the write interface of FTL is defined as follows: write(lsn, sector), which means “write a given sector to the location of the logical sector number lsn ”. On receiving a write request from the file system, the FTL finds a physical location in flash memory to write the sector as follows: it first calculates the logical block number(shortly, lbn) using the given lsn 2 and then gets the physical block number(shortly, pbn) corresponding to lbn from the block-level mapping table 3 . Next, it calculates the offset in the found physical block at which the sector data will be written4. Finally, it writes the sector at the found offset in the data block(which is another representation of the physical block). If the found offset in the data block was already occupied(that is, written) by one of the previous write operations, the FTL writes the given sector at the same offset in a free block allocated from the free block list. Next, all written sectors in the data block except the sector at the found offset are copied to the free block. Finally, the FTL erases the data block and returns it to the free block list. Whenever a collision between the current write and the previous writes occurs, a large number of sector copies and an erase are required. A series of these-like operations is called the merge operation. To address this problem, many FTL techniques have been provided and of them, the BAST scheme is well-known as de facto the best FTL technique[1]. When collisions occur, the BAST scheme writes data to temporary storage, namely log blocks, which consequently reduces the number of merge operations. In the following, we describe the BAST scheme in detail using an example. In Fig. 1, let the number of sectors per block be four and the number of log blocks two. In the figure, the upper-left part indicates a sequence of writes issued from the file system and the upper-center and the upper-right parts show the block-level and the page-level address mapping tables, respectively, which are usually maintained in SRAM area of the flash memory. If the first write operation is called in the figure, the BAST algorithm gets data block 10 from the block-level address mapping table using logical block 1(= 4 div 4). Then it stores a given sector at offset 0(= 4 mod 4) in the data block 10. In case of the second write operation, the same thing as the first write operation is done. In case of the third write operation, a collision occurs in the data block 10, therefore the sector is written at the first offset in a log block(i.e., pbn=20) which is allocated to logical block 1 from the log block list. In case of the fourth write operation, the sector is directed to the next empty offset in the existing log block. The rest of the writes will make the second log block(i.e., pbn=30) and the sector-level address mapping table in the figure. 2

lbn = (lsn div #sectors_per_block). The BAST scheme holds two block-level and page-level address mapping tables, which exist in the data block area and the log block area, respectively. 4 offset = (lsn mod #sectors_per_block). 3

882

S.-W. Lee, W.-K. Choi, and D.-J. Park write(4, write(5, write(4, write(4,

Sequence of writes from file system

…) …) …) …)

Block-level mapping table for data blocks

write(8, …) write(9, …) write(10,…) write(11,…)

Sector-level mapping table for log blocks

lbn

pbn

lbn

pbn

lsns

0

5

1

20

{4, 4}

1

10

2

30

{8, 9, 10, 11}

2

11

write(8, …) write(9, …) write(10,…) write(11,…) pbn=9

pbn=10

pbn=11

pbn=12

Data block Area

Sector area 4

Log block Area

pbn=20

4

4

5

8

9

10 11

8

9

10

Spare area

11

pbn=30

Log block group

Fig. 1. Processing write operations in the BAST scheme

A collision can occur in other data blocks, for example, data block 12 in Fig. 1. In this case, since there exists no more log block to be allocated, the BAST scheme selects, erase, and return one of the used log blocks. Before returning the victim log block, it needs to perform a merge operation in the original data block and it. That is, the up-to-date sectors between the two blocks are copied to a free block, which is then exchanged with the data block. At the same time, the block-level address mapping table has to be updated and the entry corresponding to the victim log block in the sector-level address mapping table has to be removed. After that, both the victim block and the data block are erased and one is returned to the log block list and the other to the free block list. One interesting fact is that, depending on the status of the victim log block, the merge operation can be optimized. For instance, in Fig. 1, all sectors in the log block of pbn=30 are sequentially written and the number of them equals the capacity of a block. In this case, any copy to the free block is not required, instead only the exchange of the victim log block with the data block is required. This operation is called especially the switch operation. 2.2 Another View of the Log Block Scheme: A Cache for Writes Here, let us briefly remind readers of the basics of the CPU cache. Because of the principle of locality in data access of computer programs(that is, reads and writes)[4], a small cache, combined with the memory hierarchy, can provide users with a very fast, very large, but very cheap memory system(Fig. 2(a)). In this respect, the log blocks in the log block scheme can be also viewed as a kind of cache for the write operations(Fig. 2(b)). In the occurrence of collisions, by writing sectors in the log

FAST: An Efficient Flash Translation Layer for Flash Memory

883

blocks, namely the cache, instead of original data blocks, we can complete the write operation much faster. By the way, there is the associativity issue between memory and cache, as depicted in Fig. 2(a), that is, where can a memory block be placed in the cache? There are various associativities, including direct mapped, n-way associative, and fully associative[4]. With the “direct mapped” approach, a memory block can be placed only in a fixed cache block via a mathematical formula, while the “fully associative” approach allows a block to be placed anywhere in the cache. Borrowing these implications, we can say that the log block scheme takes the block-associative sector translation approach, in that overwrite operations for the sectors belonging to the same logical block can be allowed only in one log block allocated to this logical block(Fig. 2(c)). Directed mapping Block no.

vs. Fully associative mapping 0 1 2 3 4 5 6 7

0 1 2 3 4 5 6 7

Block no.

Cache

Mapping = (Block no.) mod (# of Blocks in cache)

A block can be placed anywhere in the cache

1

Block no.

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3

Original data blocks

Log blocks = a cache for writes

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3

(a) Associativity between memory and CPU cache

(b) Log blocks: a cache for write operations

Sectors in one logical block can be mapped to only one log block

Flash memory Block no.

2

2 3

Memory

Block no.

0

Flash memory

0

3

1 2

1 0

3

1

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3

Original data blocks

Log blocks

(c) Block associativity in the log block scheme

Sectors in one logical block can be mapped to any log blocks 0

Flash memory

1 2 3

Block no.

1 3 0 1

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 0 1 2 3 4 56 7 8 9 0 1 2 3

Original data blocks

Log blocks

(d) Full associativity between logical sectors and log blocks

Fig. 2. CPU cache vs. log blocks: associativity

2.3 Disadvantages This block-level associativity of the BAST scheme gives rise to at least two performance problems. One of them is analogous to the high miss ratio in direct mapped associativity. If the cache, namely log blocks in flash memory, cannot accommodate all collisions during the execution of a program(especially, writes for hot blocks in flash memory), capacity misses will occur because of block thrashing[4]. In fact, the BAST scheme can suffer from similar thrashing problem. For instance, assume that two blocks with four sectors per block each are allocated for the cache and that the write pattern is like (S0, S4, S8, S12, S0, S4, S8, S12) where Si

884

S.-W. Lee, W.-K. Choi, and D.-J. Park

is the sector number for the write operation. For every writes from the second S0, the BAST scheme should replace one of the two log blocks, although the victim log block contains just one sector. We refer to this phenomenon as log block thrashing. These replacements will accompany costly merge operations. Another performance problem stems from block-level associativity. Assume that under the same cache above, write operations for one hot logical block occur successively, e.g., the write pattern is like (S0, S2, S1, S3, S1, S0, S2, S3)5. In the BAST scheme, for every 4th write, the log block allocated to the hot logical block should be merged with its original data block, although the other log block is idle. In summary, the log block scheme might work poorly against the continuous write operations for one hot block during a given time window.

3 FAST: A Log Buffer Scheme Using Fully Associative Sector Translation 3.1 Motivation Based on the discussion in Section 2.3, we can think of a natural variation of the log block scheme: what if we take the fully associative approach in mapping logical sectors to log blocks. In this approach, a logical sector can be placed in any log blocks, which gives two performance optimization opportunities. The first one is to alleviate log block thrashing. Even if the number of different hot logical blocks in a given time window is greater than that of log blocks, the higher degree of associativity between logical sectors and log blocks can help reduce the miss ratio of empty sectors used for overwrites. This is very similar to the reduction in cache miss ratio when the associativity is increased. For example, the write pattern (S0, S4, S8, S12, S0, S4, S8, S12) in Section 2.3 does not require any block replacement under the fully associative approach, which thus does not yield any erase or merge operations. The second (and more important) optimization opportunity is to reduce the number of merge operations which happen when the log blocks has no empty sector. Let us consider the write pattern (S0, S2, S1, S3, S1, S0, S2, S3) from Section 2.3 again. If we adopt fully associative mapping, only two log blocks are sufficient to place all sectors of the write pattern. So, we can avoid costly merge operations for every 4th write(which occur in the BAST scheme) and can also delay the merge time until all the empty sectors in the log blocks are wholly used. In summary, even under an environment that a certain logical block is very hot in a given time window, the full associativity approach inhibits the occurrence of merge operations. Even though these optimizations might seem to be very naïve, its performance impact is big. You can understand the advantages of full associativity between logical sectors and log blocks more clearly as you proceed with this paper.

5

The hot logical block number is 0.

FAST: An Efficient Flash Translation Layer for Flash Memory

885

3.2 Handling the Write Operations Under the FAST Scheme In this subsection, we explain how the FAST scheme handles the write operations issued from the file system. From the trace data of mobile devices like digital cameras, we can find that a large number of sectors are sequentially written by the file system, e.g., write pattern is like (S0, S1, S2, S3, …) and in the middle of sequentially written sectors, sectors of a special sector area are written randomly and repeatedly. Generally, most of workloads traced from the flash memory systems consist of a large number of sequential writes and relatively small random overwrites. In order to cope with these write patterns, the log blocks are, in the FAST scheme, divided into two areas: one log block for sequential writes and the rest ones for random writes. The advantage of occupying one log block for sequential writes is that we can induce switch operations(in Section 2.1) cheaper than merge operations. In order for a log block to be a target of the switch operation, it must satisfy the following two conditions: (1) the sector number(i.e., lsn) at the first offset in the log block must be divided by the number of sectors per block(say, 4), that is, lsn mod 4 = 0 and (2) the log block must be filled up with the sectors which are sequentially written from the first to the last offsets. We try to place into the log block for sequential writes only the sectors which will satisfy both conditions potentially.6 If a sector with the different logical block number shows up and satisfies the first condition, the existing sectors should be expelled from the log block for the new sector. However, in case of not satisfying the first condition, it will be placed into the log blocks for random writes. If, in the middle of filling up with the sectors, a desirable log block fails, in other words, not satisfying the second condition, we execute a merge operation between the failed log block and its original data block(to be explained later). When collisions occur in data blocks, the corresponding sectors can be placed into any log blocks under the FAST scheme, as shown in Fig. 2. However, for the sake of managing the log blocks conveniently, we first fill up with the sectors into the first one of the log blocks for random writes, followed by the second one, and so on. If there is no more available empty space in the last log block, we select a victim log block in a round-robin fashion and then perform the merge operation between this victim block and its original data block. In turn, an erased log block will be returned to the log blocks for random writes. We classify the merge operations into two types: for the log block for sequential writes and for the log blocks for random writes. In the former case, according to an appearance of the log block, the merge operation can be cheaper, that is, only one erase operation is required. For example, assume that the log block appears like “S4, 1, S6, -1” where -1 indicates “no sector written”. In this case, we copy corresponding sectors from its original data block into locations with -1’s and next exchange the updated log block with its original data block. Finally, we erase the original data block and use it as a log block for sequential write. Regarding the merge operation for random writes, it is more or less difficult. A victim log block can contain sectors 6

For instance, the write pattern(…, S4, S5, S6, S7, …) will satisfy the two conditions. On the other hand, the write patterns (…, S6, S7, S8, S9, …), (…, S4, S5, S5, …), or (…, S4, S6, S7, …) will not satisfy.

886

S.-W. Lee, W.-K. Choi, and D.-J. Park

whose logical block numbers differ from one another, for example, “S1, S8, S3, S9”. In this case, since two different groups of logical blocks, i.e., “S1, S3” and “S8, S9” exist in the victim, we have to perform two merge operations. Each merge operation is analogous to that of the BAST scheme, except that up-to-date sectors to be copied to a free block are searched from the overall log blocks for random writes. After that, for every up-to-date sector, not only its sector number but sector numbers of all the sectors older than it are changed into -1(meaning invalid) at their offsets of the corresponding log blocks. This helps us avoid merge operations when finding invalid marks in coming victim log blocks. In order to lessen the cost of performing the two types of merge operations above, we maintain two sector-level address mapping tables, respectively, each of which records what sectors are written to what offsets in the log block(s).

4 Performance Evaluation To make a comparison of FAST with BAST, we performed trace-driven and sampledriven simulations using three workloads in Table 1[6]. As shown in Table 1, the three workloads A, B, C include the various spectrum of the ratio of sequential writes to random writes, respectively. We use the number of erase operations as a performance metric. Fig. 3 shows the results of the simulations, with varying the number of log blocks. In the figure, the FAST scheme shows better performance than the BAST scheme, especially in the workload C(which contains mostly random writes). This is because the FAST scheme exploits fully the log block buffer for any type of workloads as mentioned in Section 3. Table 1. Workload characteristics

Workload

Description

# of writes

A

Traced from a notebook computer running Linux

398,000

B

Traced from a digital camera

3,144,800

C

Generated synthetically

150,000











HUDV HV

 

%$67



)$67

 

 HU DVH V



 

%$67



)$67





HUDVHV



 %$67



)$67

 



















OR J  E OR F N V

(a) Workload A





















 OR J  E OR F N V

(b) Workload B Fig. 3. Simulation results

ORJ EORF N V

(c) Workload C



FAST: An Efficient Flash Translation Layer for Flash Memory

887

5 Conclusions In this paper, we proposed a novel FTL scheme, called FAST, which outperforms the well-known log block scheme. Its performance advantage mainly comes from the full associativity between logical sectors and log blocks. By doing this, it can 1) avoid log block thrashing phenomenon, 2) delay merge operations to the maximum, and 3) skip many unnecessary merge operations. With only 4 to 8 log blocks in the FAST scheme, we can achieve the same performance result as the BAST scheme with more than 30 log blocks. In the future, we will exploit some more optimization opportunities from the full associativity. Also, we will investigate how to achieve the atomicity of file system operations when the power goes off unexpectedly[6]. Acknowledgments. This work was supported in part by MIC & IITA through IT Leading R&D Support Project, in part by the Ministry of Information and Communication, Korea under the ITRC support program supervised by the Institute of Information Technology Assessment, IITA-2005-(C1090-0501-0019), and also supported partly by Seoul R&D Program(10660).

References 1. Tae-Sun Chung, Dong-Joo Park, Sang-Won Park, Dong-Ho Lee, Sang-Won Lee, Ha-Joo Song: System Software for Flash Memory: A Survey, In Proceedings of the 2006 IFIP International Conference on Embedded And Ubiquitous Computing(2006) 2. F. Douglis, R. Caceres, F. Kaashoek, K. Li, B. Marsh, JA. A. Tauber: Storage Alternatives for Mobile Computers, In Proceedings of the 1st Symposium on Operation Systems Design and Implementation(1994) 3. Petro Estakhri, Berhanu Iman: Moving Sequential Sectors within A Block of Information in A Flash Memory Mass Storage Architecture, United States Patent, No. 5,930,815(1999) 4. John L. Hennessy, David A. Patterson: Computer Architecture: A Quantitative Approach (2nd ed.), Morgan Kaufmann(1996) 5. Bum Soo Kim, Gui Young Lee: Method of Driving Remapping in Flash Memory and Flash Memory Architecture Suitable Therefore, United States Patent, No. 6,381,176(2002) 6. Jesung Kim, Jong Min Kim, Sam H. Noh, Sang Lyul Min, Yookun Cho: A Space-Efficient Flash Translation Layer for CompactFlash Systems, IEEE Transactions on Consumer Electronics, Vol. 48, No. 2(2002) 7. Takayuki Shinohara: Flash Memory Card with Block Memory Address Arrangement, United States Patent, No. 5,905,993(1999)

A Novel Discrete Hopfield Neural Network Approach for Hardware-Software Partitioning of RTOS in the SoC Bing Guo1,*, Yan Shen2, Yue Huang3, and Zhishu Li1 1

School of Computer Science & Engineering, SiChuan University, ChengDu 610065, China [email protected] 2 School of Mechatronics Engineering, University of Electronic Science and Technology of China, ChengDu 610054, China [email protected] 3 Software College, Kyungwon University, Songnam, Gyeonggi-Do 405-760, South Korea [email protected]

Abstract. The hardware-software automated partitioning of a RTOS in the SoC (SoC-RTOS partitioning) is a crucial step in the hardware-software co-design of SoC. First, a new model for SoC-RTOS partitioning is introduced in this paper, which can help in understanding the essence of the SoC-RTOS partitioning. Second, a discrete Hopfield neural network approach for implementing the SoC-RTOS partitioning is proposed, where a novel energy function, operating equation and coefficients of the neural network are redefined. Third, simulations are carried out with comparisons to the genetic algorithm and ant algorithm in the performance and search time used. Experimental results demonstrate the feasibility and effectiveness of the proposed method. Keywords: Hardware-software partitioning, RTOS, SoC, Hopfield neural network.

1 Introduction As a new type of embedded systems, a SoC (System-on-a-Chip) almost implements the functionality of an overall computer system in a single IC (Integrated Chip). In general, embedded software in the SoC is composed of RTOS (Real-time Operating System) and embedded application software. The RTOS in the SoC is shortly called SoC-RTOS. Recently, the SoC becomes more and more popular in the market, according to its architecture, SoC-RTOS functionality doesn’t need to be implemented solely by software, whereas some functions of SoC-RTOS can be implemented by hardware. This can greatly improved the performance of SoC-RTOS. Thus, hardware-software automated partitioning of the SoC-RTOS (SoC-RTOS partitioning) is significant to the SoC design, i.e. determining which components of the SoC-RTOS should be realized in hardware and which ones should be in software. It should be *

Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 888 – 897, 2006. © IFIP International Federation for Information Processing 2006

A Novel Discrete Hopfield Neural Network Approach

889

pointed out that the SoC-RTOS partitioning techniques is one of the most crucial design steps in the SoC hardware-software co-design (HSCD) methodologies, and have a dramatic effect on the whole cost and performance of the SoC final design. Besides, the SoC-RTOS partitioning is also an important foundation of reconfigurable RTOS, application-specific RTOS and RTOS automatic generation research and development [1]. Along with a growth of complexity in embedded system design, traditional methods demonstrate their weakness in automate partitioning. This motivates some studies on solving this problem in the past, e.g., Gupta and De Micheli developed an iterative improvement algorithm to partition real-time embedded systems between a coprocessor and a general-purpose processor [2]; Eles et al. proposed a simulated annealing and taboo search hardware-software partitioning algorithm [3]; Saha et al. applied a genetic algorithm for hardware-software partitioning [4]; Filho et al. designed a Petri Nets based approach for hardware-software partitioning of embedded system [5]; Xiong et al. suggested a dynamic combination of genetic algorithm and ant algorithm for hardware-software partitioning of embedded systems [6]; Arató et al. presented an algorithm based on integer linear programming to solve the partitioning problem optimally even for quite big systems [7]; Stitt et al. considered a solution for dynamic hardware-software partitioning [8]. In [9], Mooney III presents a δ hardware-software generation framework for the SoC, which provides with automatic hardware-software configurability of the RTOS between a few pre-designed partitions, e.g., SFR (Special Function Register), RTU (Real-Time Unit), LC (Lock Cache), DDU (Deadlock Detection Unit) and DMMU (Dynamic Memory Management Unit). These hardware facilities, which realize the task management and IPC (Internal Procedure Call) of the RTOS, remarkably improve the performance of the multi-task SoC-RTOS. Meanwhile, a SystemWeaver module in the multi-core SoC architecture is designed in [10], which acts as a hardware task controller to implement the task list management and IPC of RTOS. In fact, many modern CISC and RISC microprocessors, such as Intel Corporation’s Pentium and ARM Corporation’s ARM, also provide some special control registers and its corresponding hardware circuits to support the process switch and IPC for RTOSs and other general-purpose OSs (Operating System), e.g., Windows and Linux. However, these SoC-RTOS partitioning solutions in [9] and [10] are based on experience and difficult to guarantee an optimal partitioning. In order to further facilitate the advance of the RTOS, SoC and microprocessor, it is imperative to explore some theoretical aspects of the SoC-RTOS partitioning. Due to the characteristics of the SoC-RTOS, the SoC-RTOS partitioning is quite different from the partitioning of embedded systems and SoCs. Usual hardwaresoftware partitioning methods are inadequate for such SoC-RTOS partitioning tasks in many aspects. The composition of hardware and software elements in the SoCRTOS creates some new problems, such as modeling the SoC-RTOS, refining constraints and multi-object conditions, designing an appropriate optimization algorithm, evaluating the partitioning results, and system architecture issues. In this paper, we focus on the optimization algorithm development and design of SoCRTOS partitioning [11].

890

B. Guo et al.

2 Description of the SoC-RTOS Partitioning Problem The SoC-RTOS partitioning is a NP-complete problem, which main objective is to optimally allocate the functional behavior of the RTOS to the hardware-software system of the SoC under constraints. The SoC-EOS partitioning also can be considered a part of the SoC-EOS hardware-software co-synthesis in some literatures. The functional behavior of the SoC-RTOS can be modeled by a task graph. For software, a task is a set of coarse-grained operations with definite interface, which can be an algorithm procedure, an object or a component; for hardware, a task is a specific IP (Intellectual Property) module with clear functions, interface and constraints [11, 12]. To formulate our problem, the following notations are used in this paper: G : A directed acyclic graph (DAG) and also refers to the task graph of a SoCRTOS,

G = (V , E )

V : The task node set that has to be partitioned, V = {v1 , v 2 ,  , vn } E : The directed edge set that represents the control or data dependency and communication relationship between two nodes, E = eij vi , v j ∈V , i ≠ j

{

}

N : Total number of task nodes belonging to G , N = V P : A hardware-software partitioning of G VH : The subset of nodes partitioned into the hardware, VH ⊆ V VS : The subset of nodes partitioned into the software, VS ⊆ V

s (vi ) (or si ) : The software costs of vi h( vi ) (or hi ): The hardware costs of vi c (vi , v j ) (or cij ): The communication costs between vi and v j if they are in dif-

ferent contexts (Hardware or Software) whereas the communication costs between the nodes in the same context are neglected

ci : The sum of c ji , ci =

N

¦c

ji

j =1, j ≠i

H P : The hardware costs of P , H P = ¦v ∈V hi i

H

S P : The software costs of P , S P = ¦v ∈V si i

S

C P : The communication costs of P , C P = ¦v ∈V g p (VH , VS ) : The total costs of P

i

S , v j ∈VH

or vi ∈VH ,v j ∈VS

cij

f P (VH ,VS ) : The total performance of P

G = (V , E ) , it is called k-way partitioning if there exists a cluster set P = {p1 , p2 ,  , p k }, which satisfies: Definition 1 (k-way partitioning). For given

A Novel Discrete Hopfield Neural Network Approach

­ pi ⊆ V 1 ≤ i ≤ k °° k ® p i = V ° i =1 °¯ p i  p j = φ 1 ≤ i

891

(1)

j≤k

i≠ j

As k = 2 , P is called bi-partitioning, which means that only one software context (e.g., one general-purpose processor) and one hardware context (e.g., one ASIC or FPGA) are considered in the target system; as k > 2 , P is called multi-way partitioning, which means that multiple software contexts and multiple hardware contexts are considered in the target system. According to the architecture of the target system, the SoC-RTOS partitioning can be categorized into bi-partitioning and multi-way partitioning. Bi-partitioning is the foundation of the multi-way partitioning, and is widely applied in domain applications. Hence, the partitioning only refers to the bipartitioning without any additional declaration in this paper. Definition 2 (SoC-RTOS partitioning). For given and

P = (VH ,VS ) , VH  VS = V

VH  VS = φ , the SoC-RTOS partitioning is formulated as the following con-

strained optimization problem:

­ max f P (V H , V S ) ° ® s .t . C min ≤ g p (V H , V S ) = H P + S P + C P ≤ C max , ° v i ∈ V , e ij ∈ E , 1 ≤ i , j ≤ n , i ≠ j ¯ where

(2)

Cmin > 0 and Cmax > 0 are the minimal and maximum value of given costs

of SoC-RTOS, respectively.

3 A Novel Discrete Hopfield Neural Network Approach The discrete Hopfield neural network approaches (DHNNA) have been successfully applied to signal and image processing, pattern recognition and optimization. In this paper, we employ this type of neural network to solve the SoC-RTOS partitioning optimization problem. 3.1 Neuron Expression A neural network with N neurons is used to give a response for each of the N nodes in the graph G . The i-th neuron belongs to the subset with node i, and has an input

U i and output Vi . The output of the neuron is given by:

­ 0 , if U i > 0 , V i = f (U i ) = ® (3) ¯ 1 , if U i ≤ 0 where the neuron output Vi = 0 indicates vi ∈ VH and Vi = 1 indicates vi ∈ VS .

892

B. Guo et al.

To avoid the local optimum caused by initial conditions, the neuron input value should be restricted within a certain range. The upper limit U max and the lower limit

U min of the neuron input are set as follows, where the average value U avg of cij is calculated from all connected task nodes:

U avg =

2 CP , N

U

min

= −

U avg 2

,

U max =

U avg

,

2

(4)

­ U , if U i < U min . U i = ® min ¯U max , if U i > U max

(5)

3.2 Energy Function In response to the constraint and objective condition of the SoC-RTOS partitioning, an energy function consisting of the following two terms is defined by:

E=

A B E1 + E 2 , 2 2

(6)

N §N · E1 =¦fi2¨¨¦(hjVi (1−Vj ) +sj (1−Vi )Vj +cij (Vi (1−Vj ) +(1−Vi )Vj )) −Cmin¸¸, i=1 © j=1 ¹

N § E 2 = − f P (V H , V S ) = − α ¦ ¨¨ i =1 ©

(7)

· ¦ (β V (1 − V ) + (1 − V )V )¸¸ N

i

j =1 , j ≠ i

i

j

i

j

(8)

¹

where A and B are two positive coefficients which are specified in Subsection 3.4 below. α is the system architecture speedup ratio, which means a performance compared value between hardware-software partitioned SoC-RTOS and purely software realized SoC-RTOS; β i is the hardware task speedup ratio and has the different values for different tasks, which means a performance compared value between hardware implementation and software implementation in the same task node. The function f i ( x ) used in Eq. (7) is given by:

­ x + C min − (hi + si + ci ) , if x < −C min + (hi + si + ci ) , ° f i ( x ) = ®0 , if 0 ≤ x ≤ C max − C min , ° x − C + (h + s + c ) , if x > C − (h + s + c ) . max i i i max i i i ¯

(9)

A Novel Discrete Hopfield Neural Network Approach

E1

is

an

energy

function

associated

to

the

893

constraint

N § N · g p (VH ,VS ) = ¦¨¨ ¦ (h jVi (1 − V j ) + s j (1 − Vi )V j + cij (Vi (1 − V j ) + (1 − Vi )V j ))¸¸ i =1 © j =1, j ≠i ¹

,

E 2 is associated to the objective function f P (VH ,VS ) , which indicates the relative value of SoC-RTOS performance. Furthermore, E 2 takes the minimum value while

when the performance of hardware-software partitioned SoC-RTOS attains the maximum [12, 13, 15]. 3.3 Operating Equation The operating equation for the i-th neuron is governed by:

dU i ∂E , =− dt ∂Vi

§ N · = − Af i ¨¨ ¦ (h jVi (1 − V j ) + s j (1 − Vi )V j + cij (Vi + V j − 2ViV j )) − C min ¸¸ × © j =1 ¹ N N § · B ¨ ¦ (h j (1 − V j ) − s jV j + cij (1 − 2V j ))¸ − α ¦ ((β i + 1)V j − β i ) ¨ ¸ 2 j =1, j ≠i © j =1 ¹

(10)

In order to avoid the local optimum and obtain a high quality solution within a limited computation time, a noise term D given by Eq. (11) is added to the operating equation (10); that is,

­ + η , if V j = 0 . D = η (1 − 2V j ) = ® η if V − , = 1 j ¯

(11)

If the noise term D is kept adding in the updating rule, the state changes excessively and even a local optimum solution may not be reachable. Hence, the term D will be discarded in the operating equation as t T0 ≥ λ , where • is a round-off operator,

[] i.e., it gives an integer most close to the entity, λ = T0 − (t × T0 ) Tmax − 1 , T0 is a [

positive coefficient and

]

Tmax is a maximal step of iterations.

3.4 Setting of Coefficients for the Operating Equation The coefficient

A depends on the average value ω of the task node costs; that is,

ω =

H P + SP . N

(12)

894

B. Guo et al.

The coefficient

B depends on the U avg . In this study, we set Aω = KBU avg ,

K is a regularizing constant. In our simulations, we take K = 1 3 , B = 1 , T0 = 10 , Tmax = 200 and η = U avg (3 + 10 × ρ ) . Here, ρ is the edge generation ratio of the graph G ( 0 < ρ ≤ 1 ) [14].

where

The values of

α

bers in the intervals

and

βi

were obtained empirically, and are set as random num-

[1.5 , 2] and [2 , 4], respectively [8]. N

Note that

C min = ¦ si is a minimal cost if the SoC-RTOS is totally realized by i =1

N

the software, and

C max = ¦ hi is a maximal cost if the SoC-RTOS is totally reali =1

ized by the hardware. To achieve a more practical and favorable solution, we amend the maximal cost to be

C max =

1 N ¦ hi in this study [12, 13, 14]. 2 i =1

4 Performance Evaluation by Simulation To verify the feasibility and effectiveness of the proposed method in this paper, we employed the similar simulation methods used in [6], [14] and [15]. Also, a comparative study was carried out with the genetic algorithm (GA) and ant algorithm (AA). 4.1 Target System Architecture This study targets the bi-partitioning problem, so there is one processor and one programming hardware component (e.g., FPGA) in the target system. We use the Spartan-3 S1000 chip manufactured by Xilinx Corporation as our FPGA model, which could contain 4 processor cores and 17,280 programming logic blocks (PLBs) at most. In our experiments, we only use one processor and 15,452 PLBs. The target system architecture is shown in Fig. 1. Since software is stored in memory and executed by MPU, ARM core and memory represent the software. FPGA PLBs represent the hardware indicated by bold line box in Fig. 1.

Fig. 1. Abstract model of target system architecture

A Novel Discrete Hopfield Neural Network Approach

895

4.2 Simulation Conditions To date, no standard benchmark and test cases for this topic is available. The methods commonly adopted in the literature are to generate the random DAG, and to assign some attributes to the nodes and edges. To simplify our simulations, the following assumptions are made: (1) The costs (e.g., running time and occupied hardware area) of task implementation on the processor and PLBs are static and can be calculated in advance. (2) The costs of communication between the nodes in different contexts are constant during the execution time. (3) To compare with the software implementation under equal conditions, the parallel of hardware implementation is neglected. In this simulation, we constrain the settings as follows: (1) Use the GVF (Graph Visualization Framework) software package to generate 5 groups of random DAG as our task graphs. To achieve the exact results in a limited time, the number of task nodes ( N ) in each group is set as 50, 100, 300, 800 and 1200, respectively. Each group has 30 sample graphs, in which each graph has the different edge generation ratios ( ρ ). The average value of 30 samples in each group is taken as the final performance result of this group [6]. (2) The costs of task nodes and communication costs of edges, each task node is related with two functions for one is a hardware function and another is a software function, while each edge is associated with one function. The output of function is taken as the cost of task node and edge. The appropriate cost function for each task node and edge are chosen from the MediaBench benchmark program package [6]. (3) As the initial partitioning, N 2 task nodes are assigned to each subset. (4) The simulation environment used the Intel Celeron 2.6GHz processor, 512MB SDRAM, Linux 9.0 operating system and KDevelop 3.2 IDE. 4.3 Simul0ation Results and Analysis Table 1 shows the experimental results of search time and f P (VH , VS ) produced by the DHNNA, GA and AA on the different node number. Fig. 2 shows the relationship between the search time used and count of task nodes in these three algorithms. It is observed that the search time from the DHNNA is shorter than that obtained by GA, and slightly worse than that obtained by the AA. However, the overall performances obtained from the DHNNA are better than the others. In particular, with the increase of node number, the DHNNA remarkably outperforms the other algorithms. In the target system architecture shown in Fig. 1, the aim of this experiment is to optimize the running time of SoC-RTOS under the occupied hardware area constraint. In fact, the DHNNA can be also applied to the hardware-software partitioning of embedded system and SoC after some modification, while taking into account other constraints and optimization performances, such as energy consumption, hard realtime and multi-processor.

896

B. Guo et al. Table 1. Comparison of DHNNA, GA and AA

Total DAG Nodes

DHNNA Time (s)

50 100 300 800 1200

17.91 134.47 659.02 2623.16 6582.74

GA

f P (VH ,VS )

89.32 311.63 886.57 2306.62 3608.48

Time (s) 21.53 252.21 948.24 3581.64 9157.36

AA

f P (VH ,VS ) 84.56 294.16 743.83 1875.97 2846.06

Time (s) 14.67 109.28 570.86 2367.29 6136.82

f P (VH ,VS )

83.2 256.43 694.37 1562.68 2593.68

Along with an increase of the node number, the value of f P (VH , VS ) is increasing continuously. This is a main disadvantage of the DHNNA. Practically it is expected to give an exact and more stable solution for the f P (VH , VS ) . The reason resulting in such a case may be of the initial condition and network parameters.

Search time used (s)

10000 8000

GA DHNNA

6000

AA

4000 2000 0 50

100

300 800 Count of task nodes

1200

Fig. 2. Running-time/Nodes curve

5 Conclusions In this paper, we developed a discrete Hopfield neural network approach for solving a problem of SoC-RTOS partitioning. According to the characteristics of SoC-RTOS partitioning, a new energy function for a Hopfield neural network is defined, and some practical considerations on the state updating rule are given. Simulation results demonstrate that our method is superior to some conventional methods, such as genetic algorithm and ant algorithm. A further investigation on the robustness of the solution with respect to the initial state and model parameters is being expected.

A Novel Discrete Hopfield Neural Network Approach

897

References 1. Wolf, W.: A Decade of Hardware/Software Co-design. IEEE Computer, 36(4) (2003) 38-43 2. Gupta, R.K., De Micheli, G.: Hardware-Software Co-synthesis for Digital Systems. IEEE Design and Test of Computers, Vol. 10 (1993) 29-41 3. Eles, P., Peng, Z., Kuchcinski, K., Doboli, A.: System Level Hardware/Software Partitioning Based on Simulated Annealing And Tabu Search. Design Automation for Embedded Systems, vol. 2 (1997) 5-32 4. Saha, D., Mitra, R.S., Basu, A.: Hardware/Software Partitioning Using Genetic Algorithm. Proc. of Int. Conf. on VLSI Design (1998) 155-159 5. Filho, F.C., Maciel, P., Barros, E.: A Petri Nets Based Approach for Hardware/Software Partitioning. Integrated Circuits and system design, 8(6) (2001) 72-77 6. Xiong, Z.H., Li, S.K., Chen, J.H.: Hardware/Software Partitioning Based on Dynamic Combination of Genetic Algorithm and Ant Algorithm. Journal of software, 16(4) (2005) 503-512 7. Arató, P., Juhász, S., Mann, Z.Á., Papp, D.: Hardware-Software Partitioning in Embedded System Design. Proceedings of the IEEE International Symposium on Intelligent Signal Processing (2003) 63-69 8. Stitt, G., Lysecky, R., Vahid, F.: Dynamic Hardware/Software Partitioning: A First Approach. Design Automation Conference (DAC) (2003) 74-81 9. Mooney III, V.J.: Hardware/software Partitioning of Operating System. Proceedings of the International Conference on Engineering of Reconfigurable System and Algorithm (ERSA’03) (2003) 31-37 10. Ignios Corporation: SystemWeaver Technology White Paper-MultiCore Enabler. Http://www.ignios.com (2005) 11. Jerraya, A.A., Yoo, S., Verest, D., When, N.(eds): Embedded Software for SoC. Kluwer Academic Publishers, Netherlands , ISBN 1-4020-7528-6 (2003)3-11 12. Yu, H., Gajski, D.: RTOS Modeling in System Level Synthesis. CECS Technical Report 02-25, University of California, Irvine (2002) 13. Tan, T.K., Raghunathan, A., Jha, N.K.: Energy Macromodeling of Embedded Operating Systems. ACM Transactions on Embedded Computing Systems (TECS), 4(1) (2005) 231-254 14. Wang, G., Gong, W.R., Kastner, R.: A New Approach for Task Level Computational Resource Bi-partitionging. Proc. of the IASTED Int’l Conf. on Parallel and Distributed Computing and Systems (PDCS), ACTA Press (2003) 434-444 15. Tamaki, Y., Funabiki, N., Nishikawa, S.: A Binary Neural Network Algorithm for the Graph Partitioning Problem. Electronics and Communications in Japan, Part 3, Vol. 82, No. 12 (1999) 34-42

UML Based Evaluation of Reconfigurable Shape Adaptive DCT for Embedded Stream Processing Xianhui He1 , Yongxin Zhu1 , Zhenxin Sun2 , and Yuzhuo Fu1 1

School of Microelectronics Shanghai Jiao Tong University {hexianhui, zhuyongxin, fuyuzhuo}@ic.sjtu.edu.cn 2 School of Computing National University of Singapore [email protected] Abstract. Multimedia stream standards evolve rapidly as stream applications prosper in embedded systems. A key component of standards, discrete cosine transform is being replaced by SA-DCT, whose complexity results in a large design space. The paper describes a UML 2.0 based design approach to quick evaluation of SA-DCT implementations containing both hardware and software, which are hard to describe and verify in C, Verilog and VHDL. Using the approach, we manage to study the partitioning, reconfigurability as well as performance and hardware cost. The design specifications in UML can be translated into SystemC models consisting of simulators and synthesizable code under proper style constraints. The paper demonstrates the feasibility of quick specifications, verification, evaluation and generation of embedded system designs.

