A decentralized key management scheme via neighborhood prediction in mobile wireless networks.

Page 1

A Decentralized Key Management Scheme via
Neighborhood Prediction in Mobile Wireless
Networks
Xiuyuan Zheng1, Hui Wang2, Yingying Chen1, Hongbo Liu1, Ruilin Liu2
Department of ECE1, Department of CS2
Stevens Institute of Technology, Hoboken, NJ
Email: {xzheng1, yingying.chen, hliu3}@stevens.edu1, {hwang, rliu3}@cs.stevens.edu2
Abstract—The wireless data collected in mobile envi-
ronments provides tremendous opportunities to build new
applications in various domains such as Vehicular Ad Hoc
Networks and mobile social networks. One of the biggest
challenges is how to store these data. Storing the data
decentralized in wireless devices is an attractive approach
because of its major advantages over centralized ones.
In this work, to facilitate effective access control of the
wireless data in distributed data storage, we propose a
fully decentralized key management scheme by utilizing
a cryptography-based secret sharing method. The secret
sharing method splits the keys into multiple shares and dis-
tributes them to multiple nodes, which brings the challenge
that due to node mobility, these key shares may not be avail-
able in the neighborhood when they are needed for key re-
construction. To address this challenge arising from mobile
environments, we propose the Transitive Prediction(TRAP)
protocol that distributes key shares among devices that are
traveling together. We derive a theoretical analysis of the
robustness of our approach. Furthermore, inside TRAP,
we develop three key distribution schemes that utilize the
correlation relationship embedded among devices that are
traveling together. Our key distribution schemes maximize
the chance of successful key reconstruction and minimize
the communication overhead. Our extensive simulation
results demonstrate that our key distribution schemes are
highly effective, and thus provide strong evidence of the
feasibility of applying our approach to support distributed
data storage in wireless networks.
I. INTRODUCTION
The rapid advancement of wireless technologies has
led to a future where wireless networks will be perva-
sively deployed. As a matter of fact, with the increasing
programmability of wireless devices and the continu-
ously reducing cost of communication radios, mobile
wireless networks are becoming a part of our social
life. For instance, vehicles are equipped with wireless
communication devices to form Vehicular Ad Hoc Net-
works (VANETs), in which vehicles have the sensing
capability to collect data regarding to road conditions
and traffic scenarios [22]. Another example is that data
collection and real-time multimedia blogs [3], [14] en-
abled by various sensing capabilities on mobile phones,
such as cameras, GPS, and accelerometers, provide geo-
related information that supports effective mobile social
collaboration. Thus, the wireless data collected in the
mobile environments provide abundant information to
build pervasive applications in our social life.
Most of the existing work [20] requires the data to be
sent back to centralized storage nodes continuously and
only considers stable network topology. However, this
may incur high communication overhead and excessive
energy consumption among wireless devices by contin-
uously forwarding the data to storage nodes. To address
these issues, distributed data storage [8], [9], [16], [19],
[20] in wireless networks has attracted much attention.
The distributed data storage has major advantages over
centralized approaches: storing the data on the collected
wireless device or in-network storage nodes decreases
the need of constant data forwarding back to centralized
places, which largely reduces the communication in
the network and the energy consumption on individual
devices, and consequently eliminates the existence of
centralized storage and enables efficient and resilient
data access. Furthermore, as wireless networks become
more pervasive, new-generation wireless devices with
significant memory and powerful processing capabilities
are available (i.e., smart phone and laptops), making the
deployment of distributed data storage not only feasible
but also practical. In this work, the collected data will
be stored in each collector node, i.e., the mobile device
that collects the data.
In many cases, the data collected by mobile wireless
networks contain sensitive information. For instance,
an adversary can derive the trajectories of vehicular
drivers to infer their social behaviors, or analyze the
video clips embedded in the multimedia blogs to derive
users’ lifestyles. Such vulnerabilities are significantly
threatening the deployment of applications that utilize
the large-scale data sets collected by wireless mobile
networks. Therefore, while the wireless data provides
abundant opportunities for developing new applications,
it could also be dangerous if not handled appropri-
ately and misused by adversaries. Thus, secure data
storage must be achieved before widespread adoption
of distributed data storage. One of the main challenges
in utilizing the distributed wireless data is to develop
effective mechanisms that control the access of data so
978-1-4244-7489-9/10/$26.00 ©2010 IEEE
51

