Security and QoS Self-Optimization in Mobile Ad Hoc Networks ZhengMing Shen and Johnson P. Thomas Presented by: Sharanpal singh

Introduction Tradition: Network quality of service (QoS) and network security have been considered as separate entities. Truth: Security impacts the overall network QoS. – Overheads for authentication – Overheads caused by encryption In all the previous work, the security feature is fixed and permanent. – What when the resources availability changes??

Proposal Three basic frameworks: 1. Plug-in security framework provides a dynamic security policy management system. 2. Multilayer QoS-guided routing mechanism is an adaptable QoS routing mechanism for ad hoc networks to ensure QoS even as network resources change. 3. Proportional, integral, derivative (PID) feedback controller constantly monitors and adjusts the network security policy to ensure that the network satisfies all existing QoS requirements while making the network the most secure possible  Algorithm will remove some security policy to reduce overhead until the QoS requirements can be satisfied.  Similarly, if more resources are available due to reduced traffic, the security level can be increased

FEEDBACK CONTROL THEORY Transfer Function of PID e- tracking error R- the difference between the desired input value, and (Y) the actual output The controller computes both the derivative and the integral of this error signal resulting in:

Effects of Controllers Effects of each of the controllers on a closed-loop system If a modeling equation of a system is: Taking the Laplace transform: The transfer function between the displacement X(s) and the input F(s) then becomes:

Contd… Proportional Control: The closed-loop transfer function of the system with a proportional controller is: Proportional-Integral (PI) Control: The closed-loop transfer function: Proportional, Integral, Derivative Control: The closed-loop transfer function:

Security and QoS Feedback control Loop A distributed optimization architecture present at each node in the network. The QoS plant is responsible for creating new paths as well as managing the state information of any existing path and the state information of each node. It outputs the QoS path state information to the PID controller The security plant is responsible for managing, adding, and removing security policies. It outputs the security policy state information to the PID controller. The PID controller module takes the network resource usage metrics (path latency, path throughput, and path stability), the state information of the node (buffer space available, for example), and the security policy state information as system output feedback to calculate the adjustments, which will be fed into the QoS plant and security plant to achieve optimization. The PID controller at each node collects two levels of state information, the node’s local state and the global path state

Multilayer QoS Interface Guided Routing Application Layer: classifies the QoS requirements into a set of three QoS priority levels – Guaranteed service corresponds to applications that have strong delay constraints such as voice. – Controlled load service applications requiring high throughput such as video. – Best effort service has no specific constraints. Network Layer: having following metrics: – Hop count represents the number of hops required for a packet to reach its destination. – Buffer state stands for the available unallocated buffer. – Stability means the connectivity variance of a node with respect to its neighboring nodes over time. MAC Layer: MAC layer metric is the quality of a link as specified by the line signal to interference plus noise ratio (SINR) – SINR determines the data rate and associated probability of packet error rate or bit error rate (BER) that can be supported by the link

QoS Routing Process QoS interface metrics guide the routing process in following steps: Path generation:- This generates paths according to the assembled and distributed state information of the network and application. Path selection:- This selects appropriate paths based on the network and application state information. Data forwarding:- This forwards user traffic along the selected path.

Path Generation Measure the quality of network and use it in the path generation process. A node broadcasts its network layer metrics to its neighbors, indicating its presence and its QoS state. Hop count (Resource conservation) Buffer level (Load balancing) – Node maintains average buffer level instead of instantaneous. Stability level metric is used to avoid unstable nodes to relay packets. We calculate the stability S of a node n as: Where, Nti and Nti+1 are neighbor nodes on n at time ti and ti+1 Highly Stable if, Nti = Nti+1 Unstable if, Nti  Nti+1 = 

Path Generation Network layer metrics are propagated through the nodes of the generated path. Suppose P is a path between source node s and destination node d, in which P is a sequence of nodes, P = {s, n1, n2,... ni,d}. The value of the metrics of P are: Where, P.hop is the path hop count P.buffer is the path unallocated (free) buffer size P.stability is the path stability level n.buffer is the node unallocated (free) buffer size n.stability is the node stability level At the MAC layer, the quality of network is identified by the SINR Greedy algorithm will always try to choose the highest SINR nodes available to generate the path unless the node buffer is full regardless of QoS requirements

Path Selection The network layer metrics are mapped into each QoS metric and the MAC layer metrics are mapped into each network metric. If guaranteed service is required, the network layer QoS interface will translate this requirement into the network QoS metric, which should select a path that has minimum delay based on the average buffer level and hop count. Packet latency is calculated as: Where, P.hop is the path hop count, P.bufferSize is the path total buffer size, P.buffer is the path unallocated (free) buffer size, P.throughput is the path throughput. If the controlled load service is required, the network QoS interface needs to pick the highest buffer size path in this case to meet the application layer QoS requirements. So, Controlled load service defines the minimum throughput required by the application: Best effort service has no specific constraints. The network QoS interface will select the most stable path when the network mobility is high and the shortest path when the network mobility is low.

QoS Interface A QoS interface translates high-layer QoS metrics to lower layer metrics For guaranteed service, the AN interface translates the QoS requirements to the maximum path latency and passes to the network layer as application layer QoS requirements. During the path selection process, network layer will choose the qualified path by using the calculations defined in the last slide and using the network layer metrics as an input parameter Similarly, for controlled load service, the AN interface translates the QoS requirements to the minimum path throughput and pass to the network layer. Network layer will choose the qualified path by calculating the path buffer level and hop count. For best effort service, the AN interface compromises between the most stable path in the high-mobility case and the shortest path in the low-mobility path case

Performance Analysis Our multilayer QoS interface guided routing protocol is implemented based on existing QoS-AODV and AODV For simulations, all protocols maintain a send buffer of 64 packets. Interface queue has size of 50 packets with priority Routing packet > Security pkt < Data pkt. 10 communications in the network with each one randomly assigned a class (guaranteed, control load or best effort) The number of source-destination pairs and the packet sending rate in each pair is varied to change the offered load in the network. 1,500 m 300 m field with 50 nodes with a randomly chosen speed (mobility between 0-20 m/s) Simulation period is 900 seconds.

Simulation Results Throughput drops roughly by 15 percent and avg packet delay increases by 50% at v=10 m/s compared with v=5 m/s.

Security Plug-in Architecture Policy-based plug-in architecture to provide dynamic security policy management at runtime.

Optimization Algorithm Each communication path determines if there are extra resources available to support more security policies until the resource target utilization is reached. As long as the network does not reach its target resource utilization, the policy manager will continue deploying new security policies into the network. In reality target utilization is impossible to reach due to mobility, so acceptable resource utilization is introduced which is defined as: The target resource utilization is calculated by the PID controller and the acceptable resource utilization is driven by the greedy algorithm.

Policy Deployment Post Validation If there is any path that is not able to satisfy the original QoS requirements, this is due to the previous deployed security policy causing the network to use up more resources. The domain policy manager will remove the previous deployed security policy and log all the suffering paths. The greedy algorithm will not be called until at least one of the suffering paths changes state (for example, finish communication, change QoS requirement, etc.)

Performance Analysis We compare proposed PID-AODV model with AODV, Policy based Secure AODV (PS- AODV) and QoS-AODV.

Conclusion  Due to overheads caused by implementing security in ad hoc networks, security and QoS must be considered together.  Proposed a distributed flexible mechanism to optimize security and QoS in mobile ad hoc networks  The best case scenario is under light traffic, where it can provide the same security as any other secure protocol but the same performance as nonsecure QoS protocols.  The worst case scenario is under extreme heavy traffic, where it provides similar performance as QoS protocols but with no security