1 Introduction Since the new millennium, multimedia applications have been gaining their popularity as well as complexity. The complexity is represented by growing computation demands. Due to the busty nature, video stream processing tops the multimedia applications in terms of complexity. A lot of efforts in standards and implementations therefore are dedicated to handling challenges incurred by the complexity. Video coding standards evolve in the same pace as multimedia applications. To cope with the computation demands of the applications, MPEG-4 was developed and adopted widely after its precedents MPEG1 and MPEG2. One of major features that identifies MPEG-4 from MPEG series standards is the Shape-Adaptive Discrete Cosine Transform (SA-DCT) proposed by Sikora and Makai in [13]. SA-DCT is able to code irregular video regions, compared to traditional block-based DCT which is used in earlier releases of MPEG standards, MPEG-1 and MPEG-2 as well as MPEG’s sister standards, H.261 and H.263. The irregular video regions are boundaries between a stationary background and moving forward objects. MPEG-4 relies on SA-DCT to achieve object-based texture encoding, and operations on the objects. SA-DCT implementations differ significantly due to many concerns, among which adaptability, reconfigurability, functional completeness, and efficiency are considered as major ones. Tseng et al. in [17] consider the SA-DCT implementation [11] proposed by Le et al. is incomplete functionally. It is also unclear whose reconfigurability is better X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 898–907, 2006. c IFIP International Federation for Information Processing 2006 

UML Based Evaluation of Reconfigurable Shape Adaptive DCT

899

between the design by Chen et al. [6] and the strategy by Gause et al. [7]. As such, it is hard to quickly evaluate various SA-DCT architectures. An approach to taming the complexity of evaluation is to raise the level of abstraction to that of system-level designs. This approach incurs the needs to specify abstract systems. The Unified Modelling Language (UML) is considered fit to play this role. Another important issue in specifying SA-DCT architectures is that the specifications must be reconfigured easily. To fit the shape of video object, SA-DCT calculations are reconfigurable and flexible in nature. Due to the arbitrary boundary of the video object, the hardware required by SA-DCT depends on the number of pixels occupied by the object within the 8 × 8 block involved in SA-DCT calculation. To study the reconfigurability of SA-DCT architectures in UML, embedded system designers need to describe the architectures clearly with less efforts using UML than text-based specifications. Interestingly, specifications of SA-DCT architectures in UML are intuitive to reconfigure graphically so long as the designers are knowledgable about object-oriented programming, which is the common sense for engineers since 1990s. Our Scope of Work and Related Work: In the domain of UML for system designs, a large body of work has been reported. Some UML extensions from UML 1.x are proposed in [10]. Two instances of UML extension and translation are [2, 18]. A previous effort [16] focused on hardware generation from UML models without explicit UML specifications of stream processing. Another earlier work [12] mainly studied the model driven architecture approach via SystemC using UML 1.x. A recent work [14] addressed the clocking issues involved in clocked circuit design in UML. A more recent work [19] explored the suitability of UML 2.0 for designs of stream processing, and established a design workflow that takes SystemC as an intermediate language. In this paper, we will discuss two categories of SA-DCT architectures, into which hardware-favored and software-favored approaches fall before we present the specifications in UML 2.0. This discussion is to explain the existence of the tradeoff between the high performance of customized hardware and the flexibility of low cost software. In the rest of the paper, we will brief the UML based workflow including the translator. Then we will categorize implementations of SA-DCT in terms of software/hardware partitions. That will be followed by details of UML specifications of two instances of representative SA-DCT implementations. According to the UML specifications, we will present the experimental results on performance and hardware costs. Some remarks will be given to conclude the paper.

2 The UML 2.0 Based Workflow The workflow starts with specifications in UML 2.0 using I-Logix’s Rhapsody. The specifications are executable within the UML tool at the UML level. Both functional verifications and performance verifications are carried out. As such, the verifications are performed as earlier as possible. Figure 1 shows the steps in the workflow. After verifying the functionality and performance at UML level, we export the design specifications into intermediate data via the Rhapsody XML Metadata Interchange (XMI) toolkit. These data are parsed by the jdom-based parser [8] to generate the abstract grammar tree. These information along with a set of translation templates are

900

X. He et al. 80/0RGHO 5KDSVRG\ 5KDSVRG\;0,7RRONLWV ,QWHUPHGLDWH 'DWDLQ;0, -GRPEDVHG3DUVHU $EVWUDFW6\QWD[ 7UHH 7HPSODWHV

$SDFKH9HORFLW\(QJLQH 6\VWHP&&RGH

6\QRSV\V&&6&&RPSLOHU 57/OHYHO QHWOLVW

Fig. 1. The UML 2.0 based Workflow

feeded into Apache Velocity Template Engine [1] to generate the target code, design specifications in SystemC. The SystemC code under proper coding style constraints is acceptable to Synopsys SystemC compiler [15], which translates the SystemC code into synthesizable RTL level netlists in Verilog or VHDL. Additional hardware specification details can be included by the translator on top of the general mapping rules explained above. This action is part of refining process in the design workflow.

3 SA-DCT Classifications For blocks inside a video object plane (VOP), block-based DCT encoding behaves identically to SA-DCT encoding. SA-DCT saves computation for processing blocks outside the VOP only. The boundary encoding process starts by packing the VOP pixels and aligning them to the upper bound of the 8x8 block. According to [13], given the column length N where 1 ≤ N ≤ 8, the uth DCT coefficient F (u) of an 1D N -point DCT for each column is derived as Equ. 1. / N −1  2 (2x + 1)uπ F (u) = C(u) ]. (1) f (x) cos[ N 2N x=0 f (x) is the data vector, C(u) = √12 if u = 0, 1,...,N − 1, and C(u) = 1 otherwise. To avoid expensive multipliers in terms of power consumption and chip area, many adder-based distributed arithmetic (DA) approaches [4] [3] are proposed as replacements. Given an N -tap inner product with input sequence Xi , output sequence Yn , and constant coefficient Ai , Equ. 2 expresses the inner production as per [5]. Yn =

N −1  i=0

Ai Xi =

W −1 c −1 N  

(

k=0

Ai,k Xi )2−k .

(2)

i=0

Wc is the word length of Ai and Ai,k represents the k th bit of Ai . When Ai,k equals 0, computations are saved. The only required operations are bit shifting and addition.

UML Based Evaluation of Reconfigurable Shape Adaptive DCT

901

Fig. 2. A SA-DCT architecture containing hardware only, courtesy of Kinane et al. [9]

A hardware-favored implementation of DA is the work of Kinane et al. [9], an architecture consisting completely of hardware is proposed to optimize the usage of adders. The architecture is illustrated in Fig. 2. To make our discussion concise, we refer the architecture of Kinane et al. as method one (m1) in the paper. In the architecture of m1, the multiplexed weight generation module (MWGM) has a reconfigurable adder-based distributed arithmetic structure adjustable to the computation of the distributed weights for N -point DCT efficient k using a 6-bit vector {k, N }. According to {k, N }, the multiplexers select the proper values of the weights. The primary adder array consists of 6 two-input adders. The secondary array includes no more than 5 two-input adders. This array combines a subset of the possible primary adder sums with elements of the selected vector. Another software-favored example is the energy aware IP core design proposed by Chen et al. [5]. The architecture of the design is illustrated in Fig. 3. This architecture is a typical representative of SA-DCT architectures part of whose functions are implemented in software. In this paper, we refer this work as method two (m2). The program memory in the architecture of m2 identifies SA-DCT solutions containing both software and hardware partitions. The program memory stores the firmware library, which is the collection of assembly instructions to calculate DCT/IDCT in different length.

Fig. 3. A SA-DCT architecture with embedded software, courtesy of Chen et al. [6]

1

clk:clk_gen

numTokenSend:int numTokenRecv:int

OutPortClktoAdder0123 OutPortClktoAdder023 OutPortClktoAdder012 OutPortClktoAdder01 OutPortClktoAdder12 OutPortClktoAdder13 OutPortClktoAdder23 OutPortClktoAdder02 OutPortClktoAdder123 OutPortClktoAdder013 OutPortClktoAdder03

OutPortClktoEOD2

InPortClk

OutPort_WMR

OutPort_WMR

OutPort_WMR

OutPort_WMR

OutPort_WMR

1

1

PPST:partialPro

InPortClk

1

TRAM:Transpos

InPortClk

InPorWMR InPortWMRToPPST InPortPPSTtoTRAM OutPortWMRToPPST OutPortPPSTtoTRAM

WMR:WeightMu

InPortClk

Fig. 4. The object model of the method by Kinane et al. [9]

InPortClk OutPort_ToMWGM_0123 OutPort_ToMWGM_012 OutPort_ToMWGM_013 1 InPortClk InPort_Addend2 addStag InPort_Addend1 InPort_Addend1 1 addStag 1 EOD0:Eve InPort_Addend2 OutPort_EODToMWGM_01 OutPort_EODToMWGM_02 OutPort_EODToMWGM_03 InPortDCTOEOD0 InPortClk realCycle... InPort_Addend2 1 addSta OutPort_ToMWGM_0123 InPort_Addend1 InPortClk new cycl... InPort_Addend1 1 InPort_Addend2 addStag InPortClk InPortClk 1 EOD1:Eve InPortClk InPort_Addend1 OutPort_EODToMWGM_01 OutPort_EODToMWGM_12 OutPort_EODToMWGM_13 InPortDCTOEOD1 1 addStag OutPort_ToMWGM_023 1 dpControl:dataP InPort_Addend2 InPortClk realCycle... InPort_Addend1 1 OutPortDCToEOD0 N:int new cycl... InPort_Addend2 addStag even_odd:bool OutPortDCToEOD1 InPortClk f1:double InPortClk InPort_Addend1 OutPort_WMR 1 InPort_Addend2 addStag startDCT():void OutPortDCToEOD2 1 EOD2:Eve OutPort_EODToMWGM_23 OutPort_EODToMWGM_02 OutPort_EODToMWGM_12 OutPort_EODToMWGM_012 InPortDCTOEOD2 new_cycle():void OutPortDCToEOD3 InPortClk realCycle... InPort_Addend1 1 InPort_Addend2 addStag new cycl... InPortClk Adder InPort_Addend1 1 OutPort_ToMWGM_123 Adder addStag InPortClk InPort_Addend2 InPortClk 1 EOD3:Eve InPort_Addend2 OutPort_EODToMWGM_23 OutPort_EODToMWGM_03 OutPort_EODToMWGM_13 OutPort_EODToMWGM_013 OutPort_EODToMWGM_023 OutPort_EODToMWGM_123 InPortDCTOEOD3 1 InPort_Addend1 addStag realCycle... InPortClk new cycl... InPort_Addend1 1 addStag OutPort_WMR InPort_Addend2

OutPortClktoEOD0

OutPortClktoEOD1 cycle_fini_dpc():void fini EOD0():void cycleOutPortClktoEOD3

OutPortClktoDCtrl

902 X. He et al.

4 UML Specifications

Our design specifications of m1 and m2 architecture are based on UML 2.0 notations and implemented in I-Logix Rhapsdy6.1. We prefer this tool to others since it provides enhanced supports for UML2.0 such as architectural modelling, sub-machines and concurrent state charts, and component based development. In m1, the execution stages are Datapath Control stage (DPCtrl), Even Odd Decompose stage(EOD), Primary Adder stage(AdderS1), Secondary Adder stage (AdderS2), Weight Max Routing stage(WMR), Partition Product Summation Tree stage(PPST), and Transpose RAM (TRAM) stage. The details are illustrated in Fig. 4.

UML Based Evaluation of Reconfigurable Shape Adaptive DCT

OutPortClk_DK

itsClk_ctrl:clk_ctrl

1

903

OutPortClk_DP

cycleTime:int cycle fini N2DCT():void InPortClk OutPortClk_N2DCT OutPortClk_N4DCT OutPortClk_N6DCT OutPortClk_N8DCT InPort_pSel

1

itsN2DCT:N2DCT E InPortClk

InPortClk itsDecisionKe

1

InPort_pSel OutPort_pSel2

1

InPortClk

OutPort_pSel6 new_cycle()...

OutPort_pSel8 InPort_pSel

1

InPortClk InPort_pSel

OutPort_PMtoDP InPort_PM2toDP

i t l () id

InPort_PM4toDP InPort_PM6toDP InPort_PM8toDP OutPort_PMtoDP

itsN6DCT:N6DCT E

1

InPortClk

itsN4DCT:N4DCT E

OutPort_pSel4

OutPort_PMtoDP

i t l () id

i t l () id

itsN8DCT:N8DCT E

1

itsDataPath: cycleNum:int execCycle... new_cycle(... call_dp():void

OutPort_PMtoDP

i t l () id

Fig. 5. The object model of the method by Chen et al. [5]

state_0

state_1

tm(cycleTime) state_2

state_9

state_11

cycle_fini_DK

state_13

state_15

cycle_fini_N2DCT cycle_fini_N4DCT

state_17

cycle_fini_N6DCT

state_19

cycle_fini_N8DCT

cycle_fini_DP [numTokenSend == numTokenRecv]

state_10

state_12

state_14

state_16

state_18

state_20

Fig. 6. A hierarchical statechart of the Clk Ctrl class in the design by Chen et al. [5]

904

X. He et al.

In m2, there are three major components, i.e. Decision Kernel(DK), Program Memories(PM)(containing 4 N -DCT software kernels denoted as NxDCT), and Data Path (DP) (containing an adder array and associated control logic). In Fig. 5, DK and DP are specified as individual objects, PM is specified as 4 instances of N -DCT software kernels. To achieve specification in cycle-level accuracy, a Clock Control(clk ctrl) component is created for both two designs as shown in Fig. 4 and Fig. 5. This clk ctrl component provides global clock signals to all the rest components in the design. Besides structure diagrams describing system compositions, we also use parallel statecharts to depict system behaviors. As illustrated in the hierarchical statechart in Fig. 6 shows, the clk Ctrl object broadcasts new cycle events to the rest objects. The states 9, 11, 13, 15, 17, and 19 send out the new cycle events concurrently. Testing input data are specified in dataPathCtrl class of m1, and decisionKernel class of m2 respectively. We also specify our NxDCT classes for the simulation of the program memory components of m2.

5 Experimental Results Functional Verifications: The extremely early functionality verification in the design process is executed by checking the logical correctness of events during the execution of the UML specifications. Specifically, we look into the behavior of all the operating components in UML specifications. We pay special attention to all the adders involved in the calculation, especially those might stay idle during execution. More precisely, the primary and secondary adders in m1 and the only adder on the datapath of m2 are monitored carefully, on the other hand, PPST and TRAM in m1 and program memory of m2 are of less importance that we do not pay much attention. Message sequence charts Fig. 7 and Fig. 8 visualize the communications between system components. They are automatically generated by Rhapsody during animated execution. In Fig. 7, new cycle events, operandReadyforEOD events and addendsReadyforAdder events are examples of trigger messages that clearly demonstrate the system behavior together with their source and destination objects. In Fig. 8, N8sel event is a message example that selects one program memory among four candidates. According to traces of message passing in Fig. 7 and Fig. 8 and additional debugging information, we verify the UML specifications function correctly as we expected. Results on Tradeoffs: To make quantitative tradeoffs between performance and hardware cost, we consider two metrics: hardware utilization and execution cycle number. During the UML execution, we capture information for design evaluation. The numbers of execution cycles are counted and listed in Table 1. The performance of two methods are compared in the line of reconfigurable size of SA-DCT. Though it is not surprising that the hardware-based m1 performs significantly better than the hardwaresoftware solution m2, we would like to point out that the execution cycles for m2 increase more significantly than the counterpart for m1. The difference should be attributed to the hardware function invocations initiated by the program memory for m2.

UML Based Evaluation of Reconfigurable Shape Adaptive DCT

905

Table 1. Performance statistics no. of points in SA-DCT 1 2 3 4 5 6 7 8 exec. cycles for method1 3 4 5 6 7 8 9 10 exec. cycles for method2 14 14 28 28 66 66 119 119

Table 2. Hardware utilization statistics no. of points in SA-DCT 1 2 3 4 5 6 7 ntot,m1 27 54 81 108 135 162 189 ntot,m2 10 10 20 20 49 49 100 nu,m1 16 32 48 68 85 117 137 nu,m2 10 10 20 20 49 49 100 utilization nu,m1 /ntot,m1 59.2% 59.2% 59.2% 63.0% 63.0% 72.2% 72.5% utilization nu,m2 /ntot,m2 100% 100% 100% 100% 100% 100% 100%

8 216 100 178 100 82.4% 100%

In Table 2, we use the utilization rate to evaluate the hardware costs. During execution, we record the number of total running adders(in one N -point DCT) as ntot , and number of useful running adders(in one N -point DCT) as nu . Since data paths of both designs mainly consist of adders, the hardware utilization rate can be represented by nu /ntot . We denote ntot for m1 as ntot,m1 , ntot for m2 as ntot,m1 . nu for m1 and m2 is denoted as nu,m1 and nu,m2 respectively. As such, we can tell m1 which needs 27 adders takes less execution cycles, while it occupies more hardware staying

Fig. 7. Animated sequence diagram of the design by Kinane [9] after zooming

906

X. He et al.

itsClk_ctrl:clk _ ctrl

itsDecisionKe rnel:Decision Kernel

itsN2 DCT:N2 DCT

itsN4 DCT:N4 DCT

itsN6 DCT:N6 DCT

itsN8 DCT:N8 DCT

itsDa taPath: DataPa th

OMStartBehavio rEve nt() tm(10) at ROO T.state_1 new_cycle() new_cycle() new_cycle() new_cycle() new_cycle() new_cycle()

N8selected() cycle _fi ni _DK()

tm(10) at ROO T.state_1 new_cycle() new_cycle() new_cycle() new_cycle() new_cycle() new_cycle()

N8selected() cycle _fi ni _DK()

ca ll_dp() cycle _fi ni _N8DCT()

tm(10) at ROO T.state

1

Fig. 8. An animation sequence diagram of the design by Chen et al. [5]

idle during execution. On the other hand, m2 containing only one adder array takes more execution cycles, however it keeps the datapath components fully utilized during execution. The price of the full utilization for m2 is the much higher memory cost of m2 than m1 as m2 needs four program memories to store different N -point DCT codes. As to reconfigurability, both m1 and m2 behave excellently adapting to the variable number of points N in DCT. There are just enough adders and associated hardware logic for m1 to process 1 − N -points DCT. There is no stall in the pipeline processing of the datapath. To adapt to variable number of points N in DCT, m2 only needs to change the control signals of the multiplexer.

6 Concluding Remarks In this paper, we described an approach to specifying embedded stream processing in UML 2.0. Based on the approach, specifications of shape adaptive DCT in both hardware and software partitions are coined. To describe both partitions is hard for C, Verilog or VHDL. It is also feasible to generate SystemC code from specifications in UML 2.0. More importantly, the execution of the specifications enables the early functionality verifications as well as cycle accurate performance evaluation of different architectures. Resource utilization rates are also countable after specifications execution. In our road map, our framework will grow into a complete system specifications and verification solution with more components of embedded multimedia systems.

UML Based Evaluation of Reconfigurable Shape Adaptive DCT

907

References 1. Apache Jakarta Project Group. User guide to velocity template engine[online]. In http://jakarta.apache.org/velocity/docs/user-guide.html, 2005. 2. F. Bruschi. A systemc based design flow starting from uml models. In The 6th European SystemC users Group Meeting, 2002. 3. T. S. Chang, C. S. Kung, and C. Jen. Hardware-efficient dft designs with cyclic convolution and subexpression sharing, Sep. 2000. 4. T. S. Chang, C. S. Kung, and C. Jen. A simple processor core design for dct/idct, 2000. 5. K.-H. Chen, J.-I. Guo, J.-S. Wang, C.-W. Yeh, and J.-W. Chen. An energy-aware ip core design for the variable-length dct/idct targeting at mpeg4 shape-adaptive transforms, 2005. 6. K.-H. Chen, J.-I. Guo, J.-S. Wang, C.-W. Yeh, and T.-F. Chen. A power-aware ip core design for the variable-length dct/idct targeting at mpeg4 shape-adaptive transforms. In The IEEE ISCAS, pages 141–144, 2004. 7. J. Gause, P. Cheung, and W. Luk. Reconfigurable computing for shape-adaptive video processing, iee proc.-comput. digit. tech., vol. 151, no. 5,, 2004. 8. JDOM Project Group. Jdom and xml parsing[online]. In http://www.jdom.org/downloads/ docs.html, 2002. 9. A. Kinane, V. Muresana, and N. OConnora. An optimal adder-based hardware architecture for the dct/sa-dct, 2005. 10. L. Lavagno, G. Martin, and B. Selic. Uml for Real: Design of Embedded Real-Time Systems. Kluwer Academic Publishers, 2003. 11. T. Le and M. Glesner. Flexible architectures for dct of variable-length targeting shapeadaptive transform, ieee transactions on circuits and systems for video technology, vol.10, no. 8, 2000. 12. K. Nguyen, Z. Sun, P. Thiagarajan, and W. Wong. Model-driven soc design via executable uml to systemc. In The 25th IEEE Int’l Real-Time Systems Symp., pages 459–468, 2004. 13. T. Sikora and B. Makai. Shape-adaptive dct for generic coding of video, ieee transactions on circuits and systems for video technology, vol.5, no. 1, 2002. 14. Z. Sun, W. Wong, Y. Zhu, and S. Pilakka. Design of clocked circuits using uml. In Design Automation Conference, 2005. Proceedings of the ASP-DAC 2005. Asia and South Pacific Volume 2, pages 901–904, 2005. 15. Synopsys Inc. Cocentric systemc compiler rtl user and modeling guide. In Synopsys Incorporation, 2003. 16. W. H. Tan, P. S. Thiagarajan, W. F. Wong, Y. Zhu, and S. K. Pilakkat. Synthesizable systemc code from uml models. In UML for Soc Design, DAC 2004 Workshop, www.comp.nus.edu.sg/∼zhuyx/usoc04.pdf, June 2004. 17. P.-C. Tseng, C.-T. Haung, and L.-G. Chen. Reconfigurable discrete cosine transform processor for object-based video signal processing. In The IEEE ISCAS, pages 353–356, 2004. 18. Q. Zhu, A. Matsuda, and M. Shoji. An object-oriented design process for system-on-chip using uml. In The 15th Int’l Symp. on System Synthesis, pages 249–254, 2002. 19. Y. Zhu, Z. Sun, A. Maxiaguine, and W. Wong. Using uml 2.0 for system level design of real time soc platform for stream processing. In IEEE 11th Int’l conference on Embedded and Real-Time Computing Systems and Applications, pages 154–159, 2005.

A High Performance Buffering of Java Objects for Java Card Systems with Flash Memory* Min-Sik Jin** and Min-Soo Jung*** Dept of Computer Engineering, Kyungnam University, Masan, Korea [email protected], [email protected]

Abstract. Java Card technology provides a secure, vendor-independent, ubiquitous Java platform for smart cards and other memory constrained devices such as SIM technology. It is also an open standard in SIM and UIM technology for 3G environment. However, the major point of criticism with regard to Java for smart cards and SIM cards is its low execution speed, aside from its memory demands. We found out that the most long-time work during the execution is to write data to non-volatile memory such as Flash memory. In this paper, we make a suggestion to improve the execution speed by buffering effectively Java Card Objects in order to reduce the number of flush() method. With our approach, the total number of flash writing and the execution speed of applications reduced by about 50% and 38% separately.

1 Introduction In the smart card world, Java Card has been one of the most hyped products around for years. The main reason for the hype is Java Card’s potential. Not only would it let all Java programmers develop smart card code, but also such code could be downloaded to cards that have already been issued to customers. This flexibility and post-issuance functionality would significantly extend smart card possibilities. For instance, on the majority of cellular telephone networks, a subscriber uses a smart card commonly called a SIM and UIM card to activated the telephone [1, 3, 8]. Although Java Card is increasingly popular for its predominant traits and potential, now there is an obstacle related to slow execution speed for its fully growth. Aside from its memory demands like small embedded devices, the major point of criticism with regard to Java for smart cards is its low execution speed [3]. Even with a 32-bit processor, the execution speed of Java bytecode executed by JCVM is still 20 to 40 times slower than program code written in C. Several fabulous advantages that Java Card provides such as a dynamic downloading of application called post-issuance and a platform independency caused Java Card to be used widely by customers in spite of its slow execution speed [3, 4]. * ** ***

This work is supported by Kyungnam University Research Fund, 2006. Interim Full-Time Instructor of Kyungnam University. Professor of Kyungnam University.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 908 – 918, 2006. © IFIP International Federation for Information Processing 2006

A High Performance Buffering of Java Objects for Java Card Systems

909

A Java Card is essentially an Integrated Circuit Card(ICC) with an embedded JCVM. The Central Processing Unit(CPU) can access three different types of memory: a persistent read-only memory(ROM) which usually contains a basic operating system and the greatest part of the Java Card runtime environment, a persistent readwrite memory(EEPROM) which can be used to store code or data even when the card is removed from the reader, and a volatile read-write memory(RAM) in which applications are executed [4]. The JCVM controls the access to all smart card resources, such as memory and I/O. Especially, during the execution of an application, data and Java Card Objects created usually are stored in persistent memory such as EEPROM or flash memory to prevent a serious data loss against a power-down [2, 3]. We found out that there are too many flash writings while Java Card downloads a small application called an applet from a terminal and executes an installed applet with Application Protocol Data Unit(APDU). We also discovered that it makes the execution speed of Java Card much slowly. In this paper, we make a suggestion to improve the execution speed by using a high performance object buffer that was very effectively implemented in order to reduce the number of flush() method that means one block writing into flash memory. Our approach came from the writing time per each memory cell. Namely, writing operation of RAM memory cell is approximately 2,000 times faster than that of flash memory. Flash memory is also more common than EEPROM memory in the embedded system, because EEPROM can be written by a byte unit, but flash can be written by a block unit. This paper is organized as follows. Section 2 describes the feature of each memory in a typical Java Card, Java Card objects and the method that writes data to flash. Section 3 explains about object’s high locality and how to write objects into flash in a traditional Java Card. Section 4 describes the possibility of our approach with some data and outlines our approach about new object buffer based on a high locality of Java Card objects. Section 5 discusses the evaluation between a traditional one and our approach. Finally, we present our conclusions in Section 6.

2 Java Card Environment 2.1 Java Card with Flash Memory A early smart card system including Java Card has three kinds of memory: ROM, RAM, and EEPROM. However, the use of flash memory, not EEPROM as a nonvolatile memory is dramatically increasing in a smart card system for several reasons. EEPROM can be electrically programmed one byte at a time, but flash can be programmed a large group of bytes or words called a block, sector, or page. The difference of this writing process makes a card with flash memory faster than a card with EEPROM [1, 3, 4, 5]. In the Java Card system with flash memory, the JCRE code including JCVM, API and COS is placed in ROM memory. Persistent data such as post-issuance applet classes, applet instances and longer-lived data are stored in flash memory. RAM is used for temporary storage. The Java Card stack is allocated in RAM. Intermediate results, method parameters, and local variables are put on the stack [3,5].

910

M.-S. Jin and M.-S. Jung

Flash Downloaded Applet

StaticField Data

ROM

Heap Area (Persistent Objects)

Object Reference Table

RAM

Java Card VM

Java Card API

Java Card Interpreter

Card OS (COS)

Transient Object

ROM Applet

Native Code

CStack

Java Card Stack

Fig. 1. Java Card Memory Model with Flash memory and the components that each memory has

As illustrated in Figure 1, Java Card technology supports both persistent and transient objects. Java Card Objects are inherently created as persistent objects in flash when they are generated using the new() method. Persistent objects survive both the end of a session and a sudden loss of power, without losing data or consistency [3]. The applet instance and associated persistent objects of an application must survive a session. Therefore they are placed in the non volatile storage on a card, usually flash. Flash provides similar read and write access as RAM does. However, The difference of both memory is that writing operations to flash memory are typically over 2,000 times slower than to RAM and the possible number of flash writing over the lifetime of a card is physically limited [4, 16]. Table 1. Comparison of memory types used in Smart Card microcontrollers [4, 16] Type of Memory RAM EEPROM Flash

Number of write/erase cycles unlimited 100,000 – 1,000,000 10,000

Erase time per a cell §1.5 ~ 2ms 4ms

Writing time per a cell §70ns §1.5 ~ 2ms §20≠s

2.2 How to Write Data into Flash Memory A single flash write operation consists of an erase and a write operation. Erase and write operation is performed in a page unit. The size of a page unit depends on a chip manufacturer such as ARM, Philips and Samsung. Its size is generally between 128byte and 256-byte. Figure 2 shows how to write data into flash memory with one buffer in RAM. First, a page in flash memory should be saved into the buffer in RAM for backup. Only the data to be written or changed in the buffer in RAM is updated. after updating, the target page in flash is erased and the buffer in RAM is written to the target page in block [14, 16].

A High Performance Buffering of Java Objects for Java Card Systems

911

Fig. 2. Flash memory writing using a buffer in RAM and the procedure for writing 0x0349 into the target address, 0x80103

2.3 Data Writing Mechanism in Java Card The JCRE has a flash writing mechanism to store consecutive bytes by providing an abstraction of flash as a stream. This mechanism also provides atomic operations of data to be written into flash. Namely, the Java Card platform should guarantee that creating and updating to a persistent object is atomic. The reason is that there is a high risk of failure at any time during applet execution with smart cards. Failure can easily happen due to a computational error or more often, a user of the smart card may accidentally remove the card from the CAD [1, 4]. For this reason, the Java Card system uses the buffering of consecutive data to keep an data integrity.

Fig. 3. How to write consecutive bytes to destination address by using stream_open() and flush() method

Figure 3 shows how to write data by using a stream method in a traditional Java Card. This stream form is used to gather consecutive data to reduce the number of flash writing. This also allows the low-level layer to use a buffer and wait until one full page is completed before writing it to flash. Here is a whole process to write some data to flash memory; First, the stream of the target address to be written is opened, and then, one or more data such as byte, short, boolean and array are consecutively written into the buffer in RAM. Finally, after gathering some data into the buffer, these data in the buffer are stored with flush() method. In this mechanism, if the addresses of flash writing are not consecutive during the execution of an applet, or the size of data written into flash is generally small, the performance of this buffer mechanism is very inefficiency. In other words, the main

912

M.-S. Jin and M.-S. Jung

purpose of this buffer in RAM is simultaneously to write 1-byte up to consecutive 256-byte data into flash at a time. If this buffer in RAM has this simple function as well as a buffering and caching function based on a nearness of flash writing addresses caused by the feature of Java Card Objects, the number of flash write operations that spends more time than other operations are reduced. It makes the Java Card much faster.

3 Object Writing of a Traditional Java Card 3.1 Object Representation in Java Card The structure of objects is defined by a sort of fields that a class has; primitive types, primitive arrays, static types and reference types. If a class has some primitive type fields, the value of this primitive fields such as byte, short and boolean is in the object. If a class has fields as another class like a API class, the object of this class only includes the object id of another class. If a class has static variables and static arrays as a field, the object of this class does not have any information about this static data. It is managed by the JCVM in a special area, static field area, in flash memory.

Fig. 4. The whole structure of flash memory consisting of 5 parts and the format of Java Card objects stored in heap area

3.2 Object’s High Locality of Heap Area As mentioned earlier, a traditional Java Card System has only one buffer in RAM to write data into flash. The buffer has a function for the buffering of just consecutive bytes. In this paper, we suggest an object buffer that perform a buffering and caching to improve the execution speed of Java Card. The most important and considerable point in order to add caching function to Java Card is a high hitting rate of the caching buffer. When the wallet class is created by install() method, the wallet object (2011C3A600000000) that have 3 fields is first written in flash, and then, OwnerPIN object (20111E69000308) that assigned 0045 as an objectID is created and written in EEPROM. After the OwnerPIN object created, Java Card writes the objectID (0045) as pin reference field of the wallet object (2011C3A600000045). After the wallet applet is created, a method such as initialize() and withdraw() generally would be invoked. In figure 4, initialize() method is to change the value of balance field into 100. After this operation, the content of the wallet object is 2011C3A690000045. withdraw() method also changes the field value of withdraw and balance into 50 and 40 separately. At this time, the content of the wallet object is 2011C3A640500045.

A High Performance Buffering of Java Objects for Java Card Systems

913

Figure 5 and 6 showed several flash writing processes from the creation of wallet applet to the execution of methods such as initialize() and withdraw(). If Java Card just performs these processes by using one buffer above-mentioned, it might spends much time in writing and changing localized-data like above example. public class wallet extends Applet{ int balance; global variables int withdraw; OwnerPIN pin; Æ reference class

}

wallet (){ // constructor pin = new OwnerPIN(3, 8); // create OwnerPIN(trylimit, Pinsize) object } initialize(){ balance = 90; } withdraw(){ // method withdraw = 50; balance = balance – withdraw; }

Fig. 5. wallet applet that has 3 methods and 3 fields; when the wallet applet is created by install() method, OwnerPIN object also is created in wallet() constructor after wallet() method execution

after initialized(), withdraw() execution

Fig. 6. The creation process of the wallet applet and the OwnerPIN object in flash and the process of the changing localized-fields and rewriting them

4 Our Changed Java Card with a High Performance Buffering 4.1 High Locality of Java Card Objects In chapter 2, we explained how to gather data into the buffer by using a stream method in a traditional Java Card. The purpose of this mechanism is to reduce the number of Flash writing by buffering only consecutive data in address and to keep the data integrity of Java Card. However, this buffer was made without any consideration about a high-locality of heap area caused by the feature of Java Card Objects. For a logicality of our study, we investigated the size of all data written into flash memory and how the addresses of flash writing are close to each other in a traditional Java Card. As illustrated in table 2, the rate of flash writing less than 4 bytes in size is more than 70%. We found also out how many percentages next flash writing is in the current page. Flash writing in only heap area is checked to figure out the locality of a heap that Java Card Objects are saved. As shown in table 3, there is very high

914

M.-S. Jin and M.-S. Jung

Table 2. Comparison of the size of all data written into flash memory during the downloading and execution of applications Size Applet HelloWorld ChannelDemo Wallet PackageA SampleLibrary Demo2 EMVL EMVL_Applet

1 byte 2481 4305 3049 5505 1929 24399 3022 3591

2 bytes 920 1428 1085 1784 754 6838 1044 1162

3 bytes

4 bytes

8 10 7 7 6 68 8 20

over 4 bytes

30 4305 28 30 27 142 29 36

1127 1942 1373 2426 859 10857 1394 1676

Total number of flash writing 4566 11990 5542 9752 3575 42304 5497 6485

Table 3. Comparison of total number of flash writing and the number of next flash writing in the current page Applet HelloWorld ChannelDemo Wallet PackageA SampleLibrary Demo2 EMVL EMVL_Applet

Total number of flash writing 4566 11990 5542 9752 3575 42304 5497 6485

Next flash writing in the current page 2235 7665 2737 4876 1750 20748 2683 3095

probability that the next target address will be in the current page during the downloading and execution of application. 4.2 Our Changed Java Card with an Efficient Object Buffering In a traditional Java Card, the buffer is used to gather data to RAM by using a stream method in a traditional Java Card. The purpose of this mechanism is to reduce the number of flash writing and to keep the data integrity of Java Card. However, as illustrated in chapter 3, this method is not efficient and enough to reduce flash write operations, because only consecutive data is gathered. To improve the performance of this buffer, we investigated all addresses that JCVM writes during the execution. After that, we discovered that all objects and data that the Java Card creates during

Fig. 7. An existing buffer for non-heap area and our object buffer for heap area with very high object locality

A High Performance Buffering of Java Objects for Java Card Systems

915

the execution have a high locality. It means that an additional caching and buffering function makes the number of flash writing go down. For these reasons, we developed new Java Card with two buffer in RAM; one is the existing buffer for non-heap area, another is for heap area in flash. The heap area is where objects created by Java Card is allocated. In our changed Java Card, the existing buffer is similar to that of a traditional Java Card in terms of a size and a function. The existing buffer can write between 1 byte and up to 256 consecutive bytes to non-heap area at a time. However, our object buffer is for only heap area in flash. This object buffer of 256 bytes can be programmed to one page of flash memory simultaneously. Figure 8 below shows the main algorithm using a existing buffer and our object buffer. The writing of non-heap area is performed with the existing page buffer. The writing of heap area is executed with our object buffer. When the Java Card writes data into flash memory, the first operation is to check if the target address is in heap area or not. If the target address is in non-heap area, this data is written into the existing buffer, and then the buffer is flushed. Otherwise, the target address is checked if it is within our object buffer or not. If the target address is not in our object buffer, a current object buffer will be first flushed into flash memory, and then, one page that the target address belongs is copied to the object buffer. Write Operation

Read Operation

Fig. 8. Writing mechanism of our approach to reduce the number of flash writing and reading mechanism of our approach to get up-to-data values from the object buffer † Flash_addr : the flash address that data will be written. ‡ Object-buffer : our new object buffer with caching and buffering function for just heap area in flash.