Page 2

that the right information is shared with the right party
at the right time.
Traditionalencryption-based
proaches employ an individual or a group of centralized
certification authorities for key management [1], [25].
However, it is hard to scale with the increasing size and
the mobility of devices in wireless networks and can be-
come a single point of failure. In this paper, we propose
a fully decentralized key management framework by
utilizing the cryptography-based secret sharing method.
The secret sharing approach has been very useful in
developing decentralized security protocols [13], [10].
In our decentralized framework, the data is encrypted
and the decryption key is divided and shared among
mobile devices in the network. However, the mobility of
devices introduces environmental dynamics and makes
it hard to reconstruct the key. To cope with mobility, we
propose to distribute the key shares among devices that
are traveling together with the collector node through
neighborhoodprediction. Indeed, in our daily life, people
are usually travelling together to common destinations or
areas, e.g., commuting along the same train lines or visit-
ing a museum together. This co-movement phenomenon
makes our neighborhood prediction feasible. We further
develop the Transitive Prediction (TRAP) protocol that
helps to maximize the chances of successful key share
reconstruction and minimize the communication over-
head, and in the meanwhile avoiding the degradation of
the security guarantee of data access.
Inside TRAP, we design three key distribution
schemes. These three key distribution schemes can be
classified into two categories, the one that does not
respect the relationships between moving patterns of
different devices, and the one that does. For the first
type, we develop a scheme named random selection,
while for the second type, we develop two schemes,
namely association-probability-based, and association-
rule-based. Furthermore, we derive a theoretical analysis
of the robustness of our mechanism.
To evaluate the effectiveness and efficiency of our
approach, we conducted simulations by using simulated
mobile wireless networks in a city environment [7] with
different moving speeds: walking speed and vehicular
traveling speed. Our results show that our key distribu-
tion schemes are highly effective to achieve successful
key reconstruction in mobile and decentralized environ-
ments, and thus providing strong evidence of the fea-
sibility of applying our decentralized key management
scheme in mobile wireless networks.
The remainder of the paper is organized as follows.
We first put our work into the broader context of the
current research in Section II. We then present our
decentralized key management framework for mobile
wireless networks in Section III. The robustness analysis
of our approach is provided in Section IV. In Section V,
we describe our key distribution schemes for efficient
accesscontrolap-
key reconstruction. Section VI presents our simulation
methodology and results using various data sets gener-
ated from simulated mobile wireless networks. Finally,
we conclude our work in Section VII.
II. RELATED WORK
Key management is a key component of encryption-
based access control system. Recent work has been
focused on eliminating the need of centralized authen-
tication management in wireless networks. In particular,
to address mobility, [4], [23] made use of privileged side
channels when mobile users are in the vicinity of each
other. The secure side channel is used to set up security
associations between nodes by exchanging cryptographic
materials. However, the availability of the privileged side
channels is not guaranteed.
On the other hand, the secret sharing method has been
actively studied in the field of cryptography [18], [25],
[21]. The advantage of using the secret sharing method
is that the possibility of a single point of failure is sig-
nificantly reduced. Moreover, the secret sharing method
has been applied in mobile ad hoc networks [25], [13],
[10]. [25] proposed a distributed public-key management
scheme based on threshold secret sharing in which the
CA services are divided into a certain number of special-
ized servers. The drawback is that it assumes some nodes
must behave as servers. When moving towards fully
distributed infrastructure, a decentralized authentication
protocol is developed to distribute the authentication of
a certificate authority (CA) by utilizing secret sharing
[13]. However, it did not consider the mobility of nodes,
and thus making it inapplicable to mobile environments.
The work that is most closely related to ours is [10].
By taking into the consideration of mobility, [10] in-
troduced a redundancy-based key distribution scheme in
secret sharing to achieve a decentralized CA. Basically,
more than one key share are distributed to each node in
order to increase the probability of successful key recon-
struction in mobile networks. However, the security level
of the system can be degraded due to having multiple
redundant key shares on nodes. Our work is novel in that
our proposed decentralized key management framework
employing secret sharing maintains the security guaran-
tee of the data access through neighborhood prediction
and distributes key shares only to those nodes that are
traveling together.
III. DECENTRALIZED KEY MANAGEMENT
FRAMEWORK
We present the framework of our decentralized key
management approach in this section. We first discuss
the network model. We then present our approach of
decentralized key management. Finally, we describe the
adversary model.
52

