Security and QoS Self-Optimization in Mobile Ad Hoc Networks

1
Security and QoS Self-Optimizationin Mobile Ad
Hoc Networks

• ZhengMing Shen and Johnson P. Thomas

Presented by Sharanpal singh
2
Introduction

• Tradition Network quality of service (QoS) and
  network security
• have been
  considered as separate entities.
• Truth Security impacts the overall network QoS.
• Overheads for authentication
• Overheads caused by encryption
• In all the previous work, the security feature is
  fixed and permanent.
• What when the resources availability changes??

3
Proposal

• Three basic frameworks
• 1. Plug-in security framework provides a dynamic
  security policy management system.
• 2. Multilayer QoS-guided routing mechanism is an
  adaptable QoS routing mechanism for ad hoc
  networks to ensure QoS even as network resources
  change.
• 3. Proportional, integral, derivative (PID)
  feedback controller constantly monitors and
  adjusts the network security policy to ensure
  that the network satisfies all existing QoS
  requirements while making the network the most
  secure possible
• Algorithm will remove some security policy to
  reduce overhead until the QoS requirements can be
  satisfied.
• Similarly, if more resources are available due
  to reduced traffic, the security level can be
  increased

4
FEEDBACK CONTROL THEORY

• 
  Transfer Function of PID
• e- tracking error
• R- the difference
  between the desired input value, and (Y) the
  actual output
• The controller computes both the derivative and
  the integral of this error signal resulting in

5
Effects of Controllers

• Effects of
  each of the controllers on a closed-loop system
• If a modeling equation of a system is
• Taking the Laplace transform
• The transfer function between the displacement
  X(s) and the input F(s) then becomes

6
Contd

• Proportional Control
• The closed-loop transfer function of the system
  with a proportional controller is
• Proportional-Integral (PI) Control
• The closed-loop transfer function
• Proportional, Integral, Derivative Control
• The closed-loop transfer function

7
Security and QoS Feedback control Loop

• A distributed optimization architecture present
  at each node in the network.
• The QoS plant is responsible for creating new
  paths as well as managing the state information
  of any existing path and the state information of
  each node. It outputs the QoS path state
  information to the PID controller
• The security plant is responsible for managing,
  adding, and removing security policies. It
  outputs the security policy state information to
  the PID controller.
• The PID controller module takes the network
  resource usage metrics (path latency, path
  throughput, and path stability), the state
  information of the node (buffer space available,
  for example), and the security policy state
  information as system output feedback to
  calculate the adjustments, which will be fed into
  the QoS plant and security plant to achieve
  optimization.
• The PID controller at each node collects two
  levels of state information, the nodes local
  state and the global path state

8
Multilayer QoS Interface Guided Routing

• Application Layer classifies the QoS
  requirements into a set of three QoS priority
  levels
• Guaranteed service corresponds to applications
  that have strong delay constraints such as voice.
• Controlled load service applications requiring
  high throughput such as video.
• Best effort service has no specific constraints.
• Network Layer having following metrics
• Hop count represents the number of hops required
  for a packet to reach its destination.
• Buffer state stands for the available unallocated
  buffer.
• Stability means the connectivity variance of a
  node with respect to its neighboring nodes over
  time.
• MAC Layer MAC layer metric is the quality of a
  link as specified by the line signal to
  interference plus noise ratio (SINR)
• SINR determines the data rate and associated
  probability of packet error rate or bit error
  rate (BER) that can be supported by the link

9
QoS Routing Process

• QoS interface metrics guide the routing process
  in following steps
• Path generation-This generates paths according
  to the assembled and distributed state
  information of the network and application.
• Path selection-This selects appropriate paths
  based on the network and application state
  information.
• Data forwarding-This forwards user traffic along
  the selected path.

10
Path Generation

• Measure the quality of network and use it in the
  path generation process.
• A node broadcasts its network layer metrics to
  its neighbors, indicating its presence and its
  QoS state.
• Hop count (Resource conservation)
• Buffer level (Load balancing)
• Node maintains average buffer level instead of
  instantaneous.
• Stability level metric is used to avoid unstable
  nodes to relay packets. We calculate the
  stability S of a node n as
• Where, Nti and Nti1 are neighbor nodes on n at
  time ti and ti1
• Highly Stable if, Nti Nti1
• Unstable if, Nti ? Nti1 ?