In our algorithm, the up-to-data values during the execution might be in the object buffer. It means that a reading mechanism in order to read the up-to-data values is needed. Even though it is an additional operation to JCVM, the situation can be better in case of the much more expensive write operation. As mentioned earlier, writing costs are more expensive than reading costs and flash writing costs also are much more expensive than RAM writing costs [10].

5 Evaluation of Our Approach The key of our approach is improve an execution speed of the Java Card by reducing the number of flash writing. The main idea is also that flash writes are typically more

916

M.-S. Jin and M.-S. Jung

than 2,000 times slower than writes to RAM. One of the analyzed results of a traditional Java Card is that the existing buffer algorithm is to write data to flash regardless of the high locality of Java objects stored in heap area. For this reason, we developed new object buffer algorithm. In the GSM and Ubiquitous environment, one of the most important point is the downloading time of applications [10, 11]. We examined our approach with many applets. We tested our algorithms in terms of speed and the number of flash writing. To get more precise figure regarding our approach to the real Java Card, we made an experiment with S3FS9SK [16] with ARM 32-bit Microcontroller for contact smart cards. Below Table 4 and Figure 9 show the comparison between a traditional Java Card and our changed Java Card in regard to the number of EEPROM writing and the Table 4. The comparison between a traditional Java Card and our changed Java Card with regard to an execution speed. (Experiment is made with ARM 32-bit Microcontroller for contact smart cards). Applets Channel Demo JavaLoyalty JavaPurse ObjDelDemo PackageA PackageB PackageC Photocard RMIDemo Wallet EMV small Applet EMV Large Applet Average

Original 5323 5654 16458 12656 6578 5686 2348 3946 3956 3544 4387 8542

Our approach 2928 3505 9381 8226 3618 3525 1479 2525 2374 2410 2895 5467

Reduced Rate 45% 38% 43% 35% 45% 38% 37% 36% 40% 32% 34% 36% 38%

Fig. 9. The comparison between a traditional Java Card and our changed Java Card with regard to an execution speed

A High Performance Buffering of Java Objects for Java Card Systems

917

execution speed. During the dynamic downloading of applets called a post-issuance, the speed of downloading, installation and execution is also reduced by 44%. Consequentially, the reduced EEPROM writing caused Java Card to improve an execution speed. One applet consists of over 11 components that include all information of one applet package. We also produced the downloading result about all component of Wallet applet. Component Initialize Select Install CAP Begin Header Directory Import Applet Class Method StaticField ConstantPool RreferenceLocation CAP End Create Applet Total

Tradi- Our Approach Reduction tional 280 160 120 268 143 125 226 124 102 374 241 133 257 155 102 240 134 106 310 204 106 286 190 96 568 446 122 406 398 8 740 690 50 2819 1531 1288 218 201 17 548 513 35 7544 5130 2414

Fig. 10. The comparison between a traditional Java Card and our changed Java Card in regard to Wallet applet’s downloading

6 Conclusion and Future Work Java Card technology provides a secure, vendor-independent, ubiquitous Java platform for smart cards and other memory constrained devices such as SIM technology. It is also an open standard in SIM and UIM technology for 3G environment [11]. However, a Java language is basically slower than other languages, the reasons why Java Card technology is selected as a standard are a post-issuance and a platform independence. When Java Card downloads new application, a post-issuance generally spends a lot of time [10, 11]. In this paper, we have proposed the method to reduce the number of flash writing with our new object buffer based on the high locality of Java Card objects. It also makes the execution speed of Java Card faster. Even though our approach is very simple, with our approach, the number of flash writing and the downloading speed reduced by about 50% and 38% separately. It also enables an application to be downloaded more quickly in the case of an application sent to a mobile phone via the GSM network (SIM).

References 1. Sun Microsystems, Inc. JavaCard 2.2.1 Virtual Machine Specification. Sun Microsystems, Inc. URL: http://java.sun.com/products/javacard (2003). 2. Sun Microsystems, Inc. JavaCard 2.2.1 Runtime Environment Specification. Sun Microsystems, Inc. URL: http://java.sun.com/products/javacard (2003).

918

M.-S. Jin and M.-S. Jung

3. Chen, Z. Java Card Technology for Smart Cards: Architecture and programmer’s guide. Addison Wesley, Reading, Massachusetts (2001). 4. W.Rankl,. W.Effing,. : Smart Card Handbook Third Edition, John Wiley & Sons (2001). 5. James Gosling, Bill Joy, Guy Steele, and Gilad Bracha.: The Java Language Specification, Second Edition. Addison-Wesley, http://java.sun.com/docs/books/jls/index.html (2001). 6. Marcus Oestreicher, Ksheerabdhi Krishna. : USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10–11, (1999). 7. M. Oestreicher and K. Ksheeradbhi, “Object Lifetimes in JavaCard,” Proc. Usenix Workshop Smart Card Technology, Usenix Assoc., Berkeley, Calif., (1999) pp 129–137. 8. Michael Baentsch, Peter Buhler, Thomas Eirich, Frank Höring, and Marcus Oestreicher, IBM Zurich Research Laboratory, Java Card From Hype to Reality (1999). 9. Pieter H. Hartel , Luc Moreau. : Formalizing the safety of Java, the Java virtual machine, and Java card, ACM Computing Surveys (CSUR), Vol..33 No.4, (2001) pp 517-558. 10. M.Oestreicher, “Transactions in JavaCard,”, Proc. Annual Computer Security Applications Conf., IEEE Computer Society Press, Los Alamitos, Calif., to appear, Dec. (1999). 11. Kim, J. S., and Hsu, Y.2000. Memory system behavior of Java programs: methodlogy and analysis. In Proceedings of the ACM Java Grande 2000 Conference, June. 12. http://www.gemplus.com. : OTA White Paper. Gemplus (2002). 13. The 3rd Generation Partnership Project. : Technical Specification Group Terminals Security Mechanisms for the (U)SIM application toolkit. 3GPP (2002). 14. MCULAND, http://mculand.com/e/sub1/s1main.htm. 15. X. Leroy. Bytecode verification for Java smart card. Software Practice & Experience, (2002 ) pp 319-340 16. SAMSUNG, http://www.samsung.com/Products/Semiconductor 17. SIMAlliance, http://www.simalliance.org 18. http://www.samsung.com/Products/Semiconductor/Support/ebrochure/systemlsi/smartcard_ controller_200511.pdf 19. Min-Sik Jin, Won-ho Choi, Yoon-Sim Yang, Min-Soo Jung. “The research on How to Reduce the Number of EEPROM Writing to Improve Speed of Java Card”, ICESS 2005, pp 71-84. 20. Min-Sik Jin, Min-Soo Jung. “A Study on How to Reduce Time and Space by Redefining New Bytecode for Java Card, RTCSA 2005, pp 551-554.

Predictive Prefetching of Context-Aware Information in Mobile Networks In Seon Choi1 and Gi Hwan Cho2 1

Dept. of Computer Statistics & Info., Chonbuk National Univ., Korea [email protected] 2 Div. of Electro. and Info. Eng. (Center for LBS Technology) Chonbuk National Univ., Korea [email protected]

Abstract. This paper presents a mobility prediction method for context-aware service in mobile networks. It aims to reduce the latency time to get the refreshed information appropriated to the current location of mobile users. The proposed method is to effectively limit the prefetched information into the most next location context. It makes use of the mobile reference count and the residence time that stands for the mobile user’s visiting characteristics in any cell area. Then it also considers the information usability in order to further predict the prefetching candidates. In the numerical results, the proposed method is less latency time than that of the previous schemes to prefetch information matched to user’s current location.

1 Introduction Current trends in hardware and software development are making available powerful portable computing devices that communicate through wireless links with other mobile or fixed devices. At the same time, sensor technologies are going to be developed to allow these devices to keep track of their context (e.g., the Global Positioning System (GPS) for geographical position). As a consequence, there is an increasing interest in context-aware services, i.e. applications that modulate their behavior depending on the current context, where context usually means current time and location but it could also include a kind of available devices, the people surrounding the user, etc. For this kind of service, context changes may occur (e.g., user mobility) while an information request is still “active” (i.e., the user is still interested in the corresponding answer). Hence a context-aware information service must be able to provide a response appropriate to the user’s current context, and to refresh a previously provided response if the corresponding request is still active after a change of context that invalidates the old response. Technologies applied in existent network environment have a lot of restrictions to apply directly to wireless networks [1, 2]. Namely, a mobile information service requires quick context aware conversion in movement, so the mobile user must get new information when moved to new location. The low bandwidth, high latency, traffic, and frequent connection due to the inherent characteristics of mobile networks are remained the obstacles to mobile users. Therefore, it is required to find a solution by utilizing the existing bandwidth instead of increasing the bandwidth that would cause X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 919 – 927, 2006. © IFIP International Federation for Information Processing 2006

920

I.S. Choi and G.H. Cho

additional expense. To resolve this, the most prominent method is how to prefetch information which is reflecting the user’s current context. The basic idea is to prefetch a set of information in advance and use them to accommodate mobile user’s property. But a unsophisticated prefetching has the flaw that needs lots of memory and spends much computing time. So, to improve the performance of mobile information service, it is important to improve the prediction level of prefetching zone in order to give maximum effectiveness. In this paper we propose location prediction method for context-aware information in mobile networks, which reduces the latency time to get the refreshed information appropriated to the current location of mobile users. The proposed scheme is based on high visiting frequency and residence time about space and user’s data usability about information of the server. The rest of the paper is organized as follows. In Section 2, an overview of related work is presented. In Section 3, a data usability model is presented and a predictive prefetching scheme is formalized with the mobility model and accumulated information. Using a simulation, numerical results are shown in Section 4. Finally a conclusion is given in Section 5.

2 Related Work Jiang and Kleinrock [3] proposed an adaptive network prefetching scheme. This scheme predicts the files' future access probabilities based on the access history and the network condition. The scheme allows the prefetching of a file only if the access probability of the file is greater than a function of the system bandwidth, delay and retrieval time. Dar et al. [4] proposed to invalidate the set of data that is semantically furthest away from the current user context. This includes the current location, but also moving behaviors like speed, direction of the user. Ye et al. [5] makes use of predefined routes to detect the regions of interest for which data is required. In such a way, they have location information for the whole ongoing trip and do not have to compute the target areas while on the move. Cho [1] suggested a prefetching approach by considering the speed and moving direction of the mobile user. The speed provides about the velocity with which a user changes locations. Moreover, the size of the user's area is largely dependent on the speed. Whenever the user crosses the borders of the current zone, new prefetching zones is computed. Depending on the speed in the moment that the user leaves the scope of a zone, the new one considers more or less adjacent network cells. Choi [2] proposed prefetching scheme to append a time-based function to a frequency-based function. It makes use of the prefetching zone that reflects the user’s mobility speed and direction, and the reference count that stands for the user’s visiting frequency to given area. Then it considers the residence time, in order to further predict the prefetching candidates. But, if the number of prefetched information is full or the utilization rate of the prefetched information is low, wireless resource will be wasted such as bandwidth, etc. To avoid wasting resource, it is important that users prefetch the information with high frequency of use.

Predictive Prefetching of Context-Aware Information in Mobile Networks

921

This paper presents a progressively refined scheme, named in Data Usability Prefetching (DUP). The prefetching area is firstly limited with the locality of user’s mobility pattern. It then is further confined with the information’s usability behavior such as the information usability at a given cell area.

3 DUP Prefetching Scheme This scheme is based on three prefetching models: The first is the spatial locality, which considers visiting frequency for prefetching. The second is the temporal locality which counts how many times should be residence in an area. The last is the data usability, which counts the user’s interest of any data items. 3.1 Prefetching System Architecture Fig.1 shows the mobile information services system architecture. When a mobile user demands information, the context-aware information acquiring process is composed of step (1) ~ (7). The requested information links to a server from the mobile device through the base station. The server is transmitting data items stored in database to mobile user. Information about interest and popularity as well as user's information updates and is kept in database. With applying prefetching in this environment, VPA (Virtual Prefetching Area) and APA (Actual Prefetching Area) take part in step A. In this way, we do to get information which a user is going to need in advance.

Fig. 1. DUP Prefetching System Architecture

VPA is virtual prefetching area derived from velocity-based prefetching, which is applied to accumulated frequency [1]. We can get the APA of real prefetching area by applying information usability in VPA. Information usability indicates access frequency about each data item of the server. We use information usability to prefetch information that has high frequency of use. Thus, in case of user revisit the same place we should be considered data usability.

922

I.S. Choi and G.H. Cho

For prefetching a user’s move pattern is assumed in the following. First, a user visits a location in which the user interested repeatedly in mobile environment. Second, revisit rate would be high on the location many users visited. If the user visits a location frequently, not only interest but also popularity must be considered. The interest indicates individual tendency and the popularity shows general tendency about any information. 3.2 Spatial and Temporal Locality Based on Prefetching A frequency-based function [1, 2, 6] is utilized by applying the reference count with the spatial locality. The reference count stands for the visiting frequency of each cell area, which reflects to the user's moving pattern. The following notations are used in our description: Sarea : The velocity base prefetching, rc : Reference counts of cell, f : Frequency, Nvel : The number of total cell established by velocity, rcw : Critical weight of the reference count [0, 1] , i : Any cell number. To make an effective decision of prefetching area, a prefetching threshold can be defined based on the frequency function. It would be applied to reduce prefetching area, so, with space-based criteria. Space-based prefetching threshold value, PTs , is calculated as following. PT

s

§ 1 = ¨¨ © N vel

¦

i∈ S

area

· rc ( i ) ⋅ f ( i ) ¸¸ ⋅ rcw ¹

(1)

In addition to the frequency-based function, a time-based function can be utilized to minimize the number of prefetching area [2]. When observed user's moving pattern, free cell can be used only in path. However, in case of used temporal locality, information for needless free cell may not be prefetch. That is, if user was old retention time in an area, this means that there are a lot of need information in the area. We suppose for mean residence time Ti in free cell. Accordingly, the time function can be written as n

Ti =

¦ sum

j

j =1

(2)

rc

Where n is the reference count of arbitrary cell and sumj is the sum of the residence time whenever a mobile user visits. To make a prefetching area decision, we determine a prefetching threshold. The following notations are used in our description: Rarea : The reference based prefetching, T : Average residence time of any cell, Nref : The number of total cell established by reference, rw : Critical weight of the residence time [0, 1]. Temporal-based prefetching critical value PTt is as following. PT

t

§ 1 = ¨ ¨ N ref ©

· T ( i ) ⋅ f ( i ) ¸ ⋅ rw ¸ area ¹

¦

i∈ R

(3)

Predictive Prefetching of Context-Aware Information in Mobile Networks

923

3.3 Information Usability Based on Prefetching Generally, a user may want to be got faster interesting information than other information [7]. User's any information can be divided into high and low about interest and popularity. Also, a classification of private interest and general interest according to user's condition will be useful to form a service structure. User's information supposes that was accumulated to server like Fig. 3. Also, Fig. 2 shows separation of personal history and general history about any information. Personal history shows user's interest and general history displays user's popularity. We use this distinction by basis strategy of prefetching. We present the proportion used of information, which allows us to measure the worth of a data item when making a prefetch decision. The following notations are used in the presentation:

Fig. 2. Personal and general history of data items

The access probability of the data is used to identify the data to be prefetched. Intuitively, the ideal data item for prefetching should have a high access probability. Eq. (1) incorporates these factors to calculate the information usability of a certain cell A . N tot

(4)

A usability = ¦ ui i =1

In Eq. (1), the usability rate of the ith ( 1 ≤ i ≤ n indi ) data item is presented as follows. (5) ui = f ai / N tot ∗ 100 where Ntot is number of total data items accessed in the database,

nindi is number of

data items in the database, f ai is access frequency of data item i,

¦f

quency accumulated of data items,

a

is access fre-

ui is the usability rate of data item i; , ¦ u is the

usability rate accumulated of data items, f is the mean access frequency of data items. The information usability decides which data item should be prefetched based on the access probability. The proposed scheme prefetches the data items that have

924

I.S. Choi and G.H. Cho

higher u i based on the access probability. Therefore, information that is prefetched actually is data item with access frequency more than threshold. We prefetch information that data item's access frequency is more than average. Fig. 3 shows instance of information usability. Whole data item's number that is accessed in database is 52, and data item's number that belongs to database is 24. Frequency, accumulated frequency, information usability and accumulated information usability about data items shows in Fig. 3, and average frequency is 2.23.

Fig. 3. Example of information usability in the mobile server

The proposed scheme prefetches data items which have high usability based on the access probability. Accordingly, information that the specific person utilizes frequently in random cell is prefetched. If user is no wanted information in prefetched information, information that general person often utilizes prefetch. But, this paper considers personal history information only and general history information except. Fig. 4 shows the details of the acquiring process algorithm. While (x and y coordinate aren’t the end) obtain value from accumulated information; // Spatial and Temporal Locality Model S area =

ªV

x2

º

+ V y 2 ∗ ª( V x + V y ) / 2 º ;

Vx and Vy are mobile user's speed values. */ Rarea ← Select area with more than PTs (Eq. (2)) from Sarea ; Tarea ← Select area with more than PTt (Eq. (3)) from Rarea ; /* Tarea is the estimated time-based area. */ // Data Usability Model for ( i=0 ; i < nindi ; i++ ) determine actual prefetching information with more than PTd using Eq. (5); /* PTd : the DataUsability-based prefetching threshold value. */ End while Fig. 4. Acquiring process algorithm

Predictive Prefetching of Context-Aware Information in Mobile Networks

925

4 Performance Evaluation The DUP scheme is considered data usability. This is the improved prefetching method. In order to analyze its efficiency, the typical move scenario is presented. In the velocity-based mobility model, a user moves in a two-dimensional portion’s area with the constant speed and direction during any given unit time period. In this simulation, a mobile user is assumed to move around 25 by 25 portions. The user repeats process that move to position preserve of following destination 20 times according to given coordinate value beforehand. We establish virtual prefetching area with the different velocity in each move. A simulation has been done among the prefetching strategies with Velocity Prefetching (VP), Frequency Prefetching (FP), Spatial and Temporal(S&TP) and DUP (Data Usability Prefetching). The numerical result has been measured in two aspects; the amount of prefetched portion information, and the utilization rate of prefetched portion information. The simulator has been implemented using an event-based simulator CSIM [8]. A set of system parameters was given from the other works [6]: the bandwidth of wired line is assumed to very from 800 kbps to 1.2 Mbps, the bandwidth of wireless medium is a tenth of that of wired line, the time of move detection is assumed to take 100ms. The mobility reference count has been obtained by accumulating for 30 days in simulation time. 4.1 The Amount of Prefetched Portion Information With given the user mobility scenario, the number of prefetched portion information has been evaluated to show the communication and storage overhead of four prefetching strategies. Each simulation has been run based on the same system parameter, user move model and accumulated information of the server. Fig.5 shows the simulation result. It reports the total number of prefetched information, and the mean number of prefetched information. Proposed strategy DUP was shown improvement of performance about 0.5 when compared with S&TP.

Fig. 5. The number of prefetched portion information

926

I.S. Choi and G.H. Cho

4.2 The Utilization Rate of Prefetched Information Portion Now, it is meaningful to figure out the utilization rate. The utilization rate can be achieved with the number of prefetched information actually participated for the user’s location-aware service out of all the number of prefetched information. It just reflects the predictability degree for the given prefetching strategy. With the given user mobility model, the utilization rate with S&TP is much better than that with FP; the former shows that over 0.858 of prefetched portion information is utilized for real service, while the later figures around 0.730. With DUP, the rate is getting to 0.922. Fig.6 summarizes the results of this experiment.

Fig. 6. Utilization rate of the prefetched portion information

5 Conclusion The proposed scheme considers data usability based on information accumulated according to user mobility pattern. This has been achieved by defining the prefetching method with user’s visiting frequency and residence time, and further with the data usability based on how many the information has been accessed. In addition to making smarter prefetch decisions, the scheme is designed to be adaptive, adjusting the prefetch rate based on current location and situation of mobile users. Simulation results verified that the proposed scheme can reduce the number of prefetched portion information and improve utilization rate of the prefetched portion information compared to the previous methods.

References 1. G.H. Cho, "Using Predictive Prefetching to Improve Location Awareness of Mobile Information Service," Lecture Notes in Computer Science, Vol. 2331, pp. 1128-1136, 2002 2. I.S. Choi, H.G. Lee and G.H. Cho, "Enhancing of the Prefetching Prediction for ContextAware Mobile Information Services, " Lecture Notes in Computer Science, Vol. 3794, pp. 1081-1087, 2005 3. Z. Jiang and L. Kleinrock, "An Adaptive Network Prefetch Scheme," IEEE Journal on Selected Areas in Communications, Vol. 16, no 3, pp. 1-11, April 1998

Predictive Prefetching of Context-Aware Information in Mobile Networks

927

4. S. Dar et. al, "Semantic Data Caching and Replacement," Proc. Of VLDB, 2002, pp. 330-341 5. Q. Ren and M.H. Dunham, "Using Semantic Caching to Manage Location Dependent Data in Mobile Computing," Proc. of MobiCom'00, 2000, pp. 210-221 6. S.M. Park, D.Y. Kim and G.H. Cho, "Improving prediction level of prefetching for locationaware mobile information Service," Future Generation Computer Systems, 2004, pp. 197-203 7. E.Valavanis et.al, "MobiShare: Sharing Context-Dependent Data & Services from Mobile Sources," Proc. Of IEEE/WIC, 2003, pp.263-270 8. CSIM18 Simulation Engine, Mesquite Software Inc., 1997

Digital Ortho-image Production for Web GIS Applications Hong-Gyoo Sohn, Hyo-Keun Park, Choung-Hwan Park, and Joon Heo School of Civil and Env. Eng., Yonsei University, Seoul, Korea {sohn1, bear0514, c142520, heo}@yonsei.ac.kr

Abstract. This paper presents a true ortho-image generation scheme in urban areas for web GIS application such as urban management system. Proposed scheme includes the solution of conventional problems in normal ortho-image generation. Especially, our approach is focused on the automation and consistency of ortho-image in complex urban areas. For this purpose, we generated additionally plotted DSM (Digital Surface Model), which includes roads, highlevel roads, bridges, and tunnels, automatically detected occlusion pixels and restored occlusion areas using a self-developed algorithm, and performed mosaic process using road-based seamlines. Total 2,677 aerial color images were used to create the so called true ortho-image map for Seoul metropolitan city. It turned out that the proposed method could generate true ortho-image map for urban areas with high positional accuracy and good visual consistency. The generated ortho-image database is being successfully operated by Seoul Metropolitan Aerial Photography Management Systems on the web and urban management systems.

1 Introduction With recent technical advance in photogrammetry and GIS (Geospatial Information System), the digital ortho-image has become an integral part of geo-spatial data. This is because ortho-images not only have the coordinate system like a traditional map but also provide the visual information of ground object. Accordingly digital ortho-image is commonly used as a framework data in GIS [1]. For example, high-resolution satellite image and color aerial image have been extensively used to construct urban information systems [2]. In general, the ortho-image for GIS applications needs several complex photogrammetric processes. These include three essential processes: 1) Differential rectification; 2) Mosaicking; and 3) Image compression. Differential rectification involves relating the digital image to actual terrain coordinates and elevations (e.g., a Digital Elevation Model (DEM)) so as to correct for scale variation due to terrain relief and image displacement due to the angular offsets of aerial camera at the time of exposure [3]. Differential rectification is the essential process in ortho-image generation. It requires special algorithms to keep positional accuracy. Also, it often needs accurate DEM as well as Digital Surface Model (DSM) for target areas. Here we differentiate DEM and DSM. DEM means the elevation of terrain itself but DSM means terrain elevation including surface features such as buildings, bridge, and trees. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 928 – 935, 2006. © IFIP International Federation for Information Processing 2006

Digital Ortho-image Production for Web GIS Applications

929

Second, for large scale ortho-image compilation, it is often efficient and convenient to perform differential rectification on each image independently, and to put them together in the later step. This process is known as mosaicking. Detecting and placing seamlines in consecutive images is the important technique in mosaicking process [4]. Finally, for dealing with large volumes of image data sets most GIS applications require the image compression process on the generated ortho-images. The image compression is another critical step for the GIS systems operated via internet. For the past two decades most of studies have mainly focused on the processes of ortho-image generation [5]. In this paper, we presented an effective “true orthoimage” generation scheme for the urban management system on the web. Here “true” refers to differential rectification of input image including man-made surface features such as buildings and brides. In particular, we provided the solution for critical problems that occur in ortho-image generation for urban areas, which improves positional accuracy and visual consistency of true ortho-image. To test our scheme, 2,677 aerial images were used to construct ortho-image database for Seoul metropolitan city. The ortho-image database generated from this project is being used in “Seoul Aerial Photography Management Systems” on the web, whose purpose is to manage Seoul metropolitan city more efficiently (e.g., facility management and illegal building detection, etc).

2 True Ortho-image Solution Aerial imagery acquired by a perspective projection shows a situation projected through perspective center onto the image plane. As a result, some objects on the image placed at the same point but at different elevation will be projected to different positions in the aerial imagery. This phenomenon is called relief displacement. As an effect of these relief displacements, objects which are displaced at a high elevation also look relatively bigger in the image. Besides various geometric distortions by flight attitude exist on image. Therefore, a special process for generating image which has ortho-geometry such as a map is needed. It can be accomplished by digital differential rectification [6]. Ortho-rectification process means a process that tries to eliminate the perspective characteristics of image. The result image has an ortho projection where all rays are parallel and shows a situation where the perspective aspect of image has been removed. Therefore, ortho-rectified image has a consistent scale and can be used as a planimetric map. This makes it useable for combining with geo-spatial data in GIS or as part of 3-D visualization. 2.1 Inherent Problems in Digital Ortho-image Production of Urban Areas A conventional problem for ortho-image production is that it cannot deal with rapid change in elevation. In other words, tall and large objects will hide some objects behind them due to relief displacements caused by the perspective projection and flight attitude. A normal ortho-image is usually generated by DEM. However, DEM does not include special man-made objects such as building, road, and bridge. These objects in normal ortho-image are not usually considered in rectification process. Accidentally, a part of

930

H.-G. Sohn et al.

some objects that are in same elevation level with terrain can be rectified correctly. However, this effect deteriorates rather than helps the quality of ortho-image. Another unsolved problem in normal ortho-image is so-called “double mapping” phenomenon. If a building is rectified using DSM, the building will get rectified back to its original position. However, it will also leave a copy of the building on the terrain. This is a typical “double mapping” phenomenon. 2.2 Proposed Method for True Ortho-image Production One of the important issues in ortho-image production is the following question: what is the efficient method for true ortho-image production? In common terms the true ortho-image means that it tries to restore any obscured objects and to rectify all objects included in DSM correctly. A true ortho-image should be based on DSM which includes all visible objects in images. However, it is not easy task to create a perfect DSM. In general when processing true ortho-image, they are based on DSM which only include terrain, buildings, roads, and bridges. Figure 1 shows the proposed scheme for true ortho-image production including the detailed processes.

Fig. 1. The proposed scheme for true ortho-image production

Occlusion pixels detection and restoration processes are performed with the following procedure. First, the polygon for man-made objects is selected. Second, with all vertex points in object polygon, the angle for principal point on the aerial image is calculated. This angle information is used to calculate a relief displacement in later. Two points which have the maximum angle value among all vertex points are identified as a start point and an end point as shown in Figure 2. Third, relief displacements from a start vertex point to an end vertex point are calculated. Using calculated relief displacements, a new polygon for occlusion pixels can be generated on image.

Digital Ortho-image Production for Web GIS Applications

931

Fig. 2. Occlusion pixel detection and restoration

For occlusion pixel restoration process, radiometric equalization method is used. Correction model for color differences can be written as:

DN new = a × DN old + b

(1)

where, DNnew is a corrected pixel value, DNold is a original pixel value, a is a gain value, and b is a offset value. Finally, the feathering should be added on restored pixels.

3 Experiments and Results To test the proposed true ortho-image production scheme, total 2,677 color aerial images taken in 2002 were used. Test area covers entire Seoul metropolitan city of South Korea. Since the test area covers so large range, it is impossible to solve the aerial triangulation using only one block model. Accordingly, 10 block models were used to perform the aerial triangulation as shown in Figure 3(a). Basic DEM, which has 10cm ×10cm grid interval, for true ortho-image production was generated from 1:1,000 national digital maps. Total number of digital maps for basic DEM generation is 2,166. Figure 3(b) shows generated basic DEM in this study. As mentioned above, true ortho-image generation should be based on DSM, not DEM. In this study, digital plotted DSM including general roads, high-level roads, bridges, and tunnels was additionally generated. Figure 4 describe full DSM for Seoul metropolitan city and detailed plot data. In case of buildings, all buildings can not be considered because the number of buildings in Seoul metropolitan city is more than 700,000.

932

H.-G. Sohn et al.

Fig. 3. 10 block models for aerial triangulation (a) basic DEM for ortho-image production (b)

Fig. 4. Digital plotted DSM for Seoul metropolitan city

Using prepared DEM which has only terrain data and DSM which combine terrain data and digital plotted data, two ortho-rectified images were produced to evaluate the effect of true ortho-image. As shown in Figure 5, ortho-rectified image using only terrain data shows “bend down” phenomenon. However, ortho-rectified image using DSM shows corrected road image. This comparison certainly shows differences between normal ortho-image and true ortho-image. Ortho-rectified image using DSM can solve a part of the conventional problem in ortho-image production. Nevertheless, detection and restoration for occlusion areas, which are occurred by relief displacements and fight attitude, remain to be unsolved. In order to detect occlusion pixels, all rays from the DSM to the image during orthorectification process should be checked for visibility on image and recorded. This means that ortho-rectification and occlusion pixels detection should be performed simultaneously. For restoring occlusion pixels, image of these missing pixels are needed. It can be solved by using images of the same area acquired from different locations. In aerial images for photogrammetry, this problem is naturally solved since

Digital Ortho-image Production for Web GIS Applications

933

Fig. 5. Comparison between ortho-image production by DEM (a) and by DSM (b)

Fig. 6. Occlusion areas detection (a) and restoration (b)

aerial images are always acquired by a stereo form. Figure 6 shows occlusion pixels detection and restoration results. Black-marked pixels are occlusion areas. In this study, detection and restoration processes for occlusion pixels automatically performed through the self-developed algorithm [7]. When producing the large scale ortho-image, multiple ortho-images should be merged to form a mosaic of images. Neighboring images are usually arranged along seamlines which across along the special feature such as road in the overlapped areas. The exact route of seamlines can be determined automatically or manually. Generally, placing the seamlines along the roads often gives the best results. Figure 7(a) shows the example of ortho-image mosaic using road-based seamlines. Figure 7(b) shows color matching result in urban area after mosaic processing. Finally, full mosaic image is cutting by the standard size such as a 1:1,000 national digital map. The reason for this is that the size of ortho-image map is the key to a successful Web GIS application. For the smooth communication between database server and client, the file size should be small if possible. In addition, image compression in this study was performed by Enhanced Compressed Wavelet (ECW) format. It is reported that ECW format theoretically allows compression of image up to 50:1 with almost no visual loss of information [8].

934

H.-G. Sohn et al.

Fig. 7. Mosaic processing using road-based seamlines (a) matching result in urban area (b)

In order to evaluate the accuracy of true ortho-images generated by the proposed scheme, 7 test images are selected by considering distribution among entire orthoimages, and 20 ground check points for each image (total 140 check points) are prepared by the GPS surveying. All positional errors do not exceed 0.7m. This result confirms that true ortho-images in this study keep the expectation accuracy of 1m in 1:1,000 national digital maps [9]. Figure 8 shows entire mosaic ortho-image for Seoul metropolitan city.

Fig. 8. Entire mosaic ortho-image for Seoul metropolitan city

4 Conclusions This paper presented two main solutions regarding true ortho-image production for urban areas using aerial images: (1) Ortho-rectification technique using DSM included man-made objects (2) Occlusion area detection and restoration. We have demonstrated the proposed scheme using 2,677 aerial images containing complex artificial structures. Two following results proved that our approach was very reliable.

Digital Ortho-image Production for Web GIS Applications

935

First, true ortho-image generation using DSM can correct the bended linear structures such as roads and bridges in normal ortho-image. This is a serious problem that deteriorates the quality of ortho-image. Second, simultaneous processing technique for ortho-rectification and occlusion pixel detection can reduce the process time of orthoimage production. Especially, almost detected occlusion pixels can be automatically restored using the developed algorithm. For the accuracy of generated ortho-image for Seoul metropolitan city, we verify that positional errors do not exceed 0.7m and it keeps the standard of 1:1,000 national digital maps.

References 1. Framework Introduction and Guide (Handbook), http://www.fgdc.gov/framework/handbook [Accessed: 4th March 2006]. 2. Holm, M: An Integrated Approach for Ortho-Image Production, Photogrammetric Week ‘01’, (2001) 249-253. 3. Novak, K.: Rectification of Digital Imagery, Photogrammetric Engineering & Remote Sensing, 58(3), (1992) 339-344. 4. Kerschner, M.: Seamline Detection in Colour Ortho-Image Mosaicking by Use of Twin Snakes, ISPRS Journal of Photogrammetry and Remote Sensing, 56(1), (2001) 53-64. 5. Zhou, G., Schickler, W., Thorpe, A., Song, P., Chen, W., and Song, C.: True Ortho-Image Generation in Urban Areas with Very Tall Buildings, International Journal of Remote Sensing, 25, (2004) 5163-5180. 6. Kraus, K.: Photogrammetry Volume 1 Fundamentals and Standard Processes, Ferd. Dümmlers Verlag, (1993) 291-343. 7. Final Report on Color Ortho-Image Map Production Using Aerial Images, Seoul City Government, (2004). 8. ECW Product Information, http://www.es-geo.com/ecwinfo.htm [Accessed: 1st March 2006]. 9. Report on the Accuracy of National Digital Basemap, National Geographic Information Institute, (1998) 41-53.

Multimedia Contents Security by Wireless Authentication* Jung Jae Kim1, Kwang Hyoung Lee2, So Yeon Min3, and Jeong Gyu Jee4 1

Dept. of Computing, Soong-sil Univ., Korea [email protected] 2 Dept. of Internet Information, Seoil College Korea [email protected] 3 Dept. of Information & Telecom., Seoil College Korea [email protected] 4 Korea Research Foundation, Korea [email protected]

Abstract. This paper proposes more various key generation algorithms than conventional encryption method, and more secure encryption method that does not keep each symmetric key of key generation algorithm in server. After implementing proposed system, we verify the system using various sizes of video data. We get the fact that proposed system can reduce the delay time of encryption and decryption at the replay of video data.

1 Introduction The spread of Internet and interconnection make the context of digital resource distribution changeable and multimedia data such as music, picture, image, and publication need so much. Digital product can be recopied without damage so that we need Digital Rights Management (DRM) technology. External companies such as InterTrust and Microsoft, and internal company such as Digicap provide various DRM solutions [3]. However, conventional DRM solutions use private key method for encryption and this method practices encryption process when user downloads file. Accordingly, this process takes much time. Also, for decryption, all files must be decrypted first in the case of large scale product, so user cannot use file in real-time. There is another problem. If the key of encryption and decryption is exposed to other people, the security of writings may be not guaranteed farther. Proposed system proposes the solution that attacker cannot decrypt the entire writings although one symmetric key may be exposed because several symmetric keys are used, and the system encrypts not the whole but the part of movie to improve the speed of encryption and decryption. Also, we need much time to decrypt a large scale of data at the replay of movie so that proposed system uses the scheduling of *

This research was supported by Seoul Future Contents Convergence (SFCC) Cluster established by Seoul Industry-Academy-Research Cooperation Project.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 936 – 945, 2006. © IFIP International Federation for Information Processing 2006

Multimedia Contents Security by Wireless Authentication

937

compensational double buffer. Accordingly, proposed system can provide the decryption and replay service of movie to user in real-time. We implement the proposed system and verify the superiority in the respect of speed of encryption and decryption.

2 Related Work 2.1 Microsoft’s DRM System Microsoft’s DRM system is end to end DRM system that distributes securely digital media file to a work provider and consumer [9]. Core control unit is WMRM (Windows Media Rights Manager) and Rights Manager in WMRM delivers a media such as secure music and video into encrypted file on the Internet. Each server or client instances receive a pair of key through the process of individualization, and the instances, which may be cracked or not secure, may be revoked using CRL. CRL is distributed through the web site of Microsoft. The key is included in a license, and license and writings are distributed separately. However, the time to encrypt after encoding the entire file is very long at the encryption because Microsoft’s DRM system can only support its WMV and WMA file format. 2.2 I-Frame DRM System I-Frame DRM system keeps content ID (CID) and symmetric key value in a server database after selecting AES or SEED algorithm and encrypting I-Frame of movie Group of Picture (GOP) by a symmetric key [1]. When user plays an encrypted movie, sever encrypts the key used in encryption by user public key after achieving user authentication using user certificate. User can get the symmetric key value used in encryption using his private key, decrypt only movie I-Frame, and play the movie after keeping in a buffer with B, P frame. The I-Frame DRM system uses double buffer algorithm to replay the file before decrypting an entire movie. Because I-Frame DRM system encrypts only I-Frame among MPEG data, this system is a partial encryption system and the encryption and decryption speed of this method are faster than other system. Also, this system can support realtime service because this method replays a movie after decrypting one part. However, this system still spends much time to read all GOP headers because this system computes the size of I-Frame and decrypt it after reading all headers of GOP group to extract I-Frame. Also, because this system uses only one key, encrypted movie becomes insecure if the key is exposed and the delay time of replay to decrypt the first block occurs at the replay.

3 Proposed System Architecture Fig. 1 shows the proposed system that supports client/server structure. Server consists of agent module, encryption module, analysis module, and database. Client has a security agent that consists of decryption processor and contents player.

938

J.J. Kim et al.

Fig. 1. Proposed DRM system architecture

3.1 Server Encryption Module When CP (Content Provider) receives registered contents from agent module, the security agent of server performs the job that sends it to slice layer which is preprocessing step. Slice layer gets the running time and screen size of content from server, computes the size of image file, which is time interval value(10 seconds), and this time interval is regenerated and get the 50~95% of total size that next block can be decrypted at the same time. We assume that decryption duration may be 100%. Because the former block must be decrypted on the time of regeneration, we consider the usability rate of CPU and this process make it a part of maximum decryption measure. The More CPU is excellent, the more decryption rate increases and vice versa. While next image is played using above method, the system computes repeatedly the size of an image that image file can be decrypted. Then system divides image group into n pieces and saves it. Figure 2 shows slice layer group that is divided into 4 pieces such as G1, G2, G3, and G4. After slice layer activity, encryption needs. Encryption is applied to not G1 block but next G2 block. When user plays a movie, G1 block can be rightly operated because G1 block is not encrypted and G2 block may be decrypted at this time. Encryption is begun from the slice layer block of G2 and after random number from 5 to 15 is allocated to each slice layer of Gn, a movie may be divided according to this number. If random number is 7, system divides the block in same size and classifies the block with encrypted block and non-encrypted block. Encryption condition is that there is no consecutive non-encrypted block and the rate of encryption block is over 50%. The block of slice layer to encrypt is connected to “1” and block not to encrypt did to “0”. The slice layer header of G2 consists of random number (n), block number and block to be encrypted (0101011), and detailed block starting byte (Sb). SH (Slice Header) cannot be opened after re-encryption using CID. Block connected to “1” among part slice layers is encrypted and encryption key is generated like theorem 1.

Multimedia Contents Security by Wireless Authentication

939

Fig. 2. Proposed movie slice layer

KEY = H(CID || Sb || n || EB) (Theorem.1) Fig.3 shows that slice layer gets the hash value with header information (SH) and CID, and encrypts this value with slice layer part only connected to “1” using theorem 1 and symmetric encryption method.

Fig. 3. Encrypted slice layer

Hash function (H) is 128 bit MD5 and encryption method is AES. After encrypting mapping block with “1” generated from each slice layer random number, we combine all blocks of slice layer like Fig. 4.

Fig. 4. Container and container header elements for an entire movie

We called encrypted slice layer as container, and Container Header (CH) consists of License Acquisition URL (LAU) and foreign content ID and user can get this contains on web site. LAU contains URL for license and when user plays encrypted content, user verifies the license in LAU using the foreign content ID of content. LAU is to transfer to web page that user can receive license when license do not exist, and container header is not encrypted.

Fig. 5. Whole movie and main header

940

J.J. Kim et al.

Client needs to know the byte length of each slice layer to decrypt an image after getting license from LAU, so client must construct Main Header (MH) separately. Fig.5 shows that MH is a file to store the hash value of client DID and record the first byte from G1 to Gn. 3.2 Design of User Authentication and CID Transmission Method User authentication and control system issue the value of authentication related to instruction to content user.

Fig. 6. Key transmission method

To block information disclosure and verify the user, server provides user authentication number (1) via wireless network after verifying the user, and user inputs the authentication number as a key value (2) and asks the decryption key via wired network (3). After verifying the user authentication number, agent generates decryption key with OTP (One Time Password) and transmits the key to user using secure algorithm. The generated key is divided into 2 keys (CID_Keys_1, CID_Keys_2) using key partition algorithm, CID_Key_1 is hashed by session increase and user authentication value using an agent and the key is transmitted to user (4). User system hashes user authentication number and CID_Keys_1 with random value and transmits them to server (5). Server recognizes the receipt of CID_Keys_1, hashes partition key CID_Key_2 with user authentication number and random value, and transmits it to user (6). For secure key transmission, this paper proposes key transmission protocol as Fig.6. Ka as CID_Keys_1 and Kb as CID_Keys_2 are respectively provided. (1) User authentication number (1023) is generated by server and transmitted securely to user via mobile service of SSL channel. User can request decryption key with an authentication number provided by server. If new user requests decryption key with an authentication number, server generates the key using key partition algorithm and securely transmits it to user using CID key transmission protocol. Proposed system distinguishes the existing user from new user. The existing user needs not to request duplicate key, because server can verify the session value i that user keeps. i is session value and i is the increase value of session. Also, we define previous session as i* and present session as i. Accordingly, the existing user can verify the increase value of session and use old key. However, because new user does not have the increase value of session, he must receive a key. Fig.7 shows these processes.

Multimedia Contents Security by Wireless Authentication

941

Fig. 7. CID Key transmission protocol

3.3 Client Security Agent The encryption agent of client must be installed for the decryption of encrypted content, when client user logs on server first time and the agent is downloaded from server. After client that downloads image container practices the container and transmits the hash value of client DID after verifying the license through LAU of CH to server, the agent of server sends the hash value of DID that is included in MH of container and encrypted by user public key to client. The agent of client decrypts the main header file of content based on user certificate. When user asks system to replay a movie, new user gets a license and decrypts movie using license. User receives a decryption key for user authentication and decryption phase when he gets a key. User requests MH of digital content with content ID, and transmits hashed DID value of user and main header with user public key. Next, user decrypts main header with his private key and checks whether the hash value of main header is identical to the hash value of user computer or not. If the verification phase is successful, user can replay a movie. MH (Main Header) is encrypted (Epu(MH)) with user public key PU, and is decrypted with user private key. System compares MH decrypted by user private key with DID value of client. If the value of DID is not valid, system stops decryption process and receives new MH. When user gets both MH and CID, user can get the size of G1~Gn in MH, divide the combined container into slice layer, decrypt slice header file (SH) with CID, and generate the key of each slice layer piece with SH. User can decrypt the encrypted block through these decryption processes. Proposed system can play rightly content without the playing delay if system can decrypt the content header contemporarily at the playing time. The security agent of client extracts slice layer of encrypted image for the decryption, decrypts it with secret key, stores alternately it in buffer A and B, and plays it. Because first slice layer G1 may be not encrypted to acquire initial playing time, user can play G1 rightly and the decryption process of slice layer G2 is achieved contemporarily when user plays G1. In the same manner, the decryption process of slice layer G3 is achieved when G2 is played. System computes the delayed frame during the playing time of all images so that system decides initial buffer size and plays an image. Fig. 8 shows that proposed system uses compensational double buffer system, which consists of two buffers.

942

J.J. Kim et al.

Fig. 8. Compensational double buffer system for replaying a movie

In early stage, system stores slice layer of G1 (Time interval is about 10 seconds) in buffer A to regenerate without a hitch, and decrypts the data of slice layer G2 and keeps in buffer B. When regeneration is over in buffer A, agent transfers this to buffer B to operate the data of buffer B. When data is transferred from buffer A to buffer B, the breaking phenomenon of screen may occur because the first frame of G2, G3, and G4, which is divided by random number, is incomplete. So, we need to attach the last frame value of G1, G2, and G3 to buffer B and make this frame complete.

4 Performance Analysis 4.1 Encryption / Decryption Analysis Table 1 shows an encryption method, the possibility of key exposition, and movie encryption and file application as an encryption analysis. We use symmetric key as an encryption method. Table 1. Encryption method analysis

Section Encryption method Key exposition possibility Movie encryption

Conventional DRM system Singular symmetric key High

Proposed DRM system Plural symmetric key Low

Entire or section of file

File section

This method can reduce more time to download than method to encrypt content at the download because encrypting content when it is packaged. Also, one user can forward content to another user because proposed system encrypts same content by same symmetric key. Content receiver also super-distribute the content to the third and the third can use the content after getting new license from server. Accordingly, proposed system supports the content redistribution. However if DRM system encrypts content in advance, one content is encrypted by one symmetric key. Accordingly, if user exposes his symmetric key, the content become insecure, we cannot know who exposes the key, and we cannot track an expose. Also, conventional DRM system spends much time to encrypt a large scale movie because encrypting an entire movie.

Multimedia Contents Security by Wireless Authentication

943

Proposed system not uses singular symmetric key but plural symmetric keys analogized by decryption agent so that the risk that user exposes his key voluntarily is very low. Although user may expose one key, others cannot know other keys and decrypt the entire movie. Also, only encrypts the smaller amount data of movie because encrypting a part of movie. Accordingly, proposed system can be applied to a large scale movie. 4.2 Decryption Analysis When user plays a movie, agent verifies the license and validity of movie after accessing a server. If user is valid, agent decrypts and plays a movie. All methods of (A), (B), and (C) are same because decryption processes are achieved. However, because conventional general DRM system (A) plays a movie after decrypting completely it, user must wait to finish the decryption process. So, conventional DRM system cannot support real-time service because a system must spend much time to decrypt a large scale movie. I-Frame DRM system (B) uses double buffer algorithm but a system cannot immediately play a movie because all frames of movie are encrypted. Proposed DRM system (C) does not need the delay time to play a movie, so this system can support real-time service. 4.3 Performance Comparison This paper compares proposed DRM system with Microsoft’s DRM system and IFrame DRM system for performance analysis. We use movie data that includes 18 different file sizes as data sample. We use Version 1 Key ID in Microsoft’s DRM system and AES encryption method that key length is modified from 128 to 256 bits in I-Frame DRM system. MD5 hash algorithm of this paper uses 128 bits key length. Conventional system uses I-Frame as an encryption method but proposed system is unrelated with I-Frame. Proposed system is faster 1.56 times than I-Frame DRM system in respect of running time analysis to encrypt content. Microsoft’s DRM system encrypts content after encoding a movie into WMV file format at the encryption. So, we exclude Microsoft’s DRM system from running time analysis to encrypt movie.

Fig. 9. Decryption method of conventional and proposed system

944

J.J. Kim et al.

Fig. 10. Comparison graph of encryption/decryption running time

The system that encrypts only I-Frame encrypts not an entire movie but only IFrame of movie. So, these systems is partial encryption method. However, these system spends more time than proposed system because it reads all headers of GOP group and computes the size of I-Frame to extract I-Frame. Proposed system is faster 1.61 times than conventional I-Frame DRM system. Microsoft’s DRM system spends most much time to encrypt movie because this system encrypts an entire movie. Decryption running time of I-Frame DRM system is slower than proposed system because this system can get I-Frame after reading all headers of GOP group like an encryption method. Also, supports all movie format, and the running time to encrypt and decrypt is faster than conventional system because proposed system does not encrypt an entire movie.

5 Conclusion This paper proposed symmetric key encryption system for multimedia data protection using plural random symmetric keys. Proposed system provides method that sever security module uses several private keys to prevent the illegal user from catching a private key and encrypts it partially so that system can stop the decryption of whole work in advance although the one of these keys may be exposed and attacker cannot play it. As security agent of client needs to spend much time to decrypt a large scale movie, this paper provides compensational buffer control method to play smoothly a movie using streaming method and proposed system performs efficient buffer scheduling. Accordingly, user can decrypt and play a movie in real time, and proposed system can check the breaking phenomenon of screen to play a movie at the buffer scheduling. We can reduce the average 15% of replay delay time that includes decryption time when client replays a large scale movie.

References 1. J. Kim, J. Park, and M. Jun, “DRM system based on public key pool for the security of movie data,” Korea Information Processing Society paper, Vol. 12-C, NO. 02, pp 01830190, April, 2005. 2. Brad Cox, Superdistribution : Objects As Property on the Electronic Frontier, AddisionWesley, May 1996.

Multimedia Contents Security by Wireless Authentication

945

3. Sung, J Park, “Copyrights Protection Techniques,” Proceedings International Digital Content Conference, Seoul Korea, Nov. 28-29, 2000. 4. V.K Gupta, “Technological Measures of Protection,” Proceedings of International Conference on WIPO, Seoul Korea, October 25-27, 2000. 5. Whitfield Diffie and Martin Hellman, “New Directions in Cryptography,” IEEE Transaction on Information Theory, Vol. IT-22, NO.6, pp.644-654, November 1976. 6. Intertrust : http://www.intertrust.com/main/overview/drm.html 7. Joshua Duhl and Susan Kevorkian, “Understanding DRM system: An IDC White paper,” IDC, 200. 8. Joshua Duhl, “Digital Rights Management: A Definition,” IDC 2001. 9. Microsoft: http://www.microsoft.com/windows/windowsmedia/drm.asp

Traffic Actuated Car Navigation Systems in Mobile Communication Networks Seungjae Lee1, Chungwon Lee2, Taehee Kim3, and Jeong Hyun Kim4 1

Dept. of Transportation Eng., The University of Seoul, Korea [email protected] 2 Dept. of Transportation Eng., The University of Seoul, Korea [email protected] 3 POSCO E&C, Seoul, Korea [email protected] 4 Associate Research Fellow, Land & Urban Institute, Kyunggi, Korea [email protected]

Abstract. This paper propose to see how the center based car navigation systems are practical in terms of using real time traffic information and guiding the way with different media of both of the Turn by Turn and the digital map service. The systems have been applied to all the road networks in Korea but the traffic actuated car navigation systems are mainly applicable to the road networks in the Seoul, which has 40 km diameter, including satellite cities. As a result of this, the actual driving tests are conducted in that area. The tests are analyzed using two aspects. The first aspect is that the quality of the information using the car navigation systems can be acceptable to the customers in around 80 percentage of a statistical level. The other is if the user- friendly interface is relatively helpful to the customers while they are driving a car. The result shows that the route displayed on the TFT LCD helps the drivers to understand which way they have to take.

1 Introduction Advanced Traveler Information Systems (ATIS) in ITS leads to the development of more realistic shortest path finding algorithms (Kaufman and Smith, 1993). The time based shortest path finding algorithm is one of the core parts of the ATIS in the forms of the Route Guidance Systems and the Variable Message Sign Systems. These information provision systems should have a powerful shortest path finding algorithm based on accurate and realistic traffic information. Until now, the on board car navigation systems, which provide shortest path information from origins to destinations without real time traffic information, have been mainly developed and used in Korea. However, recently the center based traffic actuated car navigation systems have been firstly introduced by SK Corporation in Korea. The center based traffic actuated car navigation systems calculate the shortest path using both travel time in real time and the existing historical data, and the calculated route is delivered to the customers’ onboard device through mobile communication networks. There are two kinds of X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 946 – 952, 2006. © IFIP International Federation for Information Processing 2006

Traffic Actuated Car Navigation Systems in Mobile Communication Networks

947

services. The first kind is the TBT service that guides the way as a “Turn by Turn” by arrow signs. The second kind is the digital map service that shows the route on the digital map in the 7 inches TFT-LCD display. Two services guide the driver the shortest path information by voice such as turning right in the intersection in 500 meter ahead while the driver is reaching to his or her destination. This paper introduces the development of the actuated car navigation systems, and to analyze the reliability of the information using actual driving tests. The systems have been applied to all the road networks in Korea but the traffic actuated car navigation systems are mainly applicable to the road networks in the Seoul, which has 40 km perimeter, including satellite cities. As a result of this, the actual driving tests are conducted in that area. In Section 2, the ways of collecting real time travel time data are briefly introduced. In Section 3, the result analysis in the precision of the traversal time using driving is presented. In Section 4, discussion and further development issues are discussed.

2 Traffic Actuated Car Navigation System Travel time data on links are collected using detectors, CCTV and probe cars. The raw data are collected in five minutes interval in average and sent to the traffic information center, and then these data are processed to give travel times on links in order to calculate the shortest path from origins and destinations in five minutes interval. On the other hand, travel times on some links, which cannot obtain travel time in real time, have been calculated using the existing historical data and road characteristics. The A* algorithm, in which the Dijkstra algorithm with priority queue data structure has been used to calculate the shortest path with or without real time travel time on links shown in figure 1, has been used in order to reduce the covering area of the shortest path measured by the air distance as shown in Fig. 2. These lead to reduce computing times so as to deliver the information as fast as possible.

Fig. 1. Dijkstra algorithm with priority queue data structure

948

S. Lee et al.

Fig. 2. Covering area of the shortest path measured by the air distance

Fig. 3. Information Delivering Process

The car navigation systems developed in the SK collect data from various sources such as detectors, GPS equipped probe cars in some buses and taxis, and then travel times on links are calculated in the center of the car navigation systems. The Fig. 3 shows the information delivering process that after calculating the actuated shortest

Traffic Actuated Car Navigation Systems in Mobile Communication Networks

Fig. 4. Information by On-Board car navigation system

949

Fig. 5. Information by Web homepage

Fig. 6. Information by mobile phone

path from some origins and some destinations, the information is delivered to drivers either via the on board the car navigation systems directly as shown in Fig. 4 or the homepage in Fig. 5, or even to the mobile phone in Fig. 6.

3 Evaluation of the Quality of Driver’s Information In order to test the quality of the driver’s information, the real driving tests have been conducted. The tests are categorized by the standard service and the VIP service. The

950

S. Lee et al.

standard service is to provide the information based on the actuated real time travel times on links via mobile phones. The VIP service is to provide the information based on either the static travel times or actuated real time travel times on links via the onboard car navigation systems. The various 30 origins and destinations across the test area have been selected in order to test the reliability of the information. The method of the test is the real driving races that the three cars using the standard service and the VIP services with and without actuated travel times start at the same time from origins, and then check the arrival orders to destinations. The orders of arrivals from 30 origins to destinations using the three information providing ways have been analyzed in terms of peak and non-peak hours. The deviations between the information and the real traversal times have been analyzed in order to see the reliability of the information. As a result of the real driving races, the VIP service with the actuated travel times leads to the 16 times faster in reaching to destinations, the VIP service without the actuated travel times has 8 wins and the standard service won 6 times among 30 tests as shown in Table 1. Table 1. Result of the Real Driving Races

Standard Service

VIP Service

Total

Traffic Actuated

Traffic Actuated

Static Travel Time

Peak

2

7

1

10

Non-peak

4

9

7

20

Total

6

16

8

30

In the VIP Services, traffic actuated service in non-peak hours is slightly better than the other service but, in peak hours, the traffic actuated VIP service has dominant results by comparison with the other service as shown in Table 2. It shows that traffic actuated service definitely helpful to those who are driving in the congested road network. In the aspects of the user interface, the standard service in peak hours has two wins by comparison with one win of the VIP service without real time traffic information since the traffic conditions in non-peak hours are stabilized. The VIP service without the actuated travel times has been compared favorably with the standard service since the VIP service delivers much more perceivable information with the visible digital map as well as the voice than the standard service with voice information only. Table 2. Result Analysis in the VIP Service

VIP Service Traffic Actuated

Static Travel Time

Peak

7

1

Non-peak

9

7

Total

16

8

Traffic Actuated Car Navigation Systems in Mobile Communication Networks

951

Table 3. Comparison of the Standard and VIP Services

Standard Service

VIP Service

Traffic Actuated

Static Travel Time

Peak

2

1

Non-peak

4

7

Total

6

8

4 Conclusions The actuated traffic car navigation systems have been developed, and tested using real driving tests in the Greater Seoul Area of Korea. The traffic actuated car navigation systems calculate the shortest path using both travel time in real time and the existing historical data. The traffic data from detectors, CCTV and probe cars have been collected in real time whilst travel times on some links, which cannot obtain travel time in real time, have been calculated using the existing historical data and road characteristics. And then the car navigation systems guide the shortest path information from driver’s starting point to destination by voice via mobile communication systems. In order to save mobile communication costs, after the mobile communication systems are connected to send traveler’s information to the on board device, and then the systems are disconnected but the on board device retrieves the information on driving. The car navigation systems recognize the location of the car using the GPS in real time. The quality of information in terms of the precision of the traversal time and the reasonableness of the informed path have been tested in the real driving tests. The analysis of the tests shows a couple of results. The first result is that the quality of the information using the car navigation systems can be acceptable to the customers in around 80 percentage of a statistical level. The VIP service, even the standard service, with the actuated travel times in peak hours have compared favorably with the VIP services without real time traffic information whilst all kinds of the services including the standard service in non-peak ho urs compete almost equally since the traffic conditions in non-peak hours are stabilized. The second result is that the user-friendly interface is more helpful for the customers to drive a car. The route displayed on the TFT LCD helps the drivers to understand which way they have to take. The VIP service without real time traffic information in non-peak hours has slightly more favorable results by comparison with those of the standard service As further studies, the car navigation systems should improve the reliability in terms of the reasonableness of the informed path and the precision of the informed travel time. Multiple shortest path information should be provided in order to improve the reasonableness of the informed path. It is because if the systems provide multipath information, drivers are able to recognize the reasonableness of the information by comparing among the informed paths. In order to improve the precision of the travel time in the car navigation systems, short-term travel time prediction techniques such as the Kalman filtering technique, a Neural Network Model and a Stochastic Process Technique should be developed.

952

S. Lee et al.

References 1. Caldwell, T., "On Finding Minimum Routes in a Network with Turn Penalties", Communications of the ACM, Vol.4, pp.107-108, 1961. 2. Chen. Y. L. and K. Tang, "Shortest Paths in Time-Schedule Networks", International Journal of Operations and Quantitative Management, Vol.3, pp.157-173, 1997. 3. Chen. Y. L. and K. Tang, "Minimum Time Paths in a Network with Mixed Time Constraints", Computers and Operations Research, Vol.25, pp.793-805, 1998. 4. Desrochers, M. and F. Soumis, "A Reoptimization Algorithm for the Shortest Path Problem with Time Windows", European Journal of Operational Research, Vol.35, pp.242-254, 1988. 5. Dijkstra, E. W., "A Note on Two Problems in Connection with Graphs", Numerische Mathematik, Vol.1, pp.269-271, 1959. 6. Kaufman D. E. and R. L.Smith, "Faster Paths in Time-Dependent Networks for IVHS Applications", IVHS Journal, Vol.1, pp.1-11, 1993. 7. Lawler, E. L., A Procedure for Computing the K Best Solutions to Discrete Optimization Problems and its Application to the Shortest Path Problem, Management Science 18, 401-405, 1972. 8. Michalewicz, Z., Genetic Algorithm+Data Structure=Evolution Programs, SpringerVerlag, 1994. 9. Sheffi, Y., "Urban Transportation Networks", Prentice-Hall, 1985. 10. Thomas, R., Traffic Assignment Techniques, Avebury Technical, 1991.

Analytic Model of the Collision Resolution Protocol with Voice/Data in Mobile Networks Dong Chun Lee Dept. of Computer Science, Howon Univ. Korea [email protected]

Abstract. We propose analytic model of the delay of the Slotted ALOHA protocol with Binary Exponential Backoff (BEB) as a collision resolution algorithm in mobile multimedia networks. We verify the proposed analytic model using the computer simulation. In numerical results, our proposed method show correct analytic model and has better performance results than previous methods in mobile multimedia networks.

1 Introduction In Slotted ALOHA system, each frame is divided into small slots and each Mobile Terminal (MT) contends for the slot to transmit its packets at the beginning of each frame. If two more than MTs contend for the same slot, then a collision occurs and none of them can transmit their packets. The colliding packets are queued and retry after a random delay. The way to resolve the collision is called the collision resolution protocol. One of the widely used collision resolution protocol is the BEB algorithm, forms of which are included in W- LAN standards: Whenever a node's call is involved in a collision, it selects one of the next 2n frames with equal probabilities, where n is the number of collisions that the call has ever experienced, and attempts the retransmission. Delay distributions of slotted ALOHA and CSMA are derived in Yang and Yum [2] under three retransmission policies. They found the conditions for achieving finite delay mean and variance under the BEB. Their assumption, however, that the combination of new and retransmitted packet arrivals is a Poisson process is not valid because the stream of the retransmitted packets depends on the arrivals of new packets. This dependency makes the Poisson assumption invalid. Chatzimisios and Boucouvalas [4] presented an analytic model to compute the throughput of the IEEE 802.11 protocol for wireless LAN and examined the behavior of the Exponential Backoff (EB) algorithm used in 802.11. They assumed that the collision probability of a transmitted frame is independent of the number of retransmissions. As we will show later in this paper, however, this probability is a function of the number of competing stations and also depends upon the number of retransmissions that this station has ever experienced. Kwak et al. [4] gave new analytical results for the performance of the EB algorithm. Especially, they derived the analytical expression for the saturation throughput and expected access delay of a packet for a given number of nodes. Their EB model, however, is assumed that the packet can retransmit infinitely many times. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 953 – 961, 2006. © IFIP International Federation for Information Processing 2006

954

D.C. Lee

Stability is another issue on BEB algorithm and there are many methods dealing with this. As pointed in Kwak et al. [4], however, these studies show contradictory results because some of them do not represent the real system and they adopt different definitions of stability used in the analyses. The dispute is still going on so we do not focus on this topic but on the analytic model to analyze the performance of the BEB algorithm. In this paper we propose a new analytical model to find the performance measures to evaluate the system which adopts BEB algorithm, including the throughput, expected medium access delay and transmission delay.

2 System Model Fig. 1 shows the procedure considered the access delay and transmission delay in any cell.

Fig. 1. Transmission procedure

New calls arrive from infinite number of MTs forming a Poisson process with rate λ to the system. The time is divided into slots which are grouped into frames of fixed size. A frame is divided into two groups of multiple slots, request slots for reservation of channel and transmission slots for transmission of the actual information. The numbers of request slots and transmission slots in a frame are V and T, respectively. The types of calls are divided into real time call traffic such as voices, and non-real time call traffic like data. Newly arrived call is assumed to be real time calls and nonreal time calls with probabilities α and β , respectively ( α + β =1 ). For notational simplicity, we use the terms voice call or call for real-time and data call or call for non-real time. Let the numbers of packets in a voice call and a data call are geometrically distributed with means 1/ ε and 1/ δ , respectively. It is essential that a priority is given to the voice traffic, but an effort is made to accommodate data traffic, whenever possible. When a call arrives at the cell, it waits until the beginning of the next frame

Analytic Model of the Collision Resolution Protocol

955

and randomly accesses one of the request slots to reserve a channel for transmission. If the call succeeds in the reservation, then a channel is allocated in any cell. If, however, two or more call contend for the same request slot, then a collision occurs and none of the calls can reserve the request slot. The call which fails to get a request slot retries under the BEB algorithm: whenever a call is involved in a collision and if it was the bth ( b=0,1,,15 ) collision, then it selects one of the next 2i frames with probability 1/2i and attempts the reservation again, where i=min (b,10). If a call collides 16 times, then it fails to transmit and is dropped. Those calls reserved slots then enter the queues and transmit their packets according to the proper scheduling method.

3 Analytic Model We obtain the SSD of the number of calls at the beginning of the frame. Let An be the number of new calls arrived during the nth frame and Nn be the total number of calls waiting in the system at the beginning of the nth frame. Also, denote Jn by the number of calls which successfully reserve a request slot at the nth frame. Then it can be shown that °­ N − J + A , N n+1 = ® n n n °¯ An ,

N n ≥1,

(1)

N n =0,

and { N n ,n≥1} is a Markov chain. Let us denote a j , j = 0,1, 2,  by the Steady State Distribution (SSD) of An , where a j =Pr( An = j ) =e − λd (λ d ) j / j !,

j = 0,1,2,. Let us intro-

duce a random variable Yn that is the number of calls which actually participate in the contention

at

nth

the

(

frame.

Then

for

(

J ( y ,k ) = lim Pr J n = k Yn = y n→∞

)

)

and

Y ( i , y ) = lim Pr Yn = y N n =i , from [5], n=∞

J ( y ,k ) =

( −1) V ! y ! min(V , y ) ¦

y

V k!

m=k

( −1)

(V −m ) m k − ( )!(V −m )!( y −m )! y −m

k

m

(2)

for 0≤ k ≤ min (V , y ) and §i· y i− y Y ( i , y ) = ¨¨ ¸¸ r (1− r ) , y © ¹

y =0,1,,i ,

(3)

where r is the probability that an arbitrary call participates in the contention. We derive this probability by conditioning the number of collisions that an arbitrary message waiting in the system has experienced as following: § 1−(γ c 2 ) r = ¨¨ © 1−(γ c 2 )

11

5 · 1−γ c 10 γ c (1−γ c ) ¸ γ 2 , + ( ) 16 16 c ¸ 1−γ c 1−γ c ¹

(4)

956

D.C. Lee

where γ c is the probability that an arbitrarily chosen (tagged) call experiences a collision when it contends for a request slot, which will be derived in the next subsection. Now we can calculate the one-step transition probability pij = Pr ( N n+1 = j N n =i ) as given below: pij =

for i≥1 and

min( i ,V )

i

¦

k =max( 0 ,i − j )

p0 j = a j . The

a j −i +k ¦ J ( y ,k )Y ( i , y ),

(5)

y =0

Steady State Probability Distribution (SSPD)

π j ≡ Pr ( N = j )= lim Pr ( N n = j ) of the number of messages in system at the beginning of n→ ∞

the frame can be obtained by solving the steady state equations



π i = ¦ π i pij and i=0



¦ π i =1.

i=0

Now, we derive the collision probability, γ c , that a tagged message experiences a collision given that it actually participates in the contention for a request slot in this subsection. This probability has not been found in an analytic form in the previous studies and we calculate it for the first time in this paper. Let M be the number of calls in the system at the beginning of the frame in which the tagged call is included. It is known that M is differently distributed from N because it contains the tagged call [6]. The Probability Distribution (PD) of M is given by Pr ( M = m ) =

mπ m , E( N )



where E ( N )= ¦ jπ j .

(6)

j =0

When y messages including the tagged call participate in the contention, the proby −1 · § 1 · § 1 · ¸¨ ¸ ¨ 1− ¸ i =1 © i ¹© V ¹ © V ¹ i

ability that the tagged call collides is ¦ ¨§ y −1

y −1− i

. Therefore, we have the

following: § y −1·§ 1 · § 1 · ¸¨ ¸ ¨1− ¸ m =2 y =2 i =1 © i ¹© V ¹ © V ¹ ∞

m y −1

γc = ¦ ¦ ¦¨

i

y −1−i

⋅ Y ( m, y ) ⋅ Pr ( M =m )

m −1 ∞ ­ 1 m½ ° V § r· = ¦ ®1− 1− ¸ + (1−r ) °¾ ⋅ mπ m ¨ m=2 − − V V V 1 1 © ¹ ¯° ¿°

(7)



/¦ jπ j . j =0

Note that the probability that a call is eventually blocked is γ c . In order to obtain γ c 16

in Eq. (7), we need π j but in turn γ c should be given to obtain π j . So we perform a recursive computation, i.e., we initially set γ c to be an arbitrary value between 0 and 1 and compute π j , j = 0,1, 2,  . Then with this π j , we update γ c using the Eq. (8) and this updated γ c is utilized to update π j again. This recursive computation continues until both values converge.

Analytic Model of the Collision Resolution Protocol

957

4 Expected Access Delay Now we derive the expected medium access delay of a call which is defined as the time from the moment that a call arrives at the system to the moment that it successfully reserves a request slot. It can be obtained by counting the number of frames from which a newly arrived call contends for a slot for the first time until it successfully reserves a slot. If a call reserves in the first trial with no collision (i.e., b=0 ), then it experiences, on average, 3/2 frame length's delay, which is the sum of 1/2 frame length (average length from the call's arrival epoch to the beginning of the next frame) and 1 frame length. Suppose a call collides exactly b times then it selects one of 2n states with equal probability and thus the average number of frames it has spent b in the system is 1 + b¦−1 2 i + 1b ¦2 j . In the same manner, if 11 ≤ b ≤ 15 , the average delay 2

is

2

i=0

1 10 i 10 + ¦ 2 + ( b −11 ) ⋅ 2 2 i= 0

+

j=0

1 210 ¦ j 210 j = 0

. We obtain the expected access delay, E ( DAccess ) , in

frames, as the following: 15

E ( DAccess ) = ¦ E ( DAccess b collisions ) Pr ( b collisions ) = b =0

1 1−γ c + × 2 1−γ c16

§1+ 2.5γ c +5.5γ c 2 +11.5γ c3 + 23.5γ c 4 + 47.5γ c5 +95.5γ c 6 +191.5γ c 7 +383.5γ c8 + 767.5γ c9 · ¨ ¸. ¨ ¸ +1535.5γ c10 + 2559.5γ c11 +3583.5γ c12 + 4607.5γ c13 +5631.5γ c14 +6655.5γ c15 © ¹

(8)

The PD of the number, Z , of calls which reserve request slots successfully in a frame can be obtained by conditioning Y and N as following: ∞

Pr ( Z = x ) = ¦ ¦ J ( y , x )Y ( n , y )π n . n

(9)

n =0 y =0

The expected number E ( Z ) is given by n−1

∞ n ∞ § r· E ( Z ) = ¦ ¦ E ( Z Y = y , N =n ) Pr(Y = y N = n )π n = ¦ nr ¨1− ¸ π n , n =0 y =0 n =0 © V¹

(10)

where the second equality comes from the Eq. [6].