11
Path Generation

• Network layer metrics are propagated through the
  nodes of the generated path.
• Suppose P is a path between source node s and
  destination node d, in which P is a sequence of
  nodes, P s, n1, n2, . . . ni,d . The value of
  the metrics of P are
• Where,
• P.hop is the path hop count
• P.buffer is the path unallocated (free) buffer
  size
• P.stability is the path stability level
• n.buffer is the node unallocated (free) buffer
  size
• n.stability is the node stability level
• At the MAC layer, the quality of network is
  identified by the SINR
• Greedy algorithm will always try to choose the
  highest SINR nodes available to generate the path
  unless the node buffer is full regardless of QoS
  requirements

12
Path Selection

• The network layer metrics are mapped into each
  QoS metric and the MAC layer metrics are mapped
  into each network metric.
• If guaranteed service is required, the network
  layer QoS interface will translate this
  requirement into the network QoS metric, which
  should select a path that has minimum delay based
  on the average buffer level and hop count.
• Packet latency is calculated as
• Where,
• P.hop is the path hop count,
• P.bufferSize is the path total buffer size,
• P.buffer is the path unallocated (free) buffer
  size,
• P.throughput is the path throughput.
• If the controlled load service is required, the
  network QoS interface needs to pick the highest
  buffer size path in this case to meet the
  application layer QoS requirements. So,
  Controlled load service defines the minimum
  throughput required by the application
• Best effort service has no specific constraints.
  The network QoS interface will select the most
  stable path when the network mobility is high and
  the shortest path when the network mobility is
  low.

13
QoS Interface

• A QoS interface translates high-layer QoS metrics
  to lower layer metrics
• For guaranteed service, the AN interface
  translates the QoS requirements to the maximum
  path latency and passes to the network layer as
  application layer QoS requirements. During the
  path selection process, network layer will choose
  the qualified path by using the calculations
  defined in the last slide and using the network
  layer metrics as an input parameter
• Similarly, for controlled load service, the AN
  interface translates the QoS requirements to the
  minimum path throughput and pass to the network
  layer. Network layer will choose the qualified
  path by calculating the path buffer level and hop
  count.
• For best effort service, the AN interface
  compromises between the most stable path in the
  high-mobility case and the shortest path in the
  low-mobility path case

14
Performance Analysis

• Our multilayer QoS interface guided routing
  protocol is implemented based on existing
  QoS-AODV and AODV
• For simulations, all protocols maintain a send
  buffer of 64 packets.
• Interface queue has size of 50 packets with
  priority Routing packet gt Security pkt lt Data
  pkt.
• 10 communications in the network with each one
  randomly assigned a class (guaranteed, control
  load or best effort)
• The number of source-destination pairs and the
  packet sending rate in each pair is varied to
  change the offered load in the network.
• 1,500 m 300 m field with 50 nodes with a
  randomly chosen speed (mobility between 0-20 m/s)
  
• Simulation period is 900 seconds.

15
Simulation Results
16
Security Plug-in Architecture

• Policy-based plug-in architecture to provide
  dynamic security policy management at runtime.

17
Optimization Algorithm

• Each communication path determines if there are
  extra resources available to support more
  security policies until the resource target
  utilization is reached.
• As long as the network does not reach its target
  resource utilization, the policy manager will
  continue deploying new security policies into the
  network.
• In reality target utilization is impossible to
  reach due to mobility, so acceptable resource
  utilization is introduced which is defined as
• The target resource utilization is calculated by
  the PID controller and the acceptable resource
  utilization is driven by the greedy algorithm.

18
Policy Deployment Post Validation

• If there is any path that is not able to satisfy
  the original QoS requirements, this is due to the
  previous deployed security policy causing the
  network to use up more resources.
• The domain policy manager will remove the
  previous deployed security policy and log all the
  suffering paths.
• The greedy algorithm will not be called until at
  least one of the suffering paths changes state
  (for example, finish communication, change QoS
  requirement, etc.)

19
Performance Analysis

• We compare proposed PID-AODV model with AODV,
  Policy based Secure AODV (PS-AODV) and QoS-AODV.

20
Conclusion

• Due to overheads caused by implementing security
  in ad hoc networks, security and QoS must be
  considered together.
• Proposed a distributed flexible mechanism to
  optimize security and QoS in mobile ad hoc
  networks
• The best case scenario is under light traffic,
  where it can provide the same security as any
  other secure protocol but the same performance as
  nonsecure QoS protocols.
• The worst case scenario is under extreme heavy
  traffic, where it provides similar performance as
  QoS protocols but with no security