5 Transmission Delay of Voice/ Data Calls Now we consider the expected transmission delay of a call, which is the time duration elapsed between a call succeeds in the contention and it is successfully transmitted. A fundamental requirement in the voice communication is prompt delivery of information. In our paper, we put a buffer of size B for voice calls, with which one can adjust the allowable delay of voice call until its successful transmission. For example, if a longer delay for voice is allowed with low packet dropping probability then we make B bigger. This is in contrast to the data messages which respond to congestion and transmission impairments by delaying packets in queue. So we assume the buffer size for data calls is unlimited.

958

D.C. Lee

Each voice call uses one slot in a frame and transmits one packet per frame, which accommodates the real time transmission requirement on the voice calls. All T transmission slots are available for voice transmission, so maximum T voice calls can transmit simultaneously, while the data calls can transmit their packets only when there are less than T slots occupied by the voice calls. Even during a data call is sending its packets, if an arriving voice message finds no idle slots, then the data call interrupts its transmission and hand over one slot to the voice message. That is, the voice messages are preemptive. The interrupted data call resumes its transmission whenever there are any slots available. We analyze transmission delays for each type of calls in the sequel. Notice that the transmission of voice calls is independent of the transmission of data calls. Denote Kn by the number of voice calls which succeed in the contention during the nth frame and newly join at the voice transmission queue. Since a call is voice call with probability α , the PD of Kn can be obtained from the Eq. (9) as following: ∞ § x· l x −l Pr( K n = l ) ≡ kl = ¦ Pr( Z = x ) ¨ ¸ α (1 − α ) , l = 0,1, 2,  . x =l ©l¹

(11)

Then X n , the number of voice calls in the system at the beginning of the nth frame has the relationship X n +1 = X n − ξ ( X n ) + K n , where ξn ( X n ) is the number of voice calls which complete the transmission at the n th frame given X n . The PD of ξn ( X n ) when X n =i , assuming the number of packets in a voice call is geometric with mean 1/ ε , is given by § min( i ,T ) · min( i ,T )−k k ε ≡ ξ n (min(i , T ), k ), Pr(ξ n ( i ) = k ) = ¨¨ ¸¸ (1−ε ) k © ¹

(12)

for k =0,1,,min(i ,T ), Let lim X n = X , lim K n = K , lim ξ n = ξ . It can be shown n →∞

n →∞

n →∞

that { X n ,n≥1} is a Markov chain. Then we can obtain the one-step transition probabilities qij of this chain as following: j ­ ° ¦ kl ξ (min(i ,T ), min(i ,T )− j +l ), ° qij = ® l = 0 ° ∞ k ξ (min(i ,T ), min(i ,T )− j +l ), l °¯l¦ =0

j =0,1,,T + B −1,

(13) j =T + B ,

for all i =0,1,,T + B and ξ (i , k ) = ξ (i , i ) if k ≥i and ξ (i , k ) = 0 if k < 0 . Now the SSPD, η = (η0 , η1 ,  , ηT + B ) , where η j = Pr( X = j ) , of the number of voice calls to be transmit-

ted in the system at the beginning of the frame is given by solving the equations: T +B

T +B

i =0

j =0

η j = ¦ ηi qij ,

¦η

j

= 1.

The expected transmission delay of voice message in frames is

(14)

Analytic Model of the Collision Resolution Protocol

E ( Dvoice ) = E ( X ) / E ( K )

959

(15)

by applying the well-known Little’s result [6]. As explained before, the data call can transmit its packets whenever there are slots available. Therefore, the PD of the number of packets waiting to be transmitted in the queue depends on how many slots are currently being held by voice transmission. Denote U n by the number of data calls which succeed in the contention during the nth frame and newly join at the data transmission queue. A call is data message with probability β , and thus ∞ § x· x −l l Pr(U n = l ) ≡ ul = ¦ Pr( Z = x )¨ ¸ (1 − β ) β x =l ©l¹

,

(16)

and the PD, w j , j≥0 , of the number of data packets arrived during a frame is: ∞ § j −1· l k −l w j = ¦ ul ¨ ¸δ (1 − δ ) , j ≥ 1 , l =1 © l −1 ¹

(17)

and w0 =u0 . Let k be the number of slots which are occupied for voice transmission. By means of the probabilities w j , we can find the steady state conditional PD, ν

(k)

= (ν 0

(k )

,ν 1 ,ν 2 (k )

(k )

, ) , of the number of data packets in the system at the begin-

ning of the frame, when k voice calls are transmitting, by solving the following steady-state equations: § T −k © i=0

· ¹

ν 0 = w0 ¨ ¦ ν i( k ) ¸ , (k)

νj

(k)

∞ § T −k · § j · = w j ¨ ¦ ν i( k ) ¸ + ¨ ¦ ν T( k−k) +m w j −m ¸ , j ≥ 1, and ¦ ν (j k ) =1. j =0 © i =0 ¹ © m=1 ¹

(18)

Finally, the unconditional PD ν = (ν 0 , ν 1 , ν 2 , ) is: ∞

ν j = ¦ ν (jk )η k , j = 0,1, 2,  . k =0

(19)

Now we can calculate the expected number of data packets at the beginning of the ∞

frame, that is LD = ¦ jν j . Then (T − E ( X )) /(δ ⋅ LD ) is the expected number of frames j =0

to transmit one data call, which gives the transmission delay in frames of a data call.

6 Numerical Results In numerical study to verify our model, we compute the expected (i.e., access and transmission) delays for voice calls and data calls using the parameters V = 30, T = 95, B = 10, λ = 5, α = 0.3 and the expected number of packets of a data call is set to be 1000 (i.e., δ = 0.001 ). Expected delays are calculated as the expected

960

D.C. Lee

number of packets in a voice call (i.e., 1/ ε ) varies. The same was found using simulations as well. The plots in Fig. 2 show close agreement between analytic results and the simulation, especially in the voice call, thus validating the analysis. As for the data call, however, analytical results tend to overestimate than the simulation but are still within the confidence intervals. This is because we first derived the probability distribution of the number of data packets in the system under the condition that there are k voice calls transmitting, and then unconditioned it. This is based on the assumption that the number of data packets reaches steady state before k changes.

Fig. 2. Expected delays

7 Conclusion In this paper we considered the analytic model of the BEB policy, which is a coll ision resolution algorithm often adopted in the random access packet networks. We obtain the SSD of the number of messages waiting in the system, which is utilized to get the probability that a tagged call experiences a collision given that it actually participates in the contention for a request slot in a frame, which has never been investigated in the literature. With these, the expected access and transmission delay of frames that a message experiences from its arrival to the system until the successful transmission are found analytically. A numerical results from the analytic model is provided. It shows that our proposed analytic model gave an excellent agreement with the simulation.

Acknowledgements This work was supported by Fund of Howon University, 2006.

References 1. Yung-Fang Chen, Chih-Peng Li.: Performance Evaluation of the Quasi-FIFO Back-off Scheme Wireless Access Networks. IEEE VTC. Vol. 2 , 2003 2. Yang Yang, and Tak-Shing Peter Yum.: Delay Distributions of Slotted ALOHA and CSMA. IEEE Trans. on Comm., Vol.51, 2003

Analytic Model of the Collision Resolution Protocol

961

3. P. Chatzimisios, V. Vitsas and A. C. Boucouvalas.: Throughput and Delay Analysis of IEEE 802.11 Protocol. Networked Appliances, Liverpool. Proceedings, 2002 pp. 168 - 174 4. B. J. Kwak, N. O. Song, and L. E. Miller.: Analysis of the Stability and Performance of Exponential Backoff. IEEE WCNC, Vol. 3, 2003 5. W. Szpankowski.: Analysis and stability considerations in a reservation multiaccess system. IEEE Trans. on Comm., Vol. com-31, 1983 6. L. Kleinrock.: Queueing system, Vol. 1. Theory. John Wiley & Sons, 1975

Security Enhancement by Detecting Network Address Translation Based on Instant Messaging Jun Bi, Miao Zhang, and Lei Zhao Network Research Center Tsinghua University Beijing, P.R.China, 100084 [email protected]

Abstract. Detecting network address translation is helpful for network administrators to enhance the network security. Current network address translation detection approaches can not work effectively in all scenarios. In this paper, a new detection scheme ImNatDet utilizing instant messaging information is presented, a case study based on characters of MSN Messenger is analyzed, and related security issues are discussed. This paper also indicates that characters of instant messaging applications can be used to detect users’ privacy information.

1 Introduction Mainly due to lack of unallocated IP address in IPv4, network address translation [1] is widely used in today’s Internet. The network address translation technologies can be divided into three categories [2]: full cone network address translation, restricted cone network address translation, and symmetric network address translation. Full cone and restricted cone network address translation will map the same external IP address and port from the same internal IP address and port. In symmetric network address translation, the external IP address and port also depend on the destination IP address. According the report in [3], about 17% to 25% of Internet game players are located behind network address translator. We can estimate that the source addresses of a large number of Internet applications are translated by network address translators. Multiple requirements have been discussed on detection of network address translation [4][5][6]. From the viewpoint of network security, the source address of a packet is replaced by the external address of a network address translator, so it’s hard for network administrators to trace back the origin of a packet. For example, if the origin of SPAM or DDoS attacks is located behind a network address translator, then network administrators can only traced the attack packets back to the external boundary of network address translator. Therefore, network address translator can be used by attackers to masquerade their attacking hosts. Based on the above discussion, monitoring the usage of network address translation will be helpful for service providers to enhance the network security. How ever, existing network address translation detection approaches can not work effect tively in all scenarios. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 962 – 971, 2006. © IFIP International Federation for Information Processing 2006

Security Enhancement by Detecting Network Address Translation

963

In this paper, a new detection scheme ImNatDet is proposed, in which the instant messaging information is utilized. The rest of this paper is organized as follows: in Section 2, related works are introduced; in Section 3, we present the detection algorithm and a case study on MSN messenger; some related issues are discussed in Section 4; Section 5 summarizes the paper and discusses future work.

2 Related Works Investigators have proposed several methods to detect network address translation. We summarize related works as four categories according to the information used for detection algorithms: by detecting TTL value in the IP header [7]; by detecting IP ID field in the IP header [8]; by detecting TCP/IP stack implementation information of different operating systems [9][10][11]; by detecting time related information in the TCP header [12]. These methods rely on the information of TCP/IP stack in hosts, so they can be defeated by attackers in modifying TCP/IP stack in their attacking hosts to hide the address translation information. Another possible way to detect network address translation is checking whether the source port number in TCP/UDP packets coming from a target source address reaches a high number quickly. This is the character that a large scale network is behind a network address translator, or the character of the usual setting on network address translator that using high port number for translated TCP/UDP packets to avoid collision with possible service port numbers on the translator. This method can be also defeated if the attackers are able to change the settings on the network address translator. Instant messaging is an emerging and popular communication method for Internet users. Since the first instant messaging tool UNIX “talk” was introduced in 1973, IRC (Internet Relay Chat) was introduced in 1988, and ICQ was introduced in 1996, subsequently there rises many public instant messaging service provides, such as AIM (AOL), MSN Messenger (Microsoft), Google Talk (Google), Yahoo! Messenger (Yahoo), etc. In China, TENCENT is recognized as the most successful instant messaging service provider with its instant messaging tool named QQ. Some enterprises also provide private instant messaging services for business purposes. The characters of real-time communication and presence awareness led to its acceptance as the third popularity Internet application following Email and Web [13]. As an evolving technology, instant messaging is attracting researches in the related research topics. This paper will study characteristics of instant messaging and utilize these characteristics for detection on network address translation. The basic idea of instant messaging based network address translation detection is as follows. Instant messaging applications are popular Internet applicant and are user–oriented. Normally user will run only one instance of instant messaging application on a host. If there are more than one instance was found, it means there is more than one host behind the IP address and their original source addresses were changed by the network address translator.

964

J. Bi, M. Zhang, and L. Zhao

3 Methodology 3.1 Scenario The most important characteristic of instant messaging is the presence service [14]. Hereafter we use the term ”presence packets” to denote the packets which carry the presence information; use the term “presence channel” to denote the data channel between an instant messaging client and an instant messaging server which transfers presence packets; and use the term “presence channel packets” to denote the packets (including the presence packets) transferred in the presence channel. The scenario of instant messaging based detection is shown in figure 1. Host A, B, C, and D share the same gateway to access the Internet. Host B, C, and D are in a private address space behind a network address translator. A device running the detection algorithm, which is called ImNatDet, is passively collecting and analyzing IP packets passing through the access gateway.

Fig. 1. ImNatDet Detection Scenario

Security Enhancement by Detecting Network Address Translation

965

3.2 Algorithm Figure 2 shows the channel table used for network address translation detection in ImNatDet. For each target IP address in the edge network, a list of presence channels is maintained for each kind of instant messaging application. When a presence channel packet for a specific instant messaging application coming from a given target IP address is captured, ImNatDet updates the presence channel list of that

Target

Presence channels for IM 1 Presence channels for IM 2

...

Channel 1

Channel 2

Source port

Source port

Dest IP addr

Dest IP addr

Final updated time

Final updated time

...

...

Fig. 2. Presence Channel Table

Capture a presence packet

Update presence channels No Count the number of current presence channels

Too many channels?

Yes Report Fig. 3. Presence Packets Processing Procedure

...

966

J. Bi, M. Zhang, and L. Zhao

instant messaging application by the information gotten from that packet and counts the number of current presence channels. If it exceeds a threshold Nth, ImNatDet would determine that there is a network address translator on this target IP address. Figure 3 shows the processing procedure for captured presence packets. There are two important problems: (1) How to sort out presence channel packets from all captured packets. (2) Considering the possible high bandwidth of the access gateway, the filtering method must be simple and efficient. (3) How to derive the number of presence channels (the number of instances) from the captured packets. We assumed that there is more than one host running the same instant messaging application behind a network address translator and there is only one instance for each type of instant messaging application allowed on one host. Different instant messaging applications have different design in their presence channels. We have to implement different filtering mechanisms for different instant messaging applications. In this paper, we choose Microsoft MSN Messenger as the sample instant messaging application to design the algorithm. In the following part of this section, we will show some observations on MSN Messenger, then introduce the method to sort out presence channel packets. At last, we discuss how to derive the number of presence channels. 3.3 Case Study: MSN Messenger Currently, there are three major instant messaging protocol suites: IMPP (Instant Messaging and Presence Protocol), XMPP (Extensible Messaging and Presence Protocol), and SIMPLE (SIP for Instant Messaging and Presence Leverage Extension). Some instant messaging applications use private protocols. MSN Messenger uses MSN Messenger Service Protocol. Expired IETF draft [15] describes the version 1.0 of the protocol. Some analysis about MSN Messenger can be found in [16] and [17].

Fig. 4. MSN Messenger

Security Enhancement by Detecting Network Address Translation

967

The mechanism of MSN Messenger is shown in figure 4: (1) The MSN Messenger client sets up a TCP connection to the dispatch server at destination port 1863. (2) The dispatch server dispatches a notification server for this MSN Messenger client. (3) The MSN Messenger client sets up a TCP connection to the assigned notification server at destination port 1863. Usually, this connection will last for the whole log-on session, except the case that the notification server tells the MSN Messenger client to connect to another notification server when it is overloaded or is about to be shutdown for maintenance . (4) When the MSN Messenger client needs to send instant messages or transfer files to other MSN Messenger clients, it asks notification server to dispatch a switchboard server to the MSN Messenger client. (5) The MSN Messenger client sets up a TCP connection to the assigned switchboard server at destination port 1863. The connection between MSN Messenger client and switchboard server will be closed when the chatting is over. The TCP connection between the MSN Messenger client and the notification server can be considered as the presence channel. The MSN Messenger client periodically sends a ``PNG'' command to the notification server. 3.4 Capturing Presence Channel Packets Methods that capture presence channel packets by filtering IP addresses of instant messaging servers are efficient, since ImNatDet only captures and examines the first few bytes of an IP packet. But this method requires a full list of IP addresses of instant messaging servers, which is difficult to get for some instant messaging applications. Methods that capture presence channel packets by filtering TCP/UDP service port numbers of instant messaging servers is also efficient. But usually it can not be used alone because the same port number can be used or both presence channels and other TCP/UDP channels. Methods that capture presence channel packets by filtering the packet payload for special control commands are less efficient, because ImNatDet has to exams the packet content. But it is a feasible way when the server address based and service port number based methods can’t work for some instant messaging applications. Different techniques are implemented in ImNatDet to capture presence channel packets. To get the presence channel packet of MSN Messenger, we apply service port number and payload characteristic as the packet filtering criteria. From the observation on MSN Messenger mechanism discussed in last section, we found that TCP packets between the target being detected and one of the notification servers are what we want to sort out. Since there are fairly a large number of notification servers and it is difficult to collect all addresses of notification servers, we did not use server address as the filtering condition. We filter presence channel data of MSN Messenger by checking whether the destination port number is 1863 and whether there is a string ”PNG” in the payload.

968

J. Bi, M. Zhang, and L. Zhao

3.5 Counting the Number of Instants For each kind of instant messaging application, a list of presence channel (represented by destination IP and source port) is maintained for each target source IP address of local network; and a timestamp Tf is set for each channel to denote the final updated time of that channel. When a presence channel packet is captured, we update the flow list and check the number of the list as below: (1) Get the destination IP address and source port number and check whether it belongs to an existing flow. If it does, update Tf of the flow; otherwise, append a new record to the list. (2) Remove the flow records that haven’t been updated for Tmax time. Tmax is the maximum value of the time interval between two captured packets for one presence channel. (3) Count the number of concurrent flows and check whether it is larger than a threshold Nth to determine whether the target is a network address translator. There are also some instant messaging applications that use UDP in transmitting presence information. For these instant messaging applications, as long as the client port number is relative stable and network address translator doesn't use different port number to transfer UDP packets for the same presence channel, these UDP based presence packets can be processed in the same algorithm as TCP packets.

4 Related Issues 4.1 Design Considerations We can passively capture both incoming and outgoing packets passing through the detection point. In the design of ImNatDet, we choose to only capture the outgoing traffics for detection, so that we can prevent possible attack on our detection method from the outside. As shown in figure 5, a trouble maker outside can spoof the IP address of an instant messaging server and periodically send forged instant messaging presence packets to two ports of host A, which a normal host in the local network. If ImNatDet uses these incoming packets to update the presence channels table, it would consider host A as a network address translator. Though it is possible for hosts inside the local network to spoof IP addresses of other local hosts and send forged presence packet to instant messaging servers, the source of these packets are easy to be tracked back. 4.2 Correctness ImNatDet is based on the assumption that instant messaging client always keeps a stable data channel to its server. It is also possible that instant messaging does not behave in this way. For example,

Security Enhancement by Detecting Network Address Translation

969

(1) An UDP based instant messaging application may change source port number of a presence channel; (2) A TCP based instant messaging applications may keep the presence channel for a short time: it opens a TCP connection when it needs to send a presence packet, then close the TCP connection after the presence packet is sent out.

Fig. 5. An Attack Scenario

The ImNatDet detection will fail on instant messaging applications using the above mechanism. We did investigations on current popular instant messaging applications and we haven’t found such a case yet. The proxy is also a popular way to provide network address translation. Most instant messaging applications support login through a socks proxy or a HTTP proxy. ImNatDet can also detect socks proxy [18] in a local network. When clients use instant messaging via a socks proxy inside the monitored local network, presence packets are transferred via this proxy. Since the socks proxy simply relays the data of the transport layer, the characteristics of presence packets will be kept, so ImNatDet would detect these presence channels coming from the sock proxy. Because packets are encapsulated by HTTP proxy, ImNatDet can not capture presence packets without original TCP information. Therefore, ImNatDet can not be used to detect local HTTP proxy.

970

J. Bi, M. Zhang, and L. Zhao

4.3 Privacy Issues of Instant Messaging The detection results of ImNatDet also expose some users’ privacy information on how to use instant messaging in the local network: (1) The type of instant messaging applications being used. (2) The frequency of instant messaging applications being used. (3) The behaviors such as the start and end time of an instant messaging application being used. It means that the characters used by network address translation detection can be also utilized by hackers to detect user’s privacy information. A hacker can even use the characters to sort out instant messaging packets and capture the communication contents. Considering instant messaging is widely used in today’s business communications, this problem should be seriously investigated.

5 Conclusion This paper proposed a new network address translation detecting scheme ImNetDet by utilizing instant messaging information. The proposed method can help network administrators to enhance the network security. Currently there is no detection method that can work well in every scenario. When a detecting method is put forward, a corresponding anti-detecting method is proposed. Thus it is required to combine multiple detection methods to get the better results. This paper also reveals that some characters of instant messaging applications might be used to detect users’ privacy information. Instant messaging application designers should consider how to design trustworthy instant messaging mechanisms. One possible direction is to avoid using fixed port numbers to transmit presence information. Proxy is another popular mechanism to provide network address transition and sometimes brings network management and security problems. ImNatDet can be directly used to detect socks proxy in the local network, but can not be used to detect a local HTTP proxy. For the future work, the passive detection on local HTTP proxy is necessary to be investigated.

References 1. Srisuresh P. and Egevang K.: Traditional IP Network Address Translator (Traditional NAT), RFC3022, Jan 2001. 2. Rosenberg, J., Weinberger, J., and Huitema, C.: STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs), March 2003. 3. Armitage, G.: Inferring the Extent of Network Address Port Translation at Public/Private Internet Boundaries, Technical Report 020712A, CAIA, 2002. 4. Hain, T.: Architectural Implications of NAT, RFC2993, Nov 2000. 5. Holdrege, M. and Srisuresh, P.: Protocol Complications with the IP Network Address Translator, RFC3027, Jan 2001.

Security Enhancement by Detecting Network Address Translation

971

6. Senie, D.: Network Address Translator (NAT)-friendly Application Design Guidelines, RFC3235, Jan 2002. 7. Phaal, P.: Detecting NAT devices Using sFlow, http://www.sflow.org/detectNAT, 2003. 8. Bellovin, S.: A Technique for Counting NATted Hosts, the 2nd Internet Measurement Workshop, Nov 2002. 9. Zalewski, M.: Passive OS Fingerprinting Tool, http://lcamtuf.coredump.cx/ p0f.shtml, 2003. 10. Kaniewski, W.: Detect NAT Users in Your LAN, http://toxygen.net/misc/, 2000. 11. Ulikowski, M.: NAT Detection Tool, http://elceef.itsec.pl/natdet/, 2003. 12. Kohno, T., Broido, A., Claffy, K.: Remote Physical Device Fingerprinting, IEEE Symposium on Security and Privacy, 2005. 13. Isaacs, E., Walendowski, A., Whittaker, S., Schiano, D., Kamm, C.: The Character, Functions, and Styles of Instant Messaging in the Workplace, CSCW ’02, New Orleans, Louisiana, USA, Nov 2002,. 14. Day, M., Rosenberg, J., and Sugano, H.: A Model for Presence and Instant Messaging, RFC2778, Feb 2000. 15. Movva, R.: MSN Messenger Service 1.0 Protocol, draft-movva-msn-messenger-protocol00.txt, Aug 1999. 16. MSN Messenger Protocol, http://www.hypothetic.org/docs/msn/. 17. MSNPiki, Unofficial MSN Protocol Documentation, http://msnpiki.msnfanatic. com/ 18. Leech, M.: SOCKS Protocol V5, RFC 1928, Mar 1996.

A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo1, Jungsook Koo2, and Dong Chun Lee3 1

Dept. of Computer Science and Eng., Hanyang Univ., Korea [email protected] 2 Dept. of Information Security, Kyonggi Univ., Korea 3 Dept.of Computer Science, Howon Univ., Korea [email protected]

Abstract. We propose a new authentication scheme of binding update protocol, which its Correspondent Node (CN) issues a ticket to Mobile Node (MN) when MN first executes the Binding Update (BU). This ticket assist that it is able to do efficiently the BU whenever MN requires the BU for the future. The proposed protocol need not be repeated equal BU course whenever the MN moves to foreign link or network, and is able to be executed in environment of not operating the Home Agent (HA), and also easies scalability.

1 Introduction MIPv6 [1] is the protocol of IP layer supporting node's mobility in IPv6. In MIPv6, MN has static Home Address (HoA) reaching without reference to now connected links and extraordinary CoA which is changeable when MN handovers to foreign link [1]. Also, located in foreign link, MN assumes that HA as a substitute of MN exists. When MN acquires new CoA from moving new link, it must register its CoA to HA. By registering this address, other nodes are always able to transfer messages using this node's HoA without reference to physical location of node. When MN isn't located in home link, messages received other nodes are sent to those nodes by using registered address in HA. But, because this method is always formed through HA, it brings about results which use inefficiently network. Accordingly, to solve this problem in MIPv6, MN also registers its Care-of Address (CoA) to its CN. By using this method, the connection between the MN and its CN are able to be optimized. This course which register CoA to HA and its CN, that is, are called “binding”. MIPv6 standard documentation of IETF is recommending to execute the BU to use Return Routability (RR) scheme [1]. But, if it doesn't securely execute the BU course, this course is able to be vulnerable in Denial-of Service (DoS) attack, redirect attack, and neighbor bombing attack [2]. But, RR scheme doesn't fully satisfy MIPv6 security requirements. In case of standard documentation [1], it is recommending to securely execute the BU courses by using IPSec [3, 4] into RR scheme to overcome these problems [5]. IPSec is able to be efficient between MN and HA supporting long-term connections. But, it may be inefficient between MN and its CN which is able to be formed by short-term connections. Also, IPSec can be a burden in case of communication node having low-power and limited computational quantities because of not little calculation costs executing internal key exchange protocol, Internet Key Exchange (IKE) [6], of IPSec. Therefore, it is X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 972 – 978, 2006. © IFIP International Federation for Information Processing 2006

A New Authentication Scheme of Binding Update Protocol

973

required of mechanisms which safely execute the BU at low cost between MN and its CN without using IPSec mechanism. To solve this problem, many BU protocols have been proposed. But, the existed BU protocols have some problems. In Return Routability (RR) [1] scheme, the information of creating session key is forwarded through public channel. Only, an attacker is able to intercept both Home Test (HoT) message and Care-of Test (CoT) message sending by two routers. It is not difficult if two attackers conspire. Child-proof Authentication for MIPv6 (CAM) [7] has problems as follows. First, this protocol takes costs for signing messages in MN and costs for verifying this signature in its CN. Second, it only supplies authentication of MN's HoA. Finally, it just supplies one way authentication. The existed BU protocols may be iterated equal protocol course whenever MN moves to foreign link. This method has two problems. First, it can reduce the efficiency of entire protocol because of always iterating same protocol course whenever MN gained new CoA from foreign link. Second, because the BU a limited lifetime, MN must update a lifetime. We propose the secure and efficient TBU protocol, which the BU using the ticket is able to promote efficiency by reducing iterating courses of entire protocol.

2 The Proposed Protocol We present TBU protocol for secure BU. It is designed for being suitable for almost all environments; in case of which a CN is not only a fixed node but also a portable node. In addition, when the CN is the moving node, the proposed protocol doesn't give computational burden such as public key operation, exponential calculation to MN. In TBU protocol, we assume that the connection between a MN between it’s HA, between it’s HA and the HA of CN, between a CN and its HA is able to establish secure tunnel using the IPSec. Also, the CN is able to be not only fixed node but also moving node. The detailed protocol is following.

Fig. 1. The basic TBU protocol at first between MN and its CN via Mobile Host (MH)

974

J.D. Koo, J. Koo, and D.C. Lee

The following notation is used in describing our protocol. • BU/BA: A binding update/binding acknowledgement. • MN/MH: Mobile node/its home agent • CN/CH: Correspondent node/ its home agent • HoA/CoAA: A home address of MN and care-of address of a node A. • MHaddr/CHaddr/CNaddr: The address of MH/CH/CN. • KA-B: A secret key between A and B. • KA: A secret key of A. • CookieA: A cookie generated by A (the parameter for preventing DoS). • LBU/BA: A lifetime of BU/BA. • TA: A timestamp generated by A. • MAC (M, K): Keyed hash of message M with key K for authenticating message M. • TckA-B: A ticket between A and B. • nA: A nonce generated by A. • a b: A bit concatenation of message a and b The nodes which participated in basic protocol are MN, Mobile Host (MH), and CN. But, the BU protocol at the future only participates in MN and its CN. The role of MH is to create the secret key and the ticket with CN instead of the MN. The detailed basic protocol is same to Fig. 2. The connection between MN and MH, between MH and CN is protected securely via ESP tunnel. We describe some of the features of TBU protocol. Message 1. This message which sends to MH is to request BU to MH and CN. The MN creates a nonce nMN and associates the nonce with its CN in its binding update list. It is used to prevents messages from replay attack and create secret key. TMN and LBU is a timestamp and a lifetime generated by MN, respectively. A lifetime of BU has a fixed time. Accordingly, even though MN doesn't move to a foreign link or network, the lifetime of BU must be re-updated before the lifetime is over. KMN-MH is IPSec secret key between MN and MH.

HoA, MH addr , (CN addr , HoA, CoA, nMN , TMN , LBU ) K MN − MH Message 2. Upon receiving message 1, MH registers CoA of MN and stores binding information into binding cache. MH creates nonce nMH for preventing a message from replay attack and creating secret keys. It sends a message to CN communicating with MN to request ticket creation and BU. This message is also sent to MN's CN via the secure protected ESP tunnel. It is a message which request for creating ticket and executing BU between MN and CN. The MH forwards other parameters received from MN to CN.

HoA, CN addr , ( HoA, CoA, nMN , nMH , TMH , LBU ) K MH −CN Message 3. The MN's CN first validates nonce, timestamp, and lifetime received from MH. It then generates a symmetric key KMN-CN between MN and its CN, which will be used as the ticket key. Also, it creates TckMN-CN that will be used by the node with

A New Authentication Scheme of Binding Update Protocol

975

HoA. The ticket consists of HoA of node's address using ticket, nonce nMN, timestamp TCN, ticket's lifetime LTck, a symmetric key KMN-CN between MN and its CN. It is able to use the purpose of authenticating MN when MN moved to foreign link. By publishing ticket, the BU between MN and its CN for the future becomes very simply. The protocol's efficiency then is raised by reducing the iteration of entire protocol course. The CN registers CoA of MN. Then, the binding information is stored into binding cache of CN.

CN addr , HoA, (CN addr , HoA, nMH , nCN , Tc , LBA , TckMN −CN ) K MH −CN Tc = TMH || TCN K MN −CN = MAC ( K MH −CN , nMN || nCN || nMH ) TckMN −CN = ( HoA || nCN || TCN || LTck || K MN −CN ) KCN Message 4. The MH intercepted this message creates the symmetric key KMN-CN like CN. It adds the nonce nMN received from MN at first to message. After it concatenated each node's timestamp, it forwards this message to MN via secure ESP tunnel. MN received message 4 first checks the nonce nMN created itself. Then, MN stores securely the ticket TckMN-CN. As a result, our protocol is first performed simultaneously both the key distribution and the BU courses via secure ESP tunnel recommending in IETF. By using ticket, the next BU is able to be executed with only two messages such as a BU and a BA message. It aims to upgrade a performance of BU protocol by minimizing the courses of the entire protocol.

CN addr , CoA, HoA, (nMN , Ta , TckMN −CN , LBA , K MN −CN ) K MN − MH Ta = Tc || TMN When MN again moves to foreign link or network, it doesn't perform all basic TBU protocol courses. MN executes BU by using only two messages like BU message containing the ticket and BA message. So, the TBU protocol is able to elevate the efficiency of entire protocol and to reduce abilities witch are attacked from attackers by decreasing message number. The protocol is illustrated as Fig.2. BU message. MN directly sends this message to CN to register new CoA which gains in foreign link or network. Because the connection between MN and its CN isn't protected by secure ESP tunnel, there may be various attacks. Accordingly, it creates and adds security parameters to message. After created a cookie Cookie1, It sends it to its CN. The aim of cookie is to first filter attacks such as DoS or flooding attack etc. It also inserts a ticket TckMN-CN generated by CN in the message. It then sends the BU message to CN directly. BA message. Upon receiving BU message, CN first checks on the validity of a cookie Cookie1 whether attack is or not. Also, it generates the cookie Cookie2 and then sends it to MN. And, it verifies the validity of the ticket by decrypting and checking the validation period and the MN's HoA included in the ticket. Then, it verifies the MAC

976

J.D. Koo, J. Koo, and D.C. Lee

1

BU CoA, CNaddr, HoA, nMN’, TMN, LBU, TckMN-CN, Cookie1, MAC(KMN-CN, BU message) BA

MN

2

CN

CNaddr, CoA, HoA, nMN’, TCN, Cookie1, Cookie2, LBA, MAC(KMN-CN, BA message)

Fig. 2. The basic TBU protocol for the future between MN and its CN

using the ticket key. Also, CN checks a lifetime of BU message and inserts the lifetime of BA LBA, n’MN generated by MN in BA message. If everything is ok, CN stores the nonce and BU information in its binding cache. It then responds to BU message by sending the BA message.

3 The Protocol Analysis In MIPv6, in case of not executing safely the binding update courses, there are various attacks such as DOS attack, redirect attack, and neighbor bombing attack, etc. Therefore, The BU must be satisfied with the security requirements as follows. • An authentication of requester: The HA and MN's CN must be able to confirms whether it is the request of MN possessed HoA or not before they recognize the BU request of MN. If it isn't confirmed from nodes, attackers can be various redirect attacks by executing the BU in disguise with a justified MN. • An authentication of responder: MN must be able to affirm whether the response message for BU request is the acknowledgement message of its CN communicating now with itself or not. If not, MN is able to mistake that the binding update was successful. In this case, the directly delivered message through routing optimization is dropped. • Integrity of binding information: It must support the integrity of CoA information of MN. If doesn't supply, attackers is able to be various attack by changing CoA of MN. • A location authentication of requester: MN's CN must be able to verify whether MN really exists in suggesting current location (CoA of MN) or not. If not, by using address of other nodes, attackers can be bombing attack against target node. Now, we will discuss how strong our protocol TBU is against various attacks such as Denial-of Service (DoS) attack and Redirect attack. DoS attack is that a justified users is not able to execute the protocol. It can be divided with resource depletion attack and connection depletion attack. The former is attack of targeting nodes not using fixed resource like mobile node as the attack for consuming calculation resource of server. But, the latter is attack for exhausting the connection of being able to permit in server. DoS attack is not problem of solving certainly in BU protocol because it is able to occur in all communication protocols. Also, to protect completely it is very difficult.

A New Authentication Scheme of Binding Update Protocol

977

Table 2. The satisfaction of security requirement of protocols

RR ECBU CAM CBID/SUCV Proposed Method

mutual authentication MN CN × × ż ż ż × ż ż* ż ż

message integrity

location authentication

× ż ż ż ż

Besides, this attack is not attack which is able to settle in satisfyingness of security requirements on contrary to redirect attack and neighbor bombing attack. To alleviate DoS attack, a generally used scheme is divided as follow. First, it comprise protocol so not to be necessary that nodes are able to support the status information for reducing cases that services are rejected from the exhaustion of buffer sustaining connection status datum. Second, nodes authenticate the communicated messages for reducing cases of maintaining unnecessary connection information. Third, to be difficult the attack, those use client puzzle. Second scheme requires adding costs of authenticating messages. So, it is used generally with more and more increased method. TBU protocol uses cookie to prevent this attack. MN first creates cookie, then on receiving the cookie its CN checks on the validity of it. If is not right this information, CN drops a message. Various attackers may try to redirect the mobile node's traffic to some other nodes including itself. If the attacker can procure the private key of the victim or the ticket key of the victim’s ticket, the attacker is able to be successful at this attack. We assume that both are infeasible if the attacker is attempting a passive cryptanalysis attack. We will first argue that our protocol and existing BU protocol satisfy the security requirements of the BU protocol. In Table 2, all protocols with the exception of CAM [7] and RR protocol supplies a mutual authentication. In case of SUCV protocol, it is able to settle mutual authentication by IPSec only. Also, TBU protocol and ECBU protocol provide the mutual authentication by using HA. The integrity of BU message can be authenticated by encrypting the securely established session key and making signature the BU request message. There are not securely confirming methods whether MN exists in MN's CoA or not. But all schemes have a certain amount of devices to solve this problem.

4 Conclusion In this paper we presented solution to elevate efficiency by reducing iterating BU courses via ticket. The ticket-based binding protocol takes diverse advantages. First, the CN need not maintain the status information of session key between MN and its CN because it encrypts the ticket using its private key. Second, both MN and its CN is able to perform BU in environments on not operating a HA of MN such as P2P circumstances.

978

J.D. Koo, J. Koo, and D.C. Lee

Also, proposed TBU protocol satisfies the safety of protocol and security requirements such as mutual authentication, the integrity of the BU message and a certain amount of location authentication because this ticket is only able to create in CN or HA of CN and the session key between MN and its CN is contained in it.

Acknowledgements This work was supported by Fund of ITRC at Korea Univ., 2006.

References 1. D. Johnshon, C. Perkins, J. Arkko, “Mobility Support in IPv6,” IETF RFC 3775, 2004. 2. P. Nikander, J. Arkko, T. Aura, G. Montenegro, E. Nordmark, “Mobile IP Version 6 Route Optimization Security Design Background,” IETF RFC 4225, December 2005. 3. S. Kent, R. Atkinson, “IP Authentication Header,” IETF RFC 2402, November 1998. 4. S. Kent, R. Atkinson, “IP Encapsulating Security Payload (ESP),” IETF RFC 2406, November 1998. 5. J. Arkko, V. Devarapalli, F. Dupont, “Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents,” IETF RFC 3776, June 2004. 6. D. Harkins, D. Carrel, “The Internet Key Exchange (IKE),” IETF RFC 2409, 1998. 7. G. O'Shea, M. Roe, “Child-proof Authentication for MIPv6 (CAM),” ACM Computer Communications Review, Vol. 31, pp. 4-8, July 2001. 8. T. Aura, “Cryptographically Generated Addresses (CGAs),” IETF RFC 3972, 2005. 9. G. Montenegro, C. Castelluccia, “Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Address,” ISOC Symposium on Network and Distributed System Security (NDSS 2002), February 2002. 10. G. Montenegro, C. Castelluccia, “Crypto-Based Identifiers (CBID): Concepts and Application,” ACM Transaction on Information and System Security, Vol. 7, pp. 97-127, February 2004. 11. R. Deng, J. Zhou, F. Bao, “Defending against Redirect Attack in Mobile IP,” Proc. of the 9th ACM Conference on Computer and Communications Security, Washington D.C., November 2002. 12. Y. Qiu, J. Zhou, F. Bao, “Protecting All Traffic Channels in Mobile IPv6 Networks,” In Proceeding of WCNC ‘04, Vol. 1, pp. 160-165, March 2004. 13. S. Thomson, T. Narten, “IPv6 Stateless Address Auto-configuration,” IETF RFC 2462, December 1998. 14. R. Droms, “Dynamic Host Configuration Protocol (DHCP),” IETF RFC 2131, March 1997.

A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors Bongsoo Son1, Taehyung Kim2, and YongEun Shin3 1

Dept. of Urban Plan. and Eng., Yonsei Universiy, Seoul, Korea [email protected] 2 Adavnced Trans. Tech. Research Center, The Korea Trans. Institute, Korea [email protected] 3 Dept. of Urban Eng., Dong-Eui Univ., Busan, Korea [email protected]

Abstract. At the transition from a tangent section to a curved section, it is possible for a following vehicle with adaptive cruise control in car-following mode to lose track of the lead vehicle. This occurs because the lead vehicle enters the curve and its path diverges from the axis of the following vehicle, yet the following vehicle does not yet have lateral acceleration information that would induce its range sensor to bend according to the curvature of its own path. This is a temporary situation, but one that could have an impact on cruise control safety and appropriate algorithms. In this paper, the conditions of time and distance that produce this circumstance are derived. Examples are given using typical values of roadway and vehicle parameters. Finally, some conclusions regarding possible solutions are offered.

1 Introduction Correct functioning of an adaptive cruise control system is predicated on the assumption that the following vehicle can continually acquire range information from the vehicle in front of it. This is important both when the subject vehicle is traveling at its desired speed and is alert to potential conflicts in front of it, and while it is in a “carfollowing” mode because a leading vehicle is obstructing its ability to travel at its own desired speed. The acquisition of range information (and any of its derivatives, including relative velocity and relative acceleration) is accomplished via electromagnetic sensor, most often employing infrared radar or laser technology. A variety of sensors are available, and testing regimes have been established to ensure that they perform adequately [1]. For our purposes, the sensor can be visualized in plan view as a beam with a given angular range ș. Several rangefinder sensors, such as the Omron units employed in some Nissan ACC systems, employ multiple beams. Primarily, this capability is used to support sensing of lane-changing and other potential conflicts outside the lane of the subject vehicle. Each beam has an aiming angle and included angle similar to ș, and each could be analyzed individually using the methods in this paper. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 979 – 987, 2006. © Springer-Verlag Berlin Heidelberg 2006

980

B. Son, T. Kim, and Y. Shin

ACC is becoming a more popular accessory in cars, following the traditional trajectory of new technology, which is to filter its way down from the most expensive models to the lesser so. It is currently marketed as a convenience system rather than a safety aid [2]. This is due in part to the fact that its operation is not yet robust. This paper is concerned with a specific instance where the intended functionality of the ACC range sensor can be hampered, due to a combination of vehicle locations, speeds, and roadway geometry. The next section describes, qualitatively, a number of known issues from the ACC literature. Following that, we present the quantitative methodology for determining the specific circumstances under which rangefinder dropouts can occur at curve transitions, and some examples with specific parameter values. This is followed by a discussion of how this and other sensor issues relate to the design of ACC strategies and algorithms. Finally, some conclusions and suggestions for future research are offered.

2 Target Determination in Circular Curve One of the interesting challenges of ACC control lies in the fact that when both the subject vehicle and the target vehicle are on a curve, the target vehicle is not directly in front of the subject vehicle, as measured along its own axis. To counter this, most ACC sensors have the ability to deflect their beams at appropriate angles. The determination of the proper angle requires an estimate of the curvature of the road being traversed, which is accomplished via a combination of an on-board yaw rate sensor and feedback from the vehicle’s speed sensor. What is assumed in this calculation, however, is that the subject vehicle is on the curve, allowing it to measure its own lateral acceleration. During the transition from a tangent section to a curved section, however, the lead vehicle enters the curve first, and it might be possible for it to turn out of the path of the sensor beam before the following vehicle is even aware that a curve is coming [1]. In their report [3] on a major demonstration project in the U.S., General Motors acknowledges that curve entry-exit transitions present a challenge to target acquisition and tracking in an ACC system. The issue is more complicated than simply losing track of the vehicle - from the perspective of the rangefinder in the following vehicle (if it is of the multi-beam variety equipped to take such measurements), this maneuver might just as easily resemble a lane change. As a result, if the following vehicle were traveling below its desired speed, it might interpret this as a circumstance where it would be safe to accelerate back to its desired speed. In fact, however, it would soon discover, once it was on the curve, that the lead vehicle did not change lanes, and therefore because of its own acceleration, the safe following distance had been compromised. Other issues related to losing track of an appropriate target, or acquiring a stationary target incorrectly, have been documented in [1, 4] and elsewhere. The methodological portion of this paper is concerned only with the issue of temporary losing track of a lead vehicle at a curve transition, although the geometric procedure can be adapted to other problems. It should be noted that a similar problem might arise with vertical curves. In this case, the “visibility” of the lead vehicle might be hampered. In general, particularly on high-speed facilities where ACC systems are currently most useful, vertical

A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors

981

curvature tends to have less of an egregious effect than horizontal. Nevertheless, this is probably an important issue, although it is not treated in the scope of this paper. We present the geometry of this situation in a way that enables to determine, as a function of the speed of the vehicles (and therefore the safe following distance), the distance and time that the following vehicle is on the tangent, after losing track of the target vehicle, but before entering the curve where it might re-acquire. It is this interval that is most dangerous, and it might be wise to not attempt to accelerate during this time.

3 Geometric Derivation It is assumed that the horizontal alignment consists only of a smooth series of connected tangent sections and circular curves. While clothoid spirals are also used frequently for curve transitions, they do not lend themselves to closed-form geometric calculations [5]. Furthermore, their effect is to reduce the rate of change of curvature and spread it over a longer distance, giving a following vehicle more time to enter the curve and become aware of the new circumstances. Thus, the worst case-scenario is a direct tangent-to-circular arc transition, so spirals will not be considered in this paper. Figure 1 shows the geometry of tangent and circular curve sections. In the derivation that follows, coordinates are shown in vector representation for conciseness.

Fig. 1. Geometry of tangent and circular curve sections

The origin of the coordinate system in the figure is at the point PC, which is the point of curvature, or transition from the tangent to the circular curve. The circular arc has radius r. The safe following distance between the two vehicles is given by d, which is then partitioned into d = da + dl, where da is the distance along the arc of the

982

B. Son, T. Kim, and Y. Shin

center of the vehicle travel lane, and dl is the remaining distance, which is apportioned to the tangent. While d might be given exogenously, we will also show an example where it is a commonly used function of the vehicle speed v. The included angle ¨, on the circular arc, between its start and the location of the lead vehicle, is given by Δ=

where

2d a 2 r + lw

(1)

lw is the lane width. Throughout this paper, all angles are given in radians.

The point A is the middle of the driving lane at the curve transition; it is given by

ªl A=« w ¬2

º 0» ¼

T

(2)

The point B is the middle of the driving lane at the rear of the lead vehicle. To find this point, first we find the length C, of the chord AB:

§ da · l · Δ § c = 2 ¨ r + w ¸ sin = ( 2r + lw ) sin ¨ ¸ 2¹ 2 © © 2r + l w ¹

(3)

The point B is then determined by B = A + c R (δ )

[0

1]

T

(4)

where R(į) is the transformation matrix that effects a counter-clockwise rotation about the origin through an angle of į radians (for examples of this form of vector algebra for highway design purposes, see [5,6]), and is given by

ª cos δ R(δ ) = « ¬ sin δ

− sin δ º cos δ »¼

(5)

and į is the deflection angle (measured in radians, counter-clockwise from the positive abscissa) of the line that is tangent to the circular curve. This can also be written §x· © ¹

δ = cos −1 ¨ ¸ c

(6)

l · § x = ¨ r + w ¸ sin Δ 2¹ ©

(7)

where

Hence R(į) is given by ª § −1 § x · · «cos ¨ cos ¨ ¸ ¸ © c ¹¹ © R (δ ) = « « § −1 § x · · « s in ¨ co s ¨ ¸ ¸ © c ¹¹ © ¬«

§ § x · ·º ª x − s in ¨ c o s − 1 ¨ ¸ ¸ » « © c ¹ ¹» « c © = 2 § § x ·· » « c o s ¨ co s − 1 ¨ ¸ ¸ » « 1 − x © c ¹ ¹ ¼» ¬« c2 ©

x2 º » c2 » » x » c ¼»

− 1−

(8)

A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors

983

Simplifying and combining then yields ª lw B=«2 « ¬0

ªl º x2 º w » + cR (δ ) ª 0 º = « − c 1 − 2 » c » «1 » « 2 » ¬ ¼ « »¼ x ¼ ¬

(9)

Removing the intermediate variables c and x then leaves ª « lw − «2 B = « « « ¬«

2 2 º ª ª§ § da ·º § 2da ·º » lw · + − + 2 r l sin r sin ( ) « «¨ ¨ ¸» ¨ ¸» w ¸ 2 ¹ © 2 r + lw ¹ ¼ © 2 r + lw ¹ ¼ » ¬ ¬© » » § 2d a · lw · § » ¸ ¨r + ¸ sin ¨ + 2 2 r l © ¹ w ¹ © ¼»

(10)

Assuming that the edge of the sensor beam is effective all the way to the right rear corner of the vehicle (point D in Figure 1), that point is derived as follows: π · vw ª0 º § D = B + R ¨Δ − ¸ 2 ¹ 2 «¬ 1 »¼ ©

(11)

where vw is the assumed width of the lead vehicle. R ( Δ − π 2 ) can be simplified: ª π § co s ¨ Δ − 2 π · «« © § R¨Δ − ¸ = 2¹ « π © § « sin ¨ Δ − 2 © ¬

The transformation matrix

π ·º § − sin ¨ Δ − ¸ » sin Δ 2 ¹ © » = «ª π · » ¬ − co s Δ § co s ¨ Δ − ¸ » 2¹ ¼ ©

· ¸ ¹ · ¸ ¹

co s Δ º sin Δ »¼

(12)

Hence the coordinate of the right rear corner of the lead vehicle in terms of basic parameters is given by ª « lw − «2 D= « « « «¬

2

2

ª ª§ § d a ·º § 2da ·º § 2da lw · vw co s ¨ « ( 2 r + l w ) sin ¨ ¸ » − «¨ r + ¸» + ¸ sin ¨ 2 ¹ 2 © 2 r + lw ¹ ¼ © 2 r + lw ¹ ¼ © 2 r + lw ¬ ¬© § 2da · lw v w · § ¨ r + 2 + 2 ¸ sin ¨ 2 r + l ¸ © ¹ w ¹ ©

º ·» ¸» ¹ » » » »¼

(13)

The other point of interest is then the point E, which is the front middle of the following vehicle. This can be given as lw ª º » E = « 2 « » ¬d a − d ¼

(14)

With the knowledge of the two points D and E, we can determine the angle Į between the center axis of the following vehicle and the right rear corner of the lead vehicle. More importantly, if we equate that angle to ș/2, we are determining the angle at which the lead vehicle departs the sensing region of the range sensor. Thus,

tan

θ 2

lw l + w − 2 2 =

ª § da « ( 2 r + l w ) sin ¨ 2r + lw © ¬

2

ª§ ·º § 2d a lw · ¸ » − « ¨ r + ¸ sin ¨ 2 2 r + lw © ¹ ¹¼ © ¬

l v § da − d + ¨ r + w + w 2 2 ©

§ 2d a · · ¸ ¸ sin ¨ ¹ © 2 r + lw ¹

2

·º § 2d a · vw cos ¨ ¸» + ¸ 2 ¹¼ © 2 r + lw ¹

(15)

984

B. Son, T. Kim, and Y. Shin

In this equation, the quantities lw and vw, can be assumed to be constant values determined a priori. For particular circumstances, a value of r can be chosen, although from the perspective of the ACC control logic, it must be expected that a range of curve radii can be encountered. The speed is not known ahead of time, and that has an impact on both the curve radius r and the following distance d. Nevertheless, we posit that the most appropriate use of Eq. (15) is to choose values for all of these parameters, as well as for the sensor angle ș, and then solve for da. Knowing da, one can then also determine dl = d – da, which is the distance over which the car must travel after having lost the range signal, until it enters the curve and can then bend its sensor beam and re-acquire. Combined with the speed, this gives the time during which the vehicle is vulnerable to conditions outside the expectations of the sensing system. Equ. (15) cannot be solved for da in closed form; in the examples that follow, we used the non-linear root finder in Matlab to solve the equation numerically.

4 Numerical Example In this numerical example, we will solve for da as a function of v, assuming that some of the other parameter values can be fixed, and the remaining variables can be chosen also to be single-valued functions of v. For example, we chose as standardized parameter values lw = 12 feet, and vw = 7 feet. In the latter case, this is the design vehicle width for a typical passenger car [7]. We chose ș = 10 degrees = 0.1745 radians, which is the included angle for the center beam of the Omron AR211 unit used in Nissan ACC systems. Finally, we chose r = 800 feet. This last choice was arbitrary but acceptable; the same analysis can be conducted with any other value. The safe following distance maintained between vehicles when the ACC is in following mode can be represented by car-following stopping distance, which includes perception/reaction and braking distance and is given in consistent units by d = vt +

v2 2 g ( f + G)

(16)

where t is the perception-reaction time for ACC system, which typically has a value of the order of 0.5 s [8]. This is a much shorter reaction time than is expected in manual driving, which is typically around 2-3 seconds [9]. The denominator of the 2nd term of the right hand side of Eq. (16) contains all modifiers to the effect of gravity, including the coefficient of friction f and the grade of the road G in dimensionless form. If we assume g is 32.2 ft/sec2, f is 0.30, G is zero and v is 73.33 ft/sec (approximately 50 mph) for both vehicles in this example, then Eq. (16) yields d = 314.5 feet. By moving all terms of Eq. (15) to one side of the equality, we turn the problem of solving for da into a root-finding exercise, which Matlab can do with standard numerical techniques. For the values given in this example, this yields da = 221.5 feet. Thus, dl = d - da = 93 feet. At the speed of 73.33 ft/sec, this means that the vehicle is “driving blind” for approximately 1.27 seconds. At least for the values given in this example, it seems wise to suggest that the ACC control unit pause at least a second or two before accelerating to the driver’s desired speed, in order to distinguish between a situation where it is in fact safe to do so because the previously obstructing vehicle

A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors

985

has left the lane in question, and a case where it only appears to be safe because of the effects of road curvature. This advice, of course, comes from a worst-case safety perspective. It may be that certain aggressive drivers would become impatient with such a system. For example, the car might choose to wait until it can distinguish between a lane change and a curve transition, but the driver might know which was actually the case. Perhaps some “aggressiveness” factor could be tuned by the driver according to their preferences. As vehicle functions become increasingly automated, it is apparent that humanmachine interaction issues become more and more important, much the way user interface and ergonomics were with the last generation of automotive technology. Accordingly, this is an important area of research that should be pursued.

5 Sensitivity Analysis We show how dl varies with marginal changes to other parameters such as the included angle of sensor, the radius of circular curve and vehicle speed, using as our nominal state the data from the analysis. Because of the number of dimensions involved, we cannot hope to completely characterize the behavior of Eq. (15) with this analysis, but it can serve to illustrate the shape of its partial derivatives, and reinforce the reasonableness of these relationships. The relation between dl and ș is approximately linear in this range of values, as shown in Fig. 2. Sensors with included angles between 4 and 12 degrees are considered. As the angle of sensor increases, the dl decreases which means that the blind time is decreasing. However, we have to make sure that increasing the sensor angle increases the likelihood of false readings from adjacent lanes, particularly at curves. While we chose a specific value of the curve radius r for the example, it is also fair to say that it depends in some measure on the speed v, which is presumably within the range of the design speed for the facility in question. It is not reasonable, however, to tie Eq. (15) to a specific relationship between speed and curve radius, since the vehicles are not necessarily traveling at the design speed, and because any such relation only gives a minimum value of the curve radius anyway. Beyond that, ample room is left for trading off curve radius versus superelevation, and designers can always choose larger-than-necessary curve radii to improve comfort, aesthetics, and other considerations. Fig. 3 shows how a range of curve radii affects the computation of dl. 180

90 2.3

1.2

80

140 2 1.7

80

1.4

60

1.1

40

0.9

60 50

0.6

40 30

0.3

20 0.8

20 0

0.5 4

5

6 7 8 9 10 11 included angle of se nsor (degree)

d_l

12

blind time

Fig. 2. Effect of the range sensor included angle

10 0

0 800

900

1000 1100 1200 1300 radius of circular curve (feet)

d_l

1400

blind time

Fig. 3. Effect of curve radius

time (second)

100

70 distance (feet)

120

time (second)

distance (feet)

1.5

100

2.6

160

986

B. Son, T. Kim, and Y. Shin

All radii are greater than the minimum required for a speed of 50mph. With the same speed, but decreasing curvature, the lead vehicle does not deviate from the following vehicle’s axis as drastically, so the blind time decreases. Fig. 4 shows how d and dl are affected by v, via Eq. (15) and (16), together with factors to transform speed to the more customary units of miles per hour. We chose the minimum curve radius for each speed range and safe following distance as increasing functions of velocity. Intuitively, blind time should decrease with curve radius, but increase with stopping distance. It is clear from this figure that the latter effect is more pronounced, so the blind time increases. Of course, there are limits to the range of the range sensor.

2

700 600

1.8

1.6

400 300

1.4

time (second)

distance (feet)

500

200 1.2 100 0

1 40

45

50

d

55 60 velocity (mph)

d_l

65

70

blind time

Fig. 4. Effect of the velocity of the lead vehicle

6 Conclusion In this paper we have described and illustrated a situation where an autonomous cruise control in car-following mode may inadvertently lose track of the lead vehicle, and may mistake that loss of target as being clear to accelerate. This is a potentially dangerous conclusion, since the lead vehicle has not changed lanes in this scenario, and will re-appear within the sensor’s “vision” as soon as the following vehicle knows it is on a curve and rotates the sensor beam appropriately. We were not the first to discuss or even mitigate against this problem, but our presentation of the geometric model of this situation is original to our knowledge. Using realistic example numbers, it is shown that the time lag between losing and re-acquiring the lead vehicle target is relatively small on the human scale, and therefore it might be wise not to employ ACC scenarios that over-react within time windows this small. There is a trade-off, however, because the ACC would be forced to behave this way in safe situations as well. This “sluggishness” might downgrade the user’s perceived convenience of ACC, which is the ability to quickly get underway again at the desired speed once potential threats have moved aside. It is not necessarily true that this issue will remain forever; however, it is probably not within the limits of range-sensing technology alone to solve the problem. The addition and fusion of a second sensor input, such as precise geolocation and an accu-

A Solution for the Dropout Problem in Adaptive Cruise Control Range Sensors

987

rate underlying map database, or an intelligent vision system that can recognize the presence and curvature of circular arcs ahead, might allow the following vehicle to react to curvature that the lead vehicle is experiencing even before it is in the curve itself. This is the approach being followed in the ongoing Automotive Collision Avoidance System (ACAS) field operational test conducted by General Motors, and presumably by a number of other manufacturers as well.

References 1. Domsch, C. and D. Sandkuhler (2000). Test procedures for ACC-sensors. Proceedings of the 7th World Congress on Intelligent Transport Systems, pp. 1-8. 2. Jagtman, H.M. and E. Wiersma (2003). Driving with adaptive cruise control in the real world. 16th ICTCT Workshop, pp. 1-8. 3. General Motors Corporation (2002). Phase I Interim Report: Automotive Collision Avoidance System Field Operational Test. Report No. DOT HS 809 454, National Highway Traffic Safety Administration, Washington, D.C. 4. Fancher, P., R. Ervin, J. Sayer, M. Mefford, and J. Haugen (1998). Intelligent Cruise Control Field Operational Test (final report). University of Michigan Transportation Research Institute (UMTRI), Ann Arbor, MI. 5. Lovell, D. J. (1999). Automated Calculation of Sight Distance from Horizontal Geometry. ASCE Journal of Transportation Engineering Vol. 125, No. 4, pp. 297-304. 6. Lovell, D. J., J.-C. Jong, and P. C. Chang (2001). Improvements to Sight Distance Algorithm. ASCE Journal of Transportation Engineering Vol. 127, No. 4, pp. 283-288. 7. AASHTO (2001). A Policy on Geometric Design of Highways and Streets. American Association of State Highway and Transportation Officials, Washington, D.C. 8. Rajamani, R. and C. Zhu (2002). Semi-autonomous Adaptive Cruise Control Systems. IEEE Tran. on Vehicular Technology, Vol. 51, No. 5, pp. 1186-1192. 9. Roess, R. P., W. R. McShane, and E. S. Prassas (1998). Traffic Engineering, 2nd edition. Pearson, New York, NY.

An Architecture Framework for Measuring and Evaluating Packet-Switched Voice Hyuncheol Kim1, , Seongjin Ahn2, , and Junkyun Choi1 1

School of Engineering, Information and Communications University, 119 Munjiro, Yuseong-Gu, Daejon, Korea, 350-714 {pharbor, jkchoi}@icu.ac.kr 2 Dept. of Computer Education, Sungkyunkwan University, 53 Myungryun-Dong, Jongro-Gu, Seoul, Korea, 110-745 [email protected]

Abstract. Until a recent date all telephony connections are set up via circuit switching. Advances in networking technology have made it possible for the Internet evolves into a Broadband convergence Network (BcN) and provides various services including Internet Protocol (IP) telephony over high-speed IP networks. Voice-over-IP (VoIP) uses packetized transmission of speech over the Internet. In order for the Internet to realize a profit as traditional Public Switched Telephone Network (PSTN), it must provide high quality VoIP services. The VoIP metrics report block of Real-Time Transport Protocol Control Protocol Extended Reports (RTCP XR) can be applied to any one-to-one or one-to-many voice application for which the use of RTP and RTCP is specified. However, RTCP XR only defines packet type to convey information that supplements the six statistics that are contained in the report blocks used by RTCP’s Sender Report (SR) and Receiver Report (RR) packets. Our objective in this paper is to describes a practical measuring framework for end-to-end QoS of packet switched voice in an IP environment including Packet Loss Concealment (PLC) techniques. It includes concepts as well as step-by-step procedures for setting up components, creating session, measuring packetized voice streams over IP networks.

1

Introduction

Until a recent date all telephony connections are set up via circuit switching. An alternate way of setting up end-to-end connections that is widely used for transmission of data is packet switching, such as that used in the Internet. Advances in networking technology, digital media, and codecs have made it possible for the Internet evolves into a Broadband convergence Network (BcN) 



This work was supported by grant No. R01-2004-000-10618-0(2005) from the Basic Research Program of the Korea Science & Engineering Foundation. This work was also supported in part by MIC, Korea under the ITRC program supervised by the IITA (IITA-2005-(ITAC1090050200070001000100100)). Corresponding author.

X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 988–997, 2006. c IFIP International Federation for Information Processing 2006 

An Architecture Framework

989

and provides various services including Internet Protocol (IP) telephony and on-demand television over their high-speed IP networks. Voice-over-IP (VoIP) uses packetized transmission of speech over the Internet (IP network) and has been thought as one of the killer application of BcN. In order for the Internet to realize a profit as traditional Public Switched Telephone Network (PSTN), it must provide competent quality of services for VoIP systems comparable to traditional PSTN systems. A large number of malicious factors are concerned to make a high-quality VoIP service. These factors include the speech codec, encoding (compression) schemes, packet loss, delay, delay variation, and the network architecture. Other factors involved in making a successful VoIP call includes the call setup signaling protocol, call admission control, security concerns, and the ability to traverse NAT (Network Address Translation) and firewall [1]. A successful end-to-end realization of IP telephony services presumes welldefined QoS measuring framework in the service provider’s and customer’s networks [2]. The VoIP metrics report block of Real-Time Transport Protocol Control Protocol Extended Reports (RTCP XR) can be applied to any oneto-one or one-to-many voice application for which the use of RTP and RTCP is specified. However, RTCP XR only defines packet type to convey information that supplements the six statistics that are contained in the report blocks used by RTCP’s Sender Report (SR) and Receiver Report (RR) packets [3]. Our objective in this paper is to describes a practical measuring framework for end-to-end QoS of packet switched voice in an IP environment including Packet Loss Concealment (PLC) techniques and Network Time Protocol (NTP). It includes concepts as well as step-by-step procedures for setting up components, creating session, measuring packetized voice streams over IP networks. This paper also investigates the effects of packet loss and delay jitter on speech quality in VoIP scenarios. The rest of this paper is organized as follows. In section 2, we will introduce a general components and control architecture of VoIP systems. The proposed VoIP QoS measurement architecture and functional components are described in section 3. In section 3, we will introduce their flow diagrams in detail so as to communicate with each other. we will also illustrate the performance of the system with extensive experimental data. Finally, Conclusions were drawn in Section 4.

2 2.1

VoIP Service and Components VoIP Signaling Protocols

As shown in Fig.1, Several standard protocols are available for building IP telephony solutions. These include H.323 from International Telecommunication Union - Telecommunication Standardization Sector (ITU-T); Media Gateway Control Protocol (MGCP), Session Initiation Protocol (SIP) from Internet Engineering Task Force (IETF); Media Gateway Control (Megaco) a joint protocol

990

H. Kim, S. Ahn, and J. Choi

IP D evices

H .323, SIP RTP /RTCP

Signaling Gatew ay

H .323, SIP P STN

P STN

SIGTran

IP N etw ork M GCP / M EGA CO RTP /RTCP M edia Gatew ay

Fig. 1. Typical control plane architecture of VoIP system

Netwo rk P akcet Lo ss

Netwo rk Jitter

Netwo rk Delay

Overall P acket Lo ss

P acket Lo ss Co ncealm ent

Jitter Buffer

Co dec P erfo rm ance

P erceived Quality

Overall Delay

Fig. 2. VoIP quality of service parameter

by IETF and ITU-T; RTP and RTCP from IETF. The signaling protocols enable creating, modifying, and terminating multimedia sessions with one or more participants over IP networks. The responsibility for session establishment and signaling resides in the end stations. SIP specifies procedures for telephony and multimedia conferencing over the Internet. SIP is an application-layer protocol independent of the underlying packet layer protocol (TCP, User Datagram Protocol (UDP), Asynchronous Transfer Mode (ATM), X.25). SIP is based on a client/server architecture in which the client (SIP User Agent (UA)) initiates the calls and the servers answer the calls. Because of its simplicity, scalability, modularity, and ease with which it integrates with other applications, SIP is attractive for use in packetized voice architectures [1][4]. In order to provide inter-operability, a number of gateways provide for translation and call control functions between the two dissimilar network types. Encoding, protocol, and call control mappings occur in gateways between two

An Architecture Framework

991

endpoints. Along with signaling protocols, cooperation among various functions such as Call Admission Control (CAC), transcoding, interworking, and billing is essential to a successful realization of VoIP service [5]. 2.2

Quality of Voice

Applications such as voice and video are particularly sensitive to network service quality. In VoIP applications a voice signal is first packetized and then transmitted over an IP network. However, at the receiving end, packets are missing or distorting due to network delay, network congestion (jitter) and network errors. This packet loss or delay degrades the quality of speech at the receiving end. In order to estimate the quality of voice stream in the middle of session, it is essential to produce generalized quantitative measures that reflect the objective rating of the voice stream. The Mean Opinion Score (MOS) test is widely accepted as a standard for speech quality rating. However, the subjective MOS rating is time-consuming and inaccurate. In recent years, several objective MOS measures were developed, such as Perceptual Analysis Measurement System (PAMS) and Perceptual Evaluation of Speech Quality (PESQ). The E-model standards, the E-model started as a research by European Telecommunications Standards Institute (ETSI), also provide a formula for calculating the loss of interactivity as function of the one-way delay. The E-model expresses an overall rating of the quality of a call and can be translated into quality and MOS [6][7][9]. R = (R0 − Is ) − Id − Ie + A

(1)

In equation (1), R0 represents the basic signal-to-noise ratio, including noise sources such as circuit noise and room noise. The factor Is is a combination of all impairments which occur more or less simultaneously with the voice signal , such as side-tone and Pulse Code Modulation (PCM) quantizing distortion. Factor Id represents the impairments caused by delay and the equipment impairment factor and Ie represents distortion of the speech signal due to encoding and packet loss. The advantage factor A allows for compensation of impairment factors when there are other advantages of access to the user, e.g., when using cellular or satellite phone [8][9]. E-Model is regarded as prominent rating technology that can be applied most properly when estimate speech quality for VoIP service because it considering about data network characteristic such as loss, delay. 2.3

VoIP Transport Protocols

The chief requirement that real-time media places on the transport protocol is for predictable variation in network transit time. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data such as audio or video stream.

992

H. Kim, S. Ahn, and J. Choi

RTP selects UDP as a transport layer because it has lower delay than TCP and because voice stream tolerates low levels of loss and cannot effectively exploit retransmission. RTP does not address resource reservation and does not guarantee QoS for real-time services. The data transport is completed by a control protocol (RTCP) to allow monitoring of the data delivery and to provide minimal control and identification functionality. RTCP provides for reliable information transfer once the audio stream has been established. RTCP provides feedback on the quality of data distribution and carries a transport-level identifier for an RTP source used by receivers to synchronize audio and video.

3

Measurement Framework of Voice Stream in Packet Network

In this section, we describe the architecture of the proposed VoIP measuring framework. The framework can be integrated to the commercial VoIP system as shown in Fig. 3. The RTCP XR packets are useful across multiple applications, in particular, the VoIP metrics report block provides useful metrics for monitoring voice over IP (VoIP) calls. These metrics include packet loss and discard metrics, delay metrics, analog metrics, and voice quality metrics. However, little more detailed procedure need to be defined for real operation. If a caller want to setup a session, as shown in Fig. 3, it will send INVITE message to callee to join the session. At the same time, as shown in Fig. 5(a), the caller will send type-1 initiation message to measurement server. After send SIP server

SIP signaling message flow

RTP /RTCP /RTCP -XR flow V oIP Gatew ay

P STN

Softphone

N etw ork timing message flow

IP phone Q oS M easure data flow

M easurement server

N etw ork Time server

Fig. 3. VoIP measurement framework

Internet

An Architecture Framework Q oS M easurement server

Softphone (SIP U A )

Q oS M easurement server

V oIP Gatew ay

SIP server

993

IN V ITE

1

IN V ITE 3 100 Trying 180 Ringing 180 Ringing 200 O K 200 O K

2

A CK

3 A CK

4 7 RT P/RT CP

BY E BY E 200 O K 200 O K 5 7

Fig. 4. VoIP QoS measurement procedure - normal session 0

7

15

23

31 0

Msg. Type [= 1]

7

15

23

31

Length SSRC (= 0)

Msg. Type [= 2]

Length

XR(BT 6) Interval (= 2,000ms)

SSRC

XR(BT 5, BT 7) Interval (= 2,000ms)

XR(BT 6) Interval (2,000 ms)

Call Initiation Time

XR(BT 5, BT 7) Interval (2,000 ms)

Caller IP

Caller IP

Phone Number Length

Phone Number Length

Phone Number (variable length , string , optional)

Phone Number (variable length , string , optional)

Call ID Length

Call ID Length

Call ID (variable length , string )

Call ID (variable length , string )

Caller SIP URL Length

Caller SIP URL Length

Caller SIP URL (variable length , string)

Caller SIP URL (variable length , string)

Callee SIP URL Length

Callee SIP URL Length

Callee SIP URL (variable length , string )

Callee SIP URL (variable length , string )

(a) Type-1 message

(b) Type-2 message

Fig. 5. Revised RTCP-XR initiation messages

200 OK message to the caller, as shown in Fig. 5(b), the callee will send send type-2 initiation message to the measurement server. The measurement server will respond the initiation messages respectively. When the caller receives the callee’s respond, it will send ACK message to reply the respond. Immediately after that, the caller will also send type-4 start message to the measurement server. After that the caller will setup the media channels such as RTP streaming with the caller. If the caller or the callee do not want to join the session anymore, they will send BYE message to the other participant. After that, the caller and the callee will send type-5 end message to the measurement server.

994

H. Kim, S. Ahn, and J. Choi 0 0

7

15

23

7

15

23

Msg. Type [= 5] Msg. Type [= 4]

31

31

Length

Length SSRC

SSRC

Reason Type

Session Creation Time

Session Termination Time

Caller IP

Caller IP

Call ID Length

Call ID Length

Call ID (variable length , string )

Call ID (variable length , string )

Caller SIP URL Length

Caller SIP URL Length

Caller SIP URL (variable length , string)

Caller SIP URL (variable length , string)

Callee SIP URL Length

Callee SIP URL Length

Callee SIP URL (variable length , string )

Callee SIP URL (variable length , string )

(a) Type-4 start message

(b) Type-5 end message

Fig. 6. Revised RTCP-XR measuring start and end messages Q oS M easurement server

Softphone (SIP U A )

1

V oIP Gatew ay

SIP server

Q oS M easurement server

IN V ITE IN V ITE

3 100 Trying 180 Ringing 180 Ringing 200 O K 200 O K

2 3

A CK A CK

4 7 RT P/RT CP

8 7

System Failure

System Failure

Fig. 7. VoIP QoS measurement procedure - an abnormal session

If the caller or the callee of the session can not setting up or lasting a session, as shown in Fig. 7 and Fig. 8, they will send type-8 event message to the other participant. Fig. 9 shows the details of type-8 event message. The content of the received voice packets is delivered to the decoder, which reconstructs the speech signal. Decoders may implement Packet Loss Concealment (PLC) methods that produce replacement for lost data packets. Simple PLC schemes simply insert silence, noise, or a previously received packet. More sophisticated schemes attempt to find a suitable replacement based on the characteristics of the speech signal in the neighborhood of the lost packet(s).

An Architecture Framework Q oS M easurement server

Softphone (SIP U A )

Q oS M easurement server

V oIP Gatew ay

SIP server

995

IN V ITE

1

IN V ITE 3 100 Trying 180 Ringing 8 7

Fig. 8. VoIP QoS measurement procedure - a rejected session

Fig. 9. Revised RTCP-XR Type-8 event messages

5

4.5

4 MOS

PLC(Random) no PLC(Random)

3.5

PLC(Burst) no PLC(Burst)

3

2.5

2 0%

3%

5%

10%

Packet Loss Rate

Fig. 10. Packet loss rate and MOS

Fig. 10 shows the relationship between (random/burst) packet loss and MOS value that is captured at the measurement server. Fig. 11 shows the relationship between (random/burst) packet loss and R rate.

996

H. Kim, S. Ahn, and J. Choi

100

90

80

R

PLC(Random) no PLC(Random)

70

PLC(Burst) no PLC(Burst)

60

50

40 0%

3%

5%

10%

Packet Loss Rate

Fig. 11. Packet loss rate and R rating

4

Conclusions

Voice-over-IP (VoIP) uses packetized transmission of speech over the Internet (IP network) and has been thought as one of the killer application of BcN. In order for the Internet to realize a profit as traditional Public Switched Telephone Network (PSTN), it must provide competent quality of services for VoIP systems comparable to traditional PSTN systems. A successful end-to-end realization of IP telephony services presumes well-defined QoS measuring framework in the service provider’s and customer’s networks. E-Model is regarded as prominent rating technology that can be applied most properly when estimate speech quality for VoIP service because it considering about data network characteristic such as loss, delay. This paper described a practical measuring framework based on E-model for end-to-end QoS of packet switched voice in an IP environment including Packet Loss Concealment (PLC) techniques and Network Time Protocol (NTP). We also investigated the effects of packet loss and delay jitter on speech quality in VoIP scenarios. In addition to the block types defined RTCP XR, for VoIP monitoring, additional block types were defined in this paper by adhering to the RTCP XR framework.

References 1. William C. Hardy: VOIP Service Quality-Measuring and Evaluating Packet Switched-Voice, McGraw-Hill, (2003) 2. Victoria Fineberg: A Practical Architecture for Implementing End-to-End QoS in an IP Network, IEEE Communications Magazine, Jan. (2002) 122–130 3. T. Friedman, R. Caceres: RTP Control Protocol Extended Reports (RTCP XR), IETF RFC 3611, Nov. (2003)

An Architecture Framework

997

4. Jonathan Rosenberg, et. al.: SIP: Session Initiation Protocol, IETF RFC 3261, Jun. (2002) 5. Athina P. Markopoulou, Fouad A. Tobagi, and Mansour J. Karam: Assessing the Quality of Voice Communications Over Internet Backbones, IEEE/ACM Transaction on Networking, Vol. 11, No. 5, Oct. (2003) 747–760 6. Shengquan Wang, Zhibin Mai, Dong Xuan, and Wei Zhao: Design and Implementation of QoS-Provisioning System for Voice over IP, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 17, NO. 3, MAR. (2006) 276–288 7. Shengquan Wang, Zhibin Mai, Walt Magnussen, Dong Xuan, and Wei Zhao: Implementation of QoS-Provisioning System for Voice over IP, IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS02), 8. Definition of Categories of Speech Transmission Quality, ITU-T Recommendation G.109, (1999) 9. The E-Model, a computational model for use in transmission planing, ITU-T Recommendation G.107, (1998)

HOIDS-Based Detection Method of Vicious Event in Large Networks Dong Hwi Lee1, Jeom Goo Kim2, and Kuinam J. Kim1 1

Dept. of Information Security Kyonggi Univ., Korea [email protected] 2 Dept. of Computer Science Namseoul Univ., Korea

Abstract. It is very crucial in the field of security control to acquire the capability of promptly coping with various threatening elements in cyber world such as vicious worms, virus and hackings that cause enormous damage and loss across the nation within a rather short term period like the large scale network paralyzed by vicious traffic, disturbance of electronic commerce, etc. As such, it can be the fundamental measure on these sorts of threats to establish the new method of detecting the similar threats as well as to reinforce the user’s recognition of security. The purpose of this study is to analyze the problems in the existing IDS and TMS, which are monolithic in terms of detection method, and further to suggest the improved detection method and HOIDS system which is recently introduced and in test operation.

1 Introduction The large network has been entering into the era of the ubiquitous environment, creating the extravagant economic value. Nevertheless, the increase of cyber terrors such as computer virus and vicious hackings threats the foundation of the information society. Accordingly, there is high demand on the solution of these threats. Above all, there is a strong agreement on the importance of security control on the vicious worms and virus, which cause enormous damage and loss across the nation within a rather short term period like the large network paralyzed by vicious traffic, disturbance of electronic commerce, etc. While the biological virus and worms generate spontaneously, the computer virus and worms are deliberately improved by the creators. This leads to the difficulty in detecting the threats on the early stage, and shows the limitation of the existing studies. As a result, the early alert system for the cyber terrors is not in real use. The importance of early detection method is gaining the attention to overcome such limitations. Furthermore, the new virus becomes more sophisticated, automatic and diverse. The lack of human resource and technology, and the individual operation of information security system in the security institutes make the security control more difficult. In this paper we design the Honeynet based early alert system to reinforce the capability of coping with the cyber attack in the medium/large scale network, and the X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 998 – 1005, 2006. © IFIP International Federation for Information Processing 2006

HOIDS-Based Detection Method of Vicious Event in Large Networks

999

efficient detection method in each stage to improve the existing detection methods. First, we operated the HOIDS (i.e., Honey Net based IDS for early detection) that enables to forecast and judge the threat beforehand. At the same time, we implemented the security measures such as analysis of correlation of various events and threats blocking by loading the data of events collected by IDS into the consolidated Database.

2 Related Work Honey Systems are decoy servers or systems setup to gather information regarding an attacker or intruder into your system. That is, Honey Systems mean the systems revealing their effectiveness under the hacker’s attacks, and collecting the information on the intruder and then based upon such information providing the information which helps to reinforce the security. As guessing its name meaning a honey pot, the Honeypot System is used to decoy someone. [1, 2] Most studies on Honeynet and Honeypot are utilized to identify the behavioral patterns of vicious virus and worms and handle them. Especially, the Honeynet system is effective in detecting the vicious traffic in the large scale network [3]. Hellerstein estimated the volume of weekly traffic in the wired-network by applying “the Seasonal ARIMA model” for early alert on traffic[4]. In addition, F.Zang forecasted the traffic of wireless communication with the Seasonal ARIMA model[5], Groschwitz suggested the method of easily identifying both short-term and long-term errors in the traffic with each filtered signal by analyzing the original traffic in time cycle based upon the “Wavaelet Analysis[6].” Y. Shu suggest the appropriate method of forecasting the non-lineal and non-rectifying traffic in the high speed network with the “Fuzzy-AR model [7].” The most common ground of Hellerstein, F.Zang and Y.Shu is the fact that they all suggest the model enabling to forecast the possible situations occurring in the enormous volume of traffic and errors based upon the critical-value based analysis. However, the attribute of recent threats causing the traffic congestion Is evolving into the artificial intelligence method and diffusive-attacking method with irregular speed from the simple port attack or escalating attack. [8] In this circumstance, it is difficult to forecast the new cyber threat relying on the analytic method based on the quantitative measurement of traffic. This study invents the new method blocking the threats beforehand by acquiring the necessary information on the early stage instead of the quantitative measurement. Most vicious worms terrifying the internet users examine their performance in numerous hackings and then spread widely over the incubation period of weeks till moths. Accordingly, we need to understand that such vicious worms can be prevented by early identifying them with the relevant information. The study of correlation of threat and weakness in the network make it possible to forecast the cyber threat through the analysis of the correlation of N-IDS and VAS[9], Considering the recent patterns of cyber threat and weakness of N-IDS(Network Intrusion Detection System), there is a limitation in he forecast and alert on the cyber threat based upon the analytic model suggested in the above study.

1000

D.H. Lee, J.G. Kim, and K.J. Kim

3 Design of HOIDS Based Detection Method 3.1 Diagram of Structure Applying HOIDS The structure of Honeynet System consists of Honeynet System and Honeypot System. Here the structure is simplified with Honeynet System for early detection. First, IP in the specific section among the whole system is transmitted to Honeynet and specific IP is detected. The malign traffic would be primarily detected, which differs from the existing intrusion detection system. This considers each clue regarding the new threat meaningfully. Honeypot System adopts the result of each clue and input the pattern of detection in individual security equipments. The structure with 3 stages, firewall section, server section and client section from the exit point, has additional gateway section for web traffic and inter-network traffic filtering and internal network gateway section. As illustrated in the below Fig. 1, the structure is composed of security level with 4 stages. The general level of firewall is unable to get the expected blocking effect since the rapid increase of normal and abnormal traffic leads to the enormous increase of inflowing virus. Therefore, the additional gateway section is required to prevent the vicious traffic from entering into the readjusted network. The inter-network traffic filtering can detect the unknown and undetected vicious traffic. As a detection method, the HOIDS sensor is installed in the initial inflow section and each gateway section. Each IPS in the gateway blocks the internal traffic of the intruded vicious events, which serves as a firewall and detection section.

Fig. 1. The Diagram of Improved Structure applying HOIDS

3.2 Design of Security Structure Applying HOIDS HOIDS is the most important module in this improved security structure. The composition and operating structure of HOIDS are illustrated in the below Fig. 2. The cyber

HOIDS-Based Detection Method of Vicious Event in Large Networks

1001

Fig. 2. HOIDS operating structure

threat elements from the event in the individual unused IP sections are collected in the wide section of network. The potential weakness is determined through the analysis of the collected information against the pattern of the events in each security equipment. The detection method of each security equipment will be improved by analyzing the way of expansion and increase of vicious events in the Honyepot. 3.3 The Detection Process The detection process in HOIDS is illustrated in the Fig. 3 and 4. Firstly, the large scale network is divided into individual unused IP detection sections, collecting the information with each sensor by gateway. Secondly, the vicious events are divided into the matching events and non-matching events and then its threatening elements are analyzed and evaluated as shown in the Fig. 3. The detection of non-matching events are performed to detect the varied vicious events on an early stage. Thirdly, the events and information collected in various security equipments and network are fed into HOIDS Database. Fourthly, the system consolidates and evaluates the level of weakness of network and properties, the level of current expansion and distribution of worm virus, the scope of each virus variety, and the internal and external information on the threat.

Fig. 3. The HOIDS pattern matching method

1002

D.H. Lee, J.G. Kim, and K.J. Kim

Fig. 4. The Evaluation Method by HOIDS Events

Fifthly, it evaluates the threat by stages. Categorizes them by the level of threat and transmits such information into each security equipment for blocking. Sixthly, each evaluation results are fed into the Database and standardized by time frame. The standardized information is accumulated and defined as evaluation value for the accuracy of the consolidated evaluation.

4 Performance Analysis 4.1 Analysis Environment Two large scale networks at the speed of more than 1G byte test with the same security equipment for one month. The examination was performed toward real works in the network of K institute for the common analysis environment. Now that the networks were not installed with the security equipment having the improved infrastructure, the preparation work was required to install the measuring equipments and set up the appropriate environment for the targeted examination. The said K institute has 500 servers in various sizes for intranet system, 10,000 PCs for the client’s workstation and 20,000 internal users. The network structure consists of intranets and dual line network linked at the speed of 500 Mbps with the external networks. The intrusion blocking system is installed at the entrance of the intranet. In the internal structure of the intranet, the PC is connected with the server having separate mail searching system. PCs are installed with individual virus vaccine. In terms of the size of traffic, it has a large volume handling around 500 million packets per day and regularly around 50,000 sessions of network. The security equipment consists of 4 Giga bit Firewalls (including backup lines), 8 IDSs (Sun V880), 4 Giga bit IPSs, 2 VMS Servers and a single ESM (Sun ENT3500).

HOIDS-Based Detection Method of Vicious Event in Large Networks

1003

The A network is installed with the HOIDS and improved security structure as shown in the Fig. 5.

Fig. 5. A Network’s analysis model structure

The B network is installed with the existing security structure as shown in the Fig. 6.

Fig. 6. B Network’s analysis model structure

In the A network, the information about HOIDS cyber threat is announced through the company network and the application of security equipment rules with analysis result of HOIDS. The same security equipments such as VMS, F/W, IDS and IPS are installed. We evaluated the performance by examining the VMS statistics for 3 months. For two months, the statistics were calculated without the application of the improved security structure in both A network and B network. For the third month, they were calculated by applying the improved security structure in the A network. 4.2 Analysis Result The results in the Table 1 and Table 2 show the similar developments in the average for the first and second month. On the other hand, the A network with the improved security structure and HOIDS has more than 40% decreases in the number of worm virus comparing with one of B network for the third month. In the graphs of the Fig. 7

1004

D.H. Lee, J.G. Kim, and K.J. Kim Table 1. The number of Virus Infection in the A network

Month Worm Trojan Mail Total Vs. pre month

1 143,221 21,682 39,458 204,368 100%

2 112,684 15,703 38,990 167,385 82%

3 58,129 9,823 18,536 86,497 52%

Table 2. The number of Virus Infection in the B network

Month Worm Trojan Mail Total

1 138,933 19,872 51,240 210,052

2 156,129 12,763 33,150 202,050

3 121,785 13,165 28,775 163,734

Vs. pre month

100%

96%

81%

Fig. 7. The graph of Virus in A Network

Fig. 8. The graph of Virus in B Network

HOIDS-Based Detection Method of Vicious Event in Large Networks

1005

and Fig. 8, the A network has more than 50% decrease and the B network has around 20% decrease comparing with the second month. In other words, we can estimate that the A network have further decrease of around 30%. Especially we can note that this is effective in blocking the worms causing vicious traffic in the certain pattern and the worms spreading out through the mails.

5 Conclusion This paper focused on the improved and efficient model of the large scale network structure and detection method in terms of the structure to cope with the new vicious traffic patterns gaining their strength of threat. For this purpose, the security equipments with the improved structure were installed by the level of threat and service. HOIDS was installed as a detection method to early detect the vicious events, which were not detected in the existing method, and prevent them from spreading out with a rapid blocking. We conclude that the vicious traffic can be efficiently blocked by the consolidated approach such as early detection and recognition of the exact pattern of vicious traffic, and blocking and prevention of such traffic.

Acknowledgement This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment).

References 1. Nicolas Vanderavero, Xavier Brouckaert, Olivier Bonaventure, Baudouin Le Charlier. "The HoneyTank: a Scalable Approach to Collect Malicious Internet traffic".IEEE2004 RTSS04, Session 1, 2004.12 2. Dong-il Seo, Yang-seo Choi, Sang-Ho Lee. “Design and Development of Real Time Honeypot System for Collecting the Information of Hacker Activity”, KIPS 2004, VOL. 10 NO.01 pp.1941~1944, 2003.05 3. http://www.Honeynet.org,"Honeynet Project Overview", 2005.4 4. J.L Hellerstein, F.Zhang, P. Shahabuddin. “A Statistical Approach to Predictive Detection”, Computer Networks, vol 35, pp77-95, 2001 5. F.Zang, J.L Hellerstein. “An Approach to On-line Predictive Detection”, In Preoceedings Of 8th International Symposium on Modeling. ASCTS, 2000 6. N.K Groschwitz and G. C. Polyzos. “A Time Series Model of Long-Term NAFNET Backbone Traffic”, In proceedings of IEEE International Conference on Communications, 1994 7. Y. Shu, M. Yu, J Liu. “Wireless traffic modeling and prediction using seasonal ARIMA models”, In proceedings of IEEE International Conference on Communications,v.3, 2003 8. http://info.ahnlab.com/ahnlab/report_view.jsp?num=416 9. Ho-Kun Moon, Jin-gi Choe, Yu Kang, Myung-soo Rhee. “The study of correlation of threat and weakness in the network make it possible to forecast the cyber threat through the analysis of the correlation of N-IDS and VAS”, Korea Institute of Information Security & Cryptology, 2005

New Handoff Control Method Using Fuzzy Multi-Criteria Decision Making in Micro/Pico-cellular Networks Jong Chan Lee1, Dong Li 1, Ki Hong Park1, and Hong-Jin Kim2 1

Dept. of Computer Information Science, Kunsan National Univ., Korea [email protected] 2 Dept. of Computer Information, KyungWon College, Korea [email protected]

Abstract. It is widely accepted that the coverage with high user densities can only be achieved with small cell such as Micro / Pico-cell. The smaller cell size causes frequent handoffs between cells and a decrease in the permissible handoff processing delay. This may result in the handoff failure, in addition to the loss of some packets during the handoff. In this paper we propose new handoff control scheme in the next generation mobile communications, in which the handoff setup process is done in advance before a handoff request by predicting the handoff cell based on mobile terminal’s current position and moving direction.

1 Introduction Next generation mobile communication systems are considered to support various types of high-speed multimedia traffic with packet switching at the same time. To do that, more upgraded quality of service and system capacity are needed. Due to the limitations of the radio spectrum, the next generation wireless networks will adopt Micro/Pico-cellular networks for various advantages including higher data throughput, greater frequency reuse, and location information with finer granularity. In this environment, because of small coverage area of Micro/Pico-cells, the handoff rate grows rapidly and fast handoff support is essential [1]. We propose a new method that makes it possible to avoid a handoff failure by performing the handoff setup process in advance before a handoff request in order to shorten the handoff delay, in which the handoff cell is selected based on the direction information from a block information database and the current position information from Position Estimator (PE) using Fuzzy Multi-Criteria Decision Making (FMCDM). To enhance estimation accuracy, we propose a scheme based on FMCDM which considers multiple parameters: the signal strength, the distance between the BS and a Mobile Terminal (MT), the moving direction, and the previous location. For predicting the MT’s movement to the handover cell, we also propose the use of a block information database composed of block objects for mapping into the positional information provided by the PE. X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 1006 – 1011, 2006. © IFIP International Federation for Information Processing 2006

New Handoff Control Method Using FMCDM in Micro/Pico-cellular Networks

1007

2 Defining Location The position of a MT within a cell can be defined by dividing each cell into tracks and blocks, and relating these to the signal level received by it at that point. It is done automatically in two phases of track definition and block definition. Then the block information database is constructed with these results. The system scheme estimates in stepwise the optimal block at which the MT locates with the help of the block information database and the position information for PE. Three classified tracks are used to predict the mobility of the MT as shown in Fig. 1. Each cell consists of track_1 as a serving cell area, track_2 as a handoff cell selection area, and track_3 as a handover area, where the handoff area is defined to be the area where the received signal strength from the BS is between the handoff threshold and the acceptable received signal threshold. Within this area, a handoff is performed to the BS with the highest signal strength.

Track_3 (x 11, y11)

(x12, y12)

Track_2 (x1, y1)

Track_1

(x 14, y14)

(x13, y13)

(x, y)

Fig. 1. Dividing a cell into tracks and Identifying the block using the vector

The collection of block information is called the block object. The block object contains the following information: BlockId, BlockLocationInfo indicating the information on the block’s location within a cell comprised of one center point and four of area point; HandoffCellId indicating the adjacent cells to which a MT may hand over in this block; NextBlockId indicating another block within track_2 which may be traveled by a MT; VerificationRate indicating verification rate for the selected handover cells. Each MT updates periodically his mobile object which represents his current state for handover.

3 Mobile Tracking Based on FMCDM PSS i In our method, the received signal strength ( ), the distance between the mobile Di Li C , the previous location , and the moving direction i are and the base station considered as decision parameters. Each decision problem involves n alternatives and m linguistic attributes corresponding to m criteria. Thus, decision data can be organized in m × n matrix. The decision matrix for alternatives is given by Eq. (1).

1008

J.C. Lee et al. ª μ R ( PSS11 ) μ R ( D12 ) μ R ( L13 ) μ R (C14 ) º « μ ( PSS ) μ ( D ) μ ( L ) μ (C ) » 21 R 22 R 23 R 24 » « R μ = « μ R ( PSS 31 ) μ R ( D32 ) μ R ( L33 ) μ R (C34 ) » « » ... ... ... ... » « «¬ μ R ( PSS n1 ) μ R ( Dn 2 ) μ R ( Ln 3 ) μ R (Cn 4 ) »¼

(1)

The weighting vector for evaluation criteria can be given by using linguistic terminology with fuzzy set theory [2-3]. Weighting vector W is represented as Eq. (2).

W = ( wiPSS , wiD , wiL , wiC )

(2)

By multiplying the weighting vector by the decision matrix, the performance matrix is given by Eq. (3). GMV (Generalized Mean Value) [2-3] is used for ranking the alternatives according to the aggregated criterion. The GMV for alternatives is represented as Eq. (4). m( μ n ) =

(C i + Di ) 2 − ( Ai + Bi ) 2 + Ai ⋅ B i − C i ⋅ Di 3 ⋅ [(C i + Di ) − ( Ai + Bi )]

(4)

where Ai = μ R ( PSSn1 ) × wiPSS , Bi = μ R ( D n 2 ) × wiD , and C i = μ R ( L n 3 ) × wiL , Di = μ R (C nm ) × wiC respectively.

4 Direction Based Handoff Method 4.1 Selection of Handoff Cells

The basic principle of the handoff cell selection is list as follow: 1. Position information creation and the measurement of the received signal stren gths from the active cell and Surrounding cells, the PE determines MT’s positio n based FMCDM. First candidate cell set is obtained from the measurement of t he downlink channel quality of the active cell and the surrounding cells. 2. Block selection, system selects the corresponding block object by comparing th e computed position by PE with the BlockLocationInfo of each block object. Ha ndoff cell set is obtained from the selected block object. 3. The first effectiveness inspection, the first effectiveness inspection between the f irst candidate cell set and the handover cell set is done. The exception handling is done if there is no correspondence between the two. 4. Handoff cell selection, if an effectiveness inspection for the selected block is co mpleted, handoff cells are determined from HandoffCell Id information of the b lock object. 5. The registration of the handoff cell information, the handoff cell information is registered to a cell management table.

New Handoff Control Method Using FMCDM in Micro/Pico-cellular Networks

1009

A

MT’s position within a cell is computed based on FMCDM

MT measures the downlink channel quality from the active cell and the surrounding cells

T_1< signal strength from active cell < T_3

No

Yes Handover system performs the first effectiveness inspection

No

Handover cell selection stop

Is that result effective ?

Yes i = 0, n Perform the exception handling

No

Is the position value included to BlockLocationInfo of a block object i

Yes Handover system determines handover cells from NextCellId information of the block object i

Handover system registers the first candidate cell set and handover cell set in the cell management table

End

Fig. 2. Flowchart of a handoff cell selection algorithm

Fig. 2 shows a handoff cell selection procedure. Each MT’s position information from PE is valid only in track_2. Therefore, the handoff cell selection process is terminated if a MT is located at other tracks. The first effectiveness inspection between the first candidate cell set and the handoff cell set is done, and if there is no correspondence between the two, the exception handling is performed. If one more cells are same, Handoff system selects an optimum handoff cell based on the resource availability. 4.2 Handoff Pre-processing

Using information on the MT’s handover cells determined from the above handoff cell selection algorithm, two level handoff process, radio level and network level, is performed as shown in Fig. 3. ƒ The radio level handoff process is performed for the conversion of radio link – modem reconfiguration, synchronization setting and so forth - from previous access point to new access point. ƒ The network level handoff process is performed for packet buffering and rerouting, for the purpose of supporting the radio level handoff.

1010

J.C. Lee et al.

Fig. 3. The flowchart of a handoff pre-processing procedure

4.3 Handoff Decision

For a handoff decision, a MT will search the neighboring BSs using the information on the handoff cells selected from the above handoff cell selection algorithm. Three types of handoff can be provided, namely forward handoff, backward handoff and reconfiguration. A forward handoff is done if the handoff cell set is identical with the set of the second candidate cells, and backward handoff with MAHO procedure is done if the handoff cell set does not correspond with the second candidate cell set, and reconfiguration is done if the position traveled by the MT is another block within track_2. The MT reports his handoff completion to a handover system through the target cell, and the handoff system requests the release of the connections related with the MT. An old cell releases all the resource allocated for the MT, reports the result to the handoff system.

5 Simulation Results Fig. 4 (a) shows the handoff failure rate versus the session arrival rate. The solid curve represents the prediction based handoff method applied and the dashed curve represents a previous handoff method. The major cause of the handoff failure is because of the prediction error caused by PE. It can be seen that the prediction error does very largely with increase in the PE error. The proposed method performs the handoff setup process in advance before a handoff request by predicting the handoff cell based on each MT’s current position so that the handoff failure can be reduced. Fig. 4 (b) shows the effect of the proposed method on packet loss rate. It is observed that the proposed method provides a noticeable improvement over the conventional

New Handoff Control Method Using FMCDM in Micro/Pico-cellular Networks

with pre-processing without pre-processing

with pre-processing

Handoff Dropping rate

1011

Packet loss rate

without pre-processing

Session arrival rate (sec)

(a) Handoff dropping rate

Session arrival rate (sec)

(b) Packet loss rate

Fig. 4. The comparison of handoff failure rate and packet loss rate

scheme, because the MT has already established synchronization to the BS in target cell and switches its Tx to target BS while stop communicating with the original BS at the same time after the cell search procedure so that there will be data lost for uplink 0f 2~4 frames due to the uplink synchronization and there’s no data lost for downlink.

6 Conclusion This paper main goal is to address the problem of handoff failure for MTs as they move from one position to another at high speeds in small cell environment. In this scheme, the handoff connection setup process is established prior to the handoff request. The handoff cell is predicted by the MT’s position and direction and a database that includes the MT’s position information. Further researches are required on their implementation and applications to the handoff.

References 1. M. Ergen, S. Coleri, B. Dundar, A. Puri, J. Walrand, and P. Varaiya, “Position Leverage Smooth Handover Algorithm”, IEEE ICN 2002, Atlanta, 2002. 2. C. Naso and B. Turchiano, "A Fuzzy Multi-Criteria Algorithm for Dynamic Routing in FMS," IEEE ICSMC’1998, Vol. 1, pp. 457-462, 1998. 3. C. H. Yeh and H. Deng, "An Algorithm for Fuzzy Multi-Criteria Decision Making," IEEE ICIPS’1997, pp. 1564-1568, 1997.

Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications Hyung Jin Kim1, Jin-Tae Kim2, and Kee Yeon Hwang3 1

Dept. of Urban Plan. and Eng., Yonsei Univ., Seoul, Korea [email protected] 2 Div. of Traffic Manag. and Planning, Seoul Metropolitan Police Agency, Korea [email protected] 3 Dept. of Urban Plan. and Design, Hongik Univ., Seoul, Korea [email protected]

Abstract. Wireless communication technology has been introduced in the field of Intelligent Transportation Systems (ITS) in the past decades, and its applicability has been widely expending. Feasibility of the IR-DSRC based vehicle detection systems in measuring vehicle speed was tested as a possible alternative of the conventional inductive loop based systems requiring high construction and maintenance cost. It was found from the field test that the speed data from the IR-DSRC detection systems were statistically identical to the ones from the loop based systems at 95% confidence level.

1 Introduction ITS has been highlighted in the past decades as possible solutions to resolve traffic congestion and to provide sophisticated information service to road users. Researches in the field of ITS have been robustly conducted in depth with diverse interests. Various ITS subsystems can be categorized depending upon their usability. Ones of the ITS subsystems highly recognized by users include Adaptive Traffic Control Systems (ATCS), Electrical Toll Collection Systems (ETCS), and Advanced Traveler Information Systems (ATIS). With their own scopes and interests, functionality of these systems has been extended. Applicability of their core technologies has been expanded. The boundaries of those ITS subsystems are recently being overlapped [1, 2]. It has been recognized in the field of ITS that a conventional loop based vehicle detection technology suffers for practical limitations in its reliability. Repetitive repairing and frequent constructions on some of urban highway sections has caused cutting of header and feather cables connecting loops to controllers. It makes the systems be in rest for a certain period and thus performance of ITS be ineffective. It also has a problem with data accuracy when a length of feather line becomes long [3]. A new technology enhancing stability and reliability of the vehicle detection systems for successful traffic surveillance is highly needed [4]. ETCS has been widely implemented in various cities and nations. It provides drivers with driving convenience at tollgate areas by removing drivers’ maneuvers and time required to pay toll fees. Dedicated Short Range Communication (DSRC) is core technology that allows vehicle-to-roadside communication with the On-board X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 1012 – 1020, 2006. © IFIP International Federation for Information Processing 2006

Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications

1013

Equipment (OBE) installed inside of vehicles and the Road-side Equipment (RSE) installed nearby the road. ETCS collects toll fees from moving vehicles by utilizing DSRC technology. This allows road users to pass the toll gate area without stopping. The ETCS service has widely been recognized and used by many road users. Due to driving convenience, the number of vehicles equipped ETCS OBE is being increased. Those vehicles with ETCS OBE are running not only on freeways but also on urban highways. If the vehicles are treated as probe vehicles and a number of RSEs are equipped on roadsides, there would be a chance to collect valuable traffic information from urban highway networks. Conventional loop based systems, requiring high construction and maintenance cost, can be replaced with the DSRC based detection systems, as long as the accuracy of the data meet the system requirements. This paper presents a study conducted to test feasibility of IR-DSRC as an alternative to collect speed information from an approach at a signalized intersection in urban traffic networks. A pair of sample speed data was prepared from field tests with the conventional loop and the IR-DSRC detection systems. They were compared to answer if the ones from IR-DSRC were statistically different from the others from the conventional loop-based detection systems.

2 Wireless Communication in ITS Automated Traffic Surveillance and Control (ATSAC) is the traffic signal control systems in Los Angelis metropolitan area in the United States [5, 6]. Victor et al. [6] tested 900 MHz wireless communication as an alternative to the conventional fiberbased communication utilized in ATSAC. They proposed that a server collect the raw data at the local controller level once a 0.5 seconds and found that each local controllers belonged to ATSAC was always connectable to the server at least 1.0 times a second despite heavy communication load. They employed a dynamic communication path searching algorithms to make it possible. Communication frequency level, 900 MHz, however, is open to the public. Although it makes it easy to utilize wireless communication in the bandwidth, this makes the systems be vulnerable due to interruptions from conventional communication systems, such as laser scanners at convenience stores. In recent decades, DSRC technology has been extensively introduced in the field of ITS. DSRC allows vehicles to communicate with RSE with either 5.8 G-Hz radio frequencies (RF) or infra-red (IR). Communication range of IR-DSRC can be adjusted from a couple of meters to several hundred meters based on its usage. Klein [7] employed IR-based wireless communication systems to deliver a video streaming data from field to traffic management center in Anaheim, CA. He reported that IR communication method can deliver a video streaming data at acceptable level and that this IR-based technology increases efficiency of the systems. Korea Transport Institute (KOTI) [1, 2] has developed a Wireless Interface Signals for Dynamic and Optimal Management (WISDOM) which performs as a single platform providing with traffic control scheme and information systems. Both IR-based and RF-based wireless communication systems were tested in their study.

1014

H.J. Kim, J.-T. Kim, and K.Y. Hwang

3 Methodology Feasibility of IR-DSRC in measuring vehicle speed was tested through comparison between speed data measured by the IR-DSRC and the conventional loop systems. For the test, a pair of speed data was collected with the subjected detection systems. A set of test scenarios was developed, and based on the scenarios field data collection was made. A field test site was carefully designed for simultaneous operation of two different vehicle detection systems. The westbound approach at a signalized intersection on Creek-side street in Anyang, Korea, was selected as a test site. Fig. 1 shows configuration of IR-DSRC and loop detection systems prepared for the test. A pair of IR-RSE antennas, numbered 1 and 2 as shown in the figure, was installed at 150 m upstream from a stop line. Distance between those antennas was set to 15 m, which is critical to avoid overlapping of communication (detection) areas of IR-DSRC. The antennas were wired to RSE that gathers information from them.

Fig. 1. Configuration of the field test site

A conventional dual loop detector was installed at the detection zone of IR-antenna numbered 1 (see Fig. 1). It consists of dual loops separating 4.3 m away (see Fig. 2). Speed data were measured on the middle lane of the subjected approach with the subject detection systems.

Fig. 2. Loop detectors at the field test site

Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications

1015

As depicted in Fig. 1, the detection area of IR-DSRC is longer than the one of the conventional dual loop systems. The long detection area always averages out the changes of speed. At certain speed levels, such changes of speed between the detection areas would not be trivial. It may influence the speed estimation significantly with IR-DSRC. In addition, there is a chance, in a successive vehicle arrival, that there is more than one vehicle exists between detection zones 1 and 2. Four vehicles (auto) were employed as probe vehicles for the study. Those vehicles were asked to pass the detection zone individually and in platoon. Table 1 presents the test scenarios developed for the study. For field tests, drivers driving probe vehicles were asked to maintain at certain speed levels. Speed data were simultaneously measured by the subject detection systems. Table 1. Design of experimental tests and the number of samples collected

Test types

Individual vehicle test (single data sampling)

Platoon test (consecutive data sampling; 4 vehicles in platoon)

Intended running speed (km/h) 20 30 40 50 60 20 30 40 50 60 Total

The number of tests performed 4 4 8 4 4 2 2 2 2 2

The number of Samples collected 4 4 8 4 4 8 8 8 8 8 64

Individual vehicle tests reflect situations that vehicles drive with sufficient headways. This test was designed to check if the speed measured by IR-DSRC is at an acceptable level. Platoon tests reflect the situation that a platoon of vehicles enters a detection zone at once. This test was to check if the performance of IR-DSRC is able to detect successive vehicle arrival with short headways. The platoon based data collection was performed twice at each speed level. The IR-DSRC detection systems compute the vehicle speed based on a distance between two detection areas and the difference of time that vehicle enters to each of those. The numerical computation can be expressed as Equation 1. Speed data measured by the IR-DSRC systems with Equation 1 were compared to the ones from the dual inductive loop detector. S = ( 3 , 600 × d ) / {1 , 000 × ( t 1 − t 0 ) } where, S = speed (km/h), d =distance between antennas (m), t 0 =time when a vehicle was entered to the first IR-communication zone, and t1 =time when a vehicle was entered to the second IR-communication zone.

1016

H.J. Kim, J.-T. Kim, and K.Y. Hwang

When each test trial finishes, the probe vehicles should be repositioned to the initial place for the next trial, and a test coordinator who is at outside of the vehicles nearby detection areas should search for a proper time to start the next trial. The coordinator was asked to find a situation (such as signal timing and queue length) that probe vehicles can maintain their intended speed. A single test trial producing four speed data with four probe vehicles took about 20 minutes.

4 Analysis and Results Table 2 presents the data collected through a set of individual vehicle test trials. Total 24 test trials were made, and total 23 pairs of speed data were collected. A single case was dropped from the study – a speed data at 30 km/h level was not detected with loop detector. The IR-DSRC data corresponding to it was thus discarded. Table 2. Speed data collected from individual vehicle tests Intended speed (km/h)

Loop Time (millisecond) 1 15:15:11.23 2 15:15:27.14 20 3 15:15.53.79 4 15:16:09.70 1 15:20:26.04 301) 2 15:20.59.08 3 15:21:20.52 1 15:25:16.60 2 15:25:26.19 3 15:25:52.53 4 15:26:11.35 40 5 15:30:51.22 6 15:31:02.99 7 15:31:21.42 8 15:31:33.84 1 15:34:57.91 2 15:35:15.42 50 3 15:35:21.49 4 15:35:58.29 1 15:40:11.83 2 15:40:21.59 60 3 15:42:35.40 4 15:42:50.27 1) One missing data (loop detector). Test index

Speed (km/h) 22 20 20 16 29 28 28 38 37 28 36 41 37 48 36 53 31 47 44 59 61 55 53

IR-DSRC Time Speed (millisecond) (km/h) 15:15:13.23 20 15:15:29.08 22 15:15:56.01 21 15:16:12.41 17 15:20:27.49 26 15:21:00.52 30 15:21:22.11 29 15:25:17.69 34 15:25:27.24 39 15:25:54.08 29 15:26:15.34 38 15:30:52.24 36 15:31:04.05 39 15:31:21.85 41 15:31:34.96 38 15:34:58.77 44 15:35:16.88 45 15:35:22.38 48 15:35:59.31 47 15:40:12:49 52 15:40:22.24 61 15:42:36.18 57 15:42:51.04 55

Difference (km/h) -2 +2 +1 +1 -3 +2 +1 -4 +2 +1 +2 -5 +2 -7 +2 -9 +14 +1 +3 -7 0 +2 +2

The detection time of IR-DSRC in Table 2 represents the vehicle entering time to the detection zone numbered 2 (see Fig. 1). Differences between speed data collected from IR-DSRC and loop detectors range from -9~+14 km/h.

Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications

1017

Table 3 presents the speed data collected through a set of platoon vehicle test trials. Total 40 vehicles in platoon were tested, and total 36 pairs of speed data were collected. Four cases considered in the test trial were dropped from the study – four speed data at 20 km/h and 30 km/h levels were not detected with loop detector. The IR-DSRC data corresponding to them were also discarded. Differences between speed data collected from IR-DSRC and loop detectors range from -6 ~ +13 km/h. Table 3. Speed data collected from platoon vehicle tests Intended speed (km/h)

Loop IR-DSRC Time Speed Time Speed (millisecond) (km/h) (millisecond) (km/h) 15:48:40.87 20 15:48:42.95 19 1 15:48:43.48 20 15:48:45.53 21 15:48:47.84 18 15:48.50.34 19 1) 20 16:10:34.01 20 16:10:36.15 18 2 16:10:40.00 17 16:10:40.14 20 16:10:42.37 16 16:10:42.61 18 15:54:45.11 27 15:54:45.65 25 15:54:46.55 27 15:54:48.05 29 1 15:54.48.57 27 15:54:50.23 25 2) 30 15:54:50.13 27 15:54:51.68 28 16:15:08.55 30 16:15:09.97 26 2 16:15:10.52 27 16:15:11.97 29 16:00:22.83 40 16:00:23.87 36 16:00:24.17 37 16:00:25.23 38 1 16:00:25.38 38 16:00.26.54 37 16:00:26.64 37 16:00:27.78 39 40 16:20:14.39 38 16:20:15.33 34 16:20:16.32 38 16:20:17.43 39 2 16:20:17.50 37 16:20:18.57 39 16:20:18.39 38 16:20:19:53 40 16:05:10.13 48 16:05:11.02 43 16:05:11.50 48 16:05:12.36 48 1 16:05:12.63 47 16:05:13.54 48 16:05:14.34 45 16:05:15.31 46 50 16:25:03.78 50 16:25:04.60 44 16:25:05.55 49 16:25:06.39 48 2 16:25:06.76 46 16:25:07.73 46 16:25:07.83 45 16:25:08.75 47 16:32:47.64 58 16:32:48.28 55 16:32:48.91 58 16:32:49.61 61 1 16:32:50.12 59 16:32:50.84 60 16:32:54.55 44 16:32:52.06 57 60 16:37:46.27 59 16:37:46.95 54 16:37:47.84 58 16:37:48.54 59 2 16:37:49.00 54 16:37:49.72 57 16:37:49.97 53 16:37:50.76 56 1) Two missing data (loop detector), Two missing data (loop detector) Test index

Difference (km/h) -1 +1 +1 -2 +3 +2 -2 +2 -2 +1 -4 +2 -4 +1 -1 +2 -4 +1 +2 +2 -5 0 +1 +1 -6 -1 0 +2 -3 +3 +1 +13 -5 +1 +3 +3

1018

H.J. Kim, J.-T. Kim, and K.Y. Hwang

65 60 55

Speed (km/h)

50 45 40 35 30 25 20 15 10 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59

Samples

IR-DSRC

Loops

Fig. 3. Comparison between speeds from the loop and the IR-DSRC based detectors

Sample data from the IR-DSRC and conventional loop detectors were graphically compared (see Fig. 3). The comparison results visualize that those samples are in similar shape with higher fluctuation with the loop detector than the one with IRDSRC. A set of statistical tests was performed to check if those samples were close enough to consider them as statistically identical. To check whether those samples share unique features in their distribution, a paired t -test was conducted at 95% significant level. Table 4 presents the test results. The results support that the speed data collected from the IR-DSRC systems are statistically identical to the ones from the conventional loop detectors – rejection of null hypothesis.

H 0 : Samples from conventional loop and IR-DSRC are from same population H a : Samples from conventional loop and IR-DSRC are from different populations Table 4. Results of a paired

t -test performed at 95% significant level

Summary

Paired Difference s

Average Std. Deviation Std. Error Lower Limit Significant range At 95% significan Upper Limit ce

Difference between speeds measured by loops and IR-DSRC 0.22 3.878 0.505 -0.79 1.23

t df

0.436

Significance (two-tailed)

0.664

58

Test of IR-DSRC in Measuring Vehicle Speed for ITS Applications

1019

It is necessary to test the performance of the detection systems at various traffic flow conditions. The speed data were grouped into five different: 20 km/h, 30 km/h, 40 km/h, 50 km/h, and 60 km/h. At each level, a statistical test, a goodness-of-fit test, was conducted by designing the hypothesis as follows:

H 0 : Speeds measured by Loops  Speeds measured by IR-DSRC H a : Speeds measured by Loops = Speeds measured by IR-DSRC Table 5 summarizes the test results. It can be concluded from the results that the speed data collected from the IR-DSRC systems are statistically identical to the ones from the conventional loop detectors at 95% significant level. Same result applies to all five speed levels. Table 5. Results of goodness-of-fit tests at different speed levels Speed (km/h) 20 30 40 50 60

χ2 1.085587 1.738862 4.109437 7.956877 5.176488

df 8 8 15 11 11

χ 2 (d . f ,0.05)

H0

21.9550 21.9550 32.8013 26.7569 26.7569

Reject Reject Reject Reject Reject

5 Conclusion In the past decades, wireless communication technology has been introduced in the field of ITS, and its applicability has been widely expending. In this study, feasibility of the IR-DSRC based detection systems in measuring vehicle speed was tested as a possible alternative of the conventional loop based detection systems. In practice, it would be advantageous to have the less expensive traffic surveillance systems requiring inexpensive maintenance cost. The IR-DSRC based technology highlights less initial construction and repairing costs. Based on the sample speed data sets collected from the field test, it was found that the speed data from the IR-DSRC detection systems were statistically identical to the ones from the loop based systems at 95% confidence level. It supports to conclude that the IR-DSRC based system is feasible in measuring vehicle speeds in urban network. It was experienced that the IR-DSRC systems detected 100% of all test trials. However, the loop based systems did not detect some of vehicle data. The limitation of this study is the small number of sample data due to the test-consuming field test procedure. Further studies with the increased number of samples are recommended.

References 1. Development of Next Generation Traffic Signal Control System Utilizing Wireless Communications (Phase 1): Final Report, National Transportation Core Technology Research and Development, The Korea Transport Institute, 2004

1020

H.J. Kim, J.-T. Kim, and K.Y. Hwang

2. Development of Next Generation Traffic Signal Control System Utilizing Wireless Communications (Phase 2): Final Report, National Transportation Core Technology Research and Development, Korea Transport Institute, Transportation, 2005 3. Oh Y.T., Kim N.S., Kim S.H., Song K.H., A study of Relative Feeder-cable Length and Vehicle Detection Length of Loop Detector, J. of Korean Society of Transportation, Vol. 22-3, pp85~94, 2004 4. Enhancing Reliance of Inductive Loop based Traffic Data, National Police Agency, 2003 5. Los Angeles Spread Spectrum Radio Traffic Signal Interconnect Practical Lessons Learned Evaluation Report, Final Report, Booz-Allen & Hamilton, 1999 6. Victor O.K., Li S.S., Chan T.K. and Zhuge L., Los Angeles Spread Spectrum Radio Traffic Signal Interconnect Evaluation Task: Final Report on Full Deployment, 1998 7. Klein L.A., Mobile Surveillance and Wireless Communication Systems Field Operational Test, Final Report, California PATH, 1999

A Grid Routing Scheme Considering Node Lifetime in Ubiquitous Sensor Networks* Sangjoon Park1, Sok-Pal Cho2, and Byunggi Kim3 1

Info. & Media Tech. Institute, Soongsil Univ., Korea Dept. of C & Comm. Eng., Sungkyul Univ., Korea 3 School of Computing, Soongsil Univ., Korea [email protected]

2

Abstract. Ubiquitous Sensor Networks (USN) environment is composed of dense nodes of Ad-Hoc network structure which has small size node, low power and low calculation ability. Sensor nodes have constraints in operation which small size and distribution features so that they should be operated using low power. In this paper we propose a grid computing scheme to solve limited energy problems which can maintain the energy consumption as a same level though measuring remain energy with analyzing energy consumption of nodes. We confirm the improvement of survival time of entire nodes and less variation of topology in case of our proposed scheme through simulation.

1 Introduction USN is a network that forms ad-hoc network structure, in which small sensor nodes clustered together monitor surrounding environment and gather information. The information can be gathered in various fields from general environments in daily life to specific environments hardly controlled by human. Small sensor nodes sense, calculate, store, communicate, and transmit the information. The need for USN is being increased from day to day because USN takes charge of an important role, which provides very useful information in important and serious situations of daily lives, military situations, or disasters on the basis of wireless sensor communication techniques [1]. In sensor networks, the difference between required traffics or between applied methods occurs depending on characteristics of sensor nodes or its application fields. Therefore, new protocol, which is different from existing protocols of cellular or ad-hoc network, is needed [3]. There are also many limitations, which are driven by characteristics that sensor nodes use small amount of electricity to process its tasks due to its small size and its distributional characteristics. Various approaches have suggested many methods considering usage of limited electricity [4][5], but most of the approaches may not consider effectiveness of total nodes. Communication in USN environment normally uses broadcasting method [7], and almost instances of the routing method usually use Flooding or Gossiping method. However, energy waste problem can occur on the part that is duplicated or excluded * This work was supported by the Korea Research Foundation Grant (KRF-2004-005-D00147). X. Zhou et al. (Eds.): EUC Workshops 2006, LNCS 4097, pp. 1021 – 1030, 2006. © IFIP International Federation for Information Processing 2006

1022

S. Park, S.-P. Cho, and B. Kim

in the path establishment. It can be a serious problem depending on selection of routing paths. Another problem of existing methods is that excessive energy consumption or accuracy depreciation in the traffic transmission can also occur [6]. In addition, traffic overload can be concentrated over specific nodes in many cases and it makes some nodes lose their ability. Handling these problems increases energy consumption and it creates another problem that the accuracy of traffic transmission is decreased. In this paper, we suggest grid algorithm-based routing method as a solution of these problems. This method is different from existing methods using grid points [6][8], because it uses transmission radius of sensor nodes when grids are produced. Our method conserves significant amount of energy and keeps regularly energy consumption using a simple measurement of remaining amount of energy, and it is not difficult to set transmission paths. The remainder of this paper is structured as follows. In section 2, we suggest grid algorithm which uses the energy consumption model and energy level concept described in section 2. In section 3, we analyze and verify our grid algorithm using performance assessment. Finally, section 4 shows the conclusion.

2 Grid-Based Routing Algorithm 2.1 Energy Level of Sensor Node Basically, the transmission method of sensor nodes uses a broadcasting method which transmits traffic to all surrounding nodes. The broadcasting method is shown in Fig. 1. To use a flooding or another routing method creates energy wasting problem during the traffic transmission process because of extended directions, increased traffic, or wrong routing path selection [9]. For reduction of the energy waste due to wrong routing, this grid algorithm proposes a new concept, transmission level. It is a transmission method that transmits traffic through the corresponding transmission level by setting transmission level to each node from sink to destination depending on its transmission radius. In this method, each node receives the information in their transmission level, and sends it to another node in previous transmission level. It can minimize the waste of transmission traffic because of the confusion of direction. For this transmission level, we add 2 bit field. The value of the field can be 4 different values: 00, 01, 10, and 11. As shown in Fig. 2, transmission level classifies the radius that a node’s transmission can be reached.

Fig. 1. Node broadcasting

A Grid Routing Scheme Considering Node Lifetime in USN

1023

Fig. 2. Generating process of transmission level

Fig. 3. Transmission rage of sink

As shown in Fig. 2, every node received the initial routing information in transmission radius of sink gets 01(1) as the value of transmission level. Then, new nodes received the routing information from these nodes get 10(2), and next nodes get 11(3), and so on. However, the transmission level provides only 2 bits so that the value must be repeated as a loop structure: 01, 10, 11, 01, 10, 11, 01 … The value 00 is used to distinguish sink from others. Fig. 3(a) shows previous state that transmission level is not generated yet, and Fig. 3(b) shows latter state that the generation of transmission level has been finished. In Fig. 3(a), a transmission radius is shown around sink. Each node has its own transmission radius, and the radius is synchronous with others. Because of the synchronous characteristics, it is possible to communicate with each other from both directions. The decision of transmission level is achieved by Flooding method, and it has been decided in order during the period in which the routing process of path is being processed. The value of transmission level of a node is decided by using the information received from its surrounding nodes. After the decision of transmission level, the traffic transmission from the destination to sink is carried out in

1024

S. Park, S.-P. Cho, and B. Kim

Fig. 4. Transmission level decision in case of that a new node is added

reverse order. When traffic is transmitted through transmission level, the only thing we have to consider is that the transmission level which has the value 01(1) or 11(3) is repeated again. Above transmission level is also adaptable to the change of network. If a new node is added or deleted, its transmission level can be decided by transmitting the information that shows the relation with surrounding nodes. This method is much easier to adapt to topology than other existing methods, and Fig. 4 shows it as a picture. In Fig. 4, we can see that a new node receives signals of all transmission levels (1, 2, 3). In this case, lower or higher level is recognized as its higher or its lower level. Accordingly, the medium value, transmission level 2, is the transmission level of the new node. Almost transmission levels have values which is one-level higher than the smallest number (1). 2.2 Dynamic ID Generation for Node Identification In Broadcast routing method, a sender node sends traffic to all nodes in its transmission radius. Because of this transmitting method, unnecessary energy consumption can takes place. Dynamic ID generation method suggested in this paper creates the minimum number of identifiers, which can distinguish it from other nodes only within the node’s transmission radius. This method is different from others because the setting of IDs is executed only in initial routing state or in case of topology change. The method also minimizes the number of interruptions or conflicts using the methods as follows: ID allocation method randomized by arrival time, re-adjustment process, and channel distinguish method. At first, if a node has received information from sink or another node, then the node sets a random value as its unique ID values. The random value depends on the time information that is received. The sender node transmits information to all nodes in its transmission radius, and waits information since a setting delay time which the receiver nodes send back. The delay time depending on ID would spend twice time as much as time for transmission plus additional time for transmission time block, which makes receiver nodes send information only within its transmission time that is suitable for its ID. Each node can send information to receiver nodes within its transmission time depending on its ID, and the nodes received the information set its ID as 1 from existing value 0. Setting ID as 1 is used for conflict prevention to confirm that there is any existence of same ID. If a sender node has been waiting for delay time same as the total ID and then

A Grid Routing Scheme Considering Node Lifetime in USN

1025

duplication occurred, the node ask the node which ID is occurred the duplication readjustment for duplication ID. The signal in this process is divided and used for multichannel, and it prevents signal intervention among the same level nodes. It takes a role that there are not any intervention to each other by using a different channel for each receiver node. ID adjustment for other nodes which transmission level is higher than the receiver node is only needed for this process. It’s because there is no intervention if we prevent ID conflicts of higher nodes due to the difference of transmission radius. Fig. 5 shows this dynamic ID allocation process.

Fig. 5. Dynamic ID allocation process of a node

In Fig. 5, ID 9 and ID 10 are located in the black circle area and represent higher transmission level. The fifth node 5 is received signal from transmission ID 10, and then sends signal to every node in its transmission radius to check the internal conflict. According to the time, node 5 has been received signal and fills the table from the nodes in its transmission radius. After marking the IDs of node 1, 4, and 5(itself), node 5 is received ACKs from two nodes 6, and it notices that there is duplication of ID 6. In this case, node 5 continuously checks information about other nodes. After finishing the process, it asks to accomplish re-adjustment process for the nodes which have the same ID. This method uses TDMS per each node and uses the structure of SMAC and EAR that UCLA proposed [10]. Even though a new node is added, the new node is available to set its ID by receiving information from surrounding nodes.

Fig. 6. Conflict consideration for the difference of transmission rage among nodes

1026

S. Park, S.-P. Cho, and B. Kim

These dynamic ID values is needed to distinguish among others in each node’s transmission radius, therefore, there can be more than two nodes which have same ID but their transmission radius is not duplicated. As you can see in Fig. 6, the left part shows that each node should have different ID, and the right part shows that two nodes should have different IDs, but the node which is located the right hand side doesn’t need to have different ID with the other nodes because it is in different transmission radius which is not duplicated with the other’s. As a result, this method has an advantage that it needs small storage because we use same IDs to different nodes if they are not in the same transmission radius or even though they have the same transmission level if they are far from each other, so they can’t have any effect on each other. 2.3 Grid Table for the Sensor Node Grid based sensor node routing suggested by this paper needs signals which control electric power of sensor nodes. The signals take a role that transmits node information to RTS/CTS and keeps energy remaining grid uniformly by the grid algorithm which uses corresponding information. The new signal information that is transferred with existing RTS/CTS information for grid algorithm-based routing is followed (Fig. 7). Ź Transmission level of sender/receiver nodes Ź Dynamic IDs for sender/receiver nodes Ź Energy level of sender nodes

Fig. 7. Storage structure of grid table

Fig. 8. Grid codes for grid routing

A Grid Routing Scheme Considering Node Lifetime in USN

1027

Fig. 7 shows grid table which is used for each sensor nodes by using RTS/CTS node information like this. In the table structure of Fig. 8, the upper part of 1~15 is 1 bit and a part that checks dynamic ID conflicts within its transmission radius. Grid table for transmission consists of transmission levels for reachable nodes, IDs for corresponding nodes, and energy levels. If there is ID information received from surrounding nodes, the table sets the value as 1. Below the information, the table stores received information from the nodes of lower transmission level, and it forms grid table structure which is used for real traffic transmission. 2.4 Grid-Based Transmission The most important parts of traffic transmission in sensor network are effectiveness and speediness. To reduce energy consumption in traffic transmission, transmission should be transferred in maximum accuracy. In this section, we propose an approach that reduces energy consumption in transmission and increases effectiveness of total nodes. This grid based routing approach is described using transmission level and energy level we’ve already described. We suppose that sensor network structure for grid algorithm needs these assumptions: ŹTransmission among nodes is always bi-directional (transmission radius is same). ŹList information depended on energy level is kept in grid table. ŹInformation in grid table is changed by energy level, update occurs through

RTS/CTS information. ŹBasically, network considers periodical Sleep states depending on S-MAC. ŹThe node which remaining energy amount has fallen less than critical value

doesn’t take part in traffic transmission anymore. Through these assumptions, grid-based routing algorithm is as follows:

M Using routing algorithm, we create transmission level, dynamic ID, and grid table.

N If there is traffic transmission, then we adjust the values of grid table using RTS/CTS transmission and execute grid computing. O Grid computing takes place into the direction which transmission level is lower and which energy level is higher. P If energy levels of nodes are same, then choose any arbitrary node and transfer traffic because the result is same although we choose any node. Q In case of that we can’t send information to a node of low energy level, we send it through the path which nodes have same transmission level. In this case, we also choose the transmission through the node which has the highest energy level, and the path which uses the smallest energy consumption. R During the process N to Q, information of grid table is updated through RTS/CTS. - In traffic transmission, information of grid table is used, and real amount of remaining energy is updated through CTS. This information is used for resource for next grid computing. - Because there is a limitation in the usage of buffer which is stored in grid table, information of the nodes which have more higher energy level should be stored in grid table among a lot of received information.

1028

S. Park, S.-P. Cho, and B. Kim

S If the remaining energy level of a sensor node has fallen under the critical value, the node neither can stay in grid table nor can be used for traffic transmission. The node also is restricted the change of network topology through signal transmission. Energy level used in this algorithm makes to allow grid change by the remaining amount of energy, and to move the remaining amount of energy level for each sensor node to standardized value. Our main purpose is also not to change the construction of topology for sensor node itself. Due to these advantages, the use of uniformed energy usage is possible through the whole sensor network and we can use it with existing routing methods. In addition, in treatment of traffic among nodes, we can increase lifetime of sensor nodes and reduce uncertainty of traffic transmission when energy exhaustion is taken place because of lack of resource in some nodes.

3 Performance Evaluations Simulation environment for grid based routing method is an environment which is based on IEEE 802.11 MAC structure. We had observed the increase of lifetime based on grid algorithm by distribution 100 nodes in an area of 100x100 m2. We also look into the energy usage of nodes through each grid table. As we observed the parameters in the beginning of this simulation, the initial energy value of each node was 0.5J. Grid routing algorithm had processed by measuring real energy consumption and by considering the amount of traffic transmission and the continuance time of each mode. The transmission radius for each node is 10 meters, traffic length which is really transmitted is 400 bytes, and information delivery for transmission consists of 16 bytes. The information for simulation parameters is shown in Table 1 [2]. Table 1. Simulation parameters Item

Application

Network area

(100m, 100m)

Node number

100

Packet size

400 Byte

Grid Packet size

16 ~ 19 Byte

Radio Range

20 m

Transmit mode EC

24 mW

Receive, Idle mode EC

13 mW

Sleep mode EC

15 uW

Node Initial Energy

0.5 J

We compare and analysis our grid based routing method and directed diffusion method which uses normal flooding method using lifetime and total energy consumption of sensor nodes. Fig. 9 shows the energy consumption of both two methods when two times of traffic centralization occurs. As you can see in the figure, grid method shows that traffic distribution is not centralized in specific nodes and is

A Grid Routing Scheme Considering Node Lifetime in USN

1029

equally distributed than the normal flooding method. There is a difference between theoretical analysis model and real grid situation. It’s because there are overheads, delays, and other difference in real transmission situation, such as small difference of Poisson distribution value occurred in Sleep or Idle mode. In real grid method, there is also another kind of energy consumption which occurs by table update, and it makes the difference of Fig. 9 even though it is not included in the energy consumption model. Fig. 10(a) shows how many nodes can be lost by time. As you can see in the figure, our grid method has more few numbers of lost nodes than the normal flooding method. In case of grid, there was no lost node during the transmission time for 100 times. By using grid method, we were able to reduce a part of energy consumption due to traffic centralization, but we were not able to reduce a part of energy consumption due to the node distribution which is centralized around sink or destination. If many nodes locate around destination, we can’t reduce that kind of energy consumption of end nodes. Our grid method can reduce 1.2 to maximum 1.5 times of the number of lost nodes after initial node loss than flooding method. Fig. 10(b) shows the comparison of energy consumption rates between dense grid method and normal grid method. Dense grid method locates more nodes around sink and destination, and normal grid method locates nodes uniformly in the network area. Fig. 10(b) is a graph that shows statistics of the amount of consumed energy by the numbers of nodes per each transmission level.

Fig. 9. Energy consumption of sensor nodes with normal flooding

Fig. 10. Node loss number and energy consumption

1030

S. Park, S.-P. Cho, and B. Kim

This simulation is processed in around 100x100 m2, where transmission level is lower than 16th step. As you can see in the figure, when we locate more sensor nodes in sink (left-side) or destination (right-side) of sensor network environment, the energy consumption rate of nodes in both ends is fallen little less. In case of grid method, traffic is distributed over every node. Therefore, energy exhaustion rate is regularly kept without energy centralization in each transmission level.

4 Conclusions Grid computing approach proposed in this paper has different meaning with existing grid method. It does not use the method which uses lattice of existing grid method, but use the grid computing method which keeps effectiveness of total energy consumption regularly. This method also can be used with other routing methods. Transmission direction decision using transmission level can reduce unnecessary energy consumption through routing among nodes, and also increase lifetime of total network using energy level which prevents traffic concentration over specific nodes. Transmission is processed through energy critical value. Therefore, we can reduce many problems, such as accuracy reduction of processing or transmission for topology change due to node exhaustion. In conclusion, this grid method can be more suitable for environment which needs accurate transmission than real time transmission.

References 1. I.F. Akyildiz, W. Su, Y. Sank. and E. Cayirci, "A Survey on Sensor Networks," IEEE Communications Magazine, vol.40, no.8, pp. 102-114, August, 2002. 2. H.W. Tseng, S.H. Yang, P.Y. Chuang, E. H. Wu, and G.H. Chen, “An Energy Consumption Analytic Model for A Wireless Sensor MAC Protocol,” IEEE 60th Vehicular Technology Conference, vol.6, pp. 4533-4537, September, 2004. 3. K. Sohrbi, J. Gao, V. Ailawadhi and G. J. Pottie, "Protocols for self-organization of a wireless sensor network," IEEE Personal Communications, vol. 7, no.5, pp. 16-27, 2000. 4. K. Akkays and M. Younis, "A Survey on Routing Protocols for Wireless Sensor Networks," Elsevier Ad Hoc Network Journal, vol.3, no.3, pp. 325-349, May, 2005. 5. T. V. Dam, K. Langendoen, "An adaptive energy efficient MAC protocol for wireless sensor networks," in Proceedings of ACM ENSS’2003, pp. 171-180, November, 2003. 6. H. Luo, F. Ye, J. Cheng, S.W. Lu and L. Zhang, "TTDD: Two-tier Data Dissemination in Large-scale Wireless Sensor Networks," ACM Wireless Networks, vol.11, no.1-2, 2005. 7. G.Kulkarni, C. Schurgers and M. B. Srivastava, "Dynamic Link Labels for Energy Efficient MAC Headers in Wireless Sensor Networks," IEEE International Conference on Sensors (Sensors'02), pp. 1520-1525, June, 2002. 8. J. Zhand and H. Shi, "Energy-efficient routing for 2D grid wireless sensor networks," Information Technology: Research and Education, Proceedings. ITRE2003, pp. 311-315, Aug. 2003. 9. M. Stemm and R.H Katz, "Measuring and reducing energy consumption of network interfaces in hand held Devices," IEICE Trans. on Comm., vol. E80-B, No. 8, 1997. 10. A. El-Hoiydi "Spatial TDMA and CSMA with Preamble Sampling for low power ad hoc Wireless sensor Networks," in Proceeding of the Seventh International Symposium on Computers and Communications(ISCC-'02), pp. 685-692, July, 2002.

Author Index

Ahn, Byoungchul 522 Ahn, Joonseon 650 Ahn, Seongjin 988 Akbar, Ali Hammad 193 Ali, Hesham 244 Amin, Syed Obaid 671 An, YoonYoung 455 Andrei, S ¸ tefan 868

Choi, Seonho 302 Choi, Won-Kyoung 879 Choi, WoongChul 83 Choi, YoungSoo 455 Choo, Hyunseung 702 Chuang, Sheng-Yan 540 Chung, Ki-Dong 710 Coronato, Antonio 601

Bae, Kyung-Jin 93 Bae, Sung-Hwan 532 Ban, Se Youn 570 Bi, Jun 681, 962

De Pietro, Giuseppe 601 Della Vecchia, Gennaro 601 Deolalikar, Vinay 392 Doh, Kyung-Goo 650

Cabrera, Christian 224 Cha, Hojung 485 Cha, Si-Ho 609 Chae, Heeseo 213 Chae, Song-hwa 619 Chang, Byeong-Mo 650 Chang, Jae-Woo 43 Chaudhry, Shafique Ahmad 193 Chen, Chao-Lieh 32 Chen, Hsin-Dar 765 Chen, Huiyan 342 Chen, Ming-Yang 435 Chen, Ningjiang 72, 495 Chen, Qing 342 Chen, Shih-Chang 825 Chen, Xin 495 Chen, Yiyun 858 Cheng, Jiujun 11 Cheng, Yu 815 Chiang, Tzu-Chiang 112 Cho, Doosan 741 Cho, Gi Hwan 919 Cho, Jeonghun 775 Cho, Kuk-Hyun 609 Cho, Sok-Pal 1021 Cho, YouZe 455 Choi, EunChang 83 Choi, In Seon 919 Choi, Jun Kyun 570, 692, 988 Choi, Seong Gon 570, 692

Eom, Doo-seop 413 Estevez-Tapiador, Juan M.

183

Fei, Kuang-Han 540 Feng, Dan 53 Foo, Ernest 312 Fu, Xiong 858 Fu, Yuzhuo 898 Fukunaga, Shigeru 271 Goi, Bok-Min 322 Gu, Ping 836 Guo, Bing 888 Guo, Minyi 234 Ha, Byung-Hyun 122 Han, Daewan 262 Han, Sangchul 755 Han, Sung-Kook 234 Han, Youngsun 785 He, Xianhui 898 Heng, Swee-Huay 322 Heo, Joon 928 Hernandez-Castro, Julio C. Hong, Choong Seon 671 Hong, Manpyo 619 Hong, Suk-Kyo 193 Hong, Sung Hee 660 Hong, Won-Kee 382 Horng, Mong-Fong 32 Hsu, Ching-Hsien 825

183

1032

Author Index

Hu, Jun 795 Huang, Tao 72 Huang, Yue 888 Huang, Yueh-Min 112 Huh, JaeDoo 83 Hwang, Inwhan 619 Hwang, Kee Yeon 1012 Hwang, Kwang-il 413 Hwang, Seok Joong 785 In, Hoh Peter

213

Jee, Jeong Gyu 936 Jeon, Beom-Jun 173 Jeong, Dongwon 213 Jeong, Gu-Min 103 Jeong, Young-Sik 234 Jiao, Weiwei 11 Jin, Hai 153 Jin, Min-Sik 908 Jung, Min-Soo 908 Kang, Myung Soo 671 Kang, Suo 815 Kaps, Jens-Peter 372 Kim, Byunggi 1021 Kim, Chonggun 522 Kim, Daegeun 22 Kim, Dae-Ik 532 Kim, Dae-Young 609 Kim, Daeyoung 475 Kim, Do-Hoon 213 Kim, Eun-kyung 173 Kim, Hie-Cheol 382 Kim, Hokwon 785 Kim, Hong-Jin 1006 Kim, Hoo-Jong 103 Kim, Howon 579 Kim, Hye-Young 62 Kim, Hyuncheol 988 Kim, Hyung Chan 291 Kim, Hyung Jin 1012 Kim, Hyunsoo 465 Kim, In-Hwan 103 Kim, Jeom Goo 998 Kim, Jeong Hyun 946 Kim, Jin-Tae 1012 Kim, Jongdeok 423, 591 Kim, Jung Jae 936 Kim, Keunyoung 133

Kim, Ki-Hyung 193 Kim, Kuinam J. 998 Kim, Kwangjo 252 Kim, Kwan-Woong 532 Kim, Kyung Tae 465 Kim, Kyung-tae 413 Kim, Seon Wook 785 Kim, Seungjoo 579 Kim, Shinyoung 785 Kim, Soo-Joong 83 Kim, Taehee 946 Kim, Taehong 475 Kim, Tae-Hoon 710 Kim, Taehyung 979 Kim, Tae Sung 550 Kim, Tae-Young 805 Kim, Woo-Jae 93 Kim, Yanggon 302 Kim, Yeong-Deok 629 Kim, Yong-Ki 43 Kim, Yoonhee 173 Kim, Young Yong 505, 550 Ko, Eung Nam 560 Ko, In-Young 173 Ko, Young-Bae 445 Koo, Jung Doo 972 Koo, Jungsook 972 Kshemkalyani, Ajay D. 163 Kuo, Yau-Hwang 32 Kwak, Jin 579 Kwon, Daesung 262 Kwon, Dong-Hee 93 Laih, Chi-Sung 435 Lan, Chao-Yang 825 Lee, Bong-Hwan 629 Lee, Chae-Woo 403 Lee, Chungwon 946 Lee, Deok-Gyu 721 Lee, Dong Chun 953, 972 Lee, Dong Hwi 998 Lee, Gunhee 619 Lee, HongKi 281 Lee, Hyunji 591 Lee, Hyunrok 252 Lee, Im-Yeong 721 Lee, Jong Chan 1006 Lee, Jong-Eon 609 Lee, Jong Min 692 Lee, Jooyoung 262

Author Index Lee, JungRyun 133 Lee, Kwang Hyoung 936 Lee, Sangjin 660 Lee, Sang-Won 879 Lee, Seungjae 946 Lee, Se-Yul 629 Lee, SungHyup 455 Lee, Su-Ryun 403 Lee, Tae-Hoon 710 Li, Dong 1006 Li, Jin 332, 352, 362 Li, Peifeng 836 Li, Xuandong 795 Li, Yuhong 11 Li, Zhishu 888 Lim, YongHoon 133 Liu, Zhenhua 342 Looi, Mark 312 Lu, Jun 495 L¨ u, Shuwang 342 Ma, Jian 11 Matsumoto, Noriko 1 Mesarina, Malena 392 Migov, Denis A. 702 Min, So Yeon 936 Mi´skowicz, Marek 203 Nakai, Toshihisa Nyang, DaeHun

271 281

Oh, Kyoung-Su 805 Ok, MinHwan 22 Paek, Yunheung 741, 775 Palomar, Esther 183 Park, Chel 639 Park, Choung-Hwan 928 Park, Dong-Joo 879 Park, HeeDong 455 Park, Hyo-Keun 928 Park, Hyunsung 423 Park, Jang-Su 721 Park, Jonghun 122 Park, Jong Hyuk 660 Park, Ki Hong 1006 Park, Minkyu 755 Park, Myong-soon 22 Park, Namje 579 Park, Sangjoon 1021

Park, Song-Hwa 710 Park, Sung-Yong 173 Park, Taejoon 511 P´erez, Jes´ us Arturo 224 Pham, Minh-Long 475 Pradhan, Salil 392 Qian, Peide 836 Quan, Cheng-Hao

382

Ramakrishna, R.S. 291 Ravi, Ayyagari 741 Recker, John 392 Ren, Jie 815 Rhee, Keunwoo 579 Ribagorda, Arturo 183 Rodionov, Alexey S. 702 Rodionova, Olga K. 702 Sakurai, Kouichi 579 Seo, Seog Chung 291 Seo, Youngjoon 252 Shen, Yan 888 Shi, Yuan Chun 815 Shieh, Wann-Yun 765 Shin, Dong-Myung 629 Shin, Kang G. 511 Shin, YongEun 979 Shrestha, Deepesh Man 445 Sohn, Hong-Gyoo 928 Son, Bongsoo 979 Song, Eun-Ha 234 Song, JooSeok 281 Su, Chien-Chung 32 Suh, Changsu 445 Suh, Young-Joo 93 Sun, Zhenxin 898 Sunar, Berk 372 Talipov, Elmurod 522 Tan, Pengliu 153 Tan, Shaohua 144 Tan, Zhipeng 53 Tanaka, Kensuke 1 Tang, Shiwei 144 Tham, Kevin 312 Tong, Yunhai 144 Tsai, Ming-Hui 112 Uh, Gang-Ryung

741

1033

1034

Author Index

Wang, Chenghua 795 Wang, Hongding 144 Wang, Sheng-De 540 Wang, Shuangquan 495 Wang, Yanming 332, 352, 362 Wei, Jun 72 Wen, Qiaoyan 848 Won, Chulho 244 Won, Dongho 579 Wong, Weng-Fai 868 Wu, Bin 163 Wu, Jianping 681 Wu, Wenling 848 Yang, Ching-Nung 435 Yang, Dongqing 144 Yang, Jie 495 Yang, Laurence T. 234 Yang, Ok Sik 692 Yao, Taketsugu 271 Yap, Wun-She 322 Yeom, Yongjin 262 Yi, Shinyoung 485 Yoo, Seong-eun 475

Yoon, Kang Jin 550 Yoon, Won-Sik 193 Yoshida, Norihiko 1 You, Ilsun 639 Youn, Chan-Hyun 629 Youn, Hee Yong 465 Youn, Jong-Hoon 244 Yu, Chia-Yu 32 Yuan, Zheng 848 Z´ arate, Victor Hugo 224 Zhang, Fangguo 352, 362 Zhang, Jianhong 731 Zhang, Miao 681, 962 Zhang, Minghu 153 Zhang, Qing 848 Zhang, Yong 72 Zhang, Yu 858 Zhao, Lei 962 Zheng, Guoliang 795 Zhu, Hui 815 Zhu, Qiaoming 836 Zhu, Yongxin 868, 898 Zou, Wei 731