Page 3

A. Network model
We consider mobile wireless networks, which con-
tain a large number of wireless devices (e.g., mobile
phones or on board sensing units on vehicles). Each
device has a unique ID and may perform different
functionalities in the network. Devices may freely roam
in the network, and the number of nodes in a network
may be dynamically changing due to its capability of
mobility, i.e., mobile nodes may join, leave, or fail over
time. Devising a generic approach that works across
all varieties of mobile wireless networks is impractical.
Therefore, as a starting point, we target our solutions to a
category of mobile wireless networks with the following
characteristics.
Mobility. Each node is moving in some patterns, or
just randomly, in a large well-defined area, though the
nodes are not aware of their moving patterns, if there
is any. There are no pre-defined trajectories for each
node. However, we assume there exists a co-movement
pattern within nodes, i.e., group of nodes may travel
together to common destinations. For example, a group
of tourists in New York City may travel to visit the
Metropolitan Museum together and each of them can
use their mobile phones to take pictures, shoot videos,
and write multimedia blogs on the way.
Neighbor-Aware. Each node has a communication
range and can communicate only with nodes within its
transmission range. We call the nodes in the transmission
range the neighbors. Mobility of nodes may result in the
change of the neighborhood. However, we assume that
for every node, it has a comparatively stable neighbor-
hood within a period of time.
Location-Aware. Each node knows their physical
locations at all time points during moving. This is a
reasonable assumption as most of wireless devices (e.g.,
mobile phones or vehicles) are equipped with GPS or
some other approximate but less burdensome localization
algorithms [12]. In many cases the location of the
collected data is important. For example, knowing that
a traffic accident occurred, which requires to inform
the neighboring nodes, but without knowing where it
occurred is useless.
Distributed Data Storage. Each node stores the data
it has collected. The data will be stored within the
network at each collector node(e.g., mobile phones or
vehicles) unless it is required to be sent to a centralized
storage space for backup. By uploading data in a lazy
fashion (i.e., on-demand only), distributed data storage
enables real-time query evaluation and avoids frequent
data transfer from the wireless devices to the centralized
storage, and consequently reduces battery power con-
sumption and decreases the communication overhead of
the network.
B. Distributed Key Management Model
1) Node Authentication: There has been sufficient
work [25], [13], [10] that we can employ to perform
node authentication. [25] proposed a partially distributed
certificate authority scheme that supports authority ser-
vices to be shared by multiple servers. [13] proposed
a distributed cryptography-based authentication solution
that distributes a certificate key to each node. [10]
extended [13] by providing a redundancy-based solution
for node authentication. Thus, we can adopt these ex-
isting works for node authentication in our network and
mainly focus on studying decentralized key management
for secure data access. In our work, whenever a node
enters the network, it has to pass the authentication
procedure. When a node in the network tries to access
data, the node needs to collect m key pieces. Thus, an
attacker node has to compromise up to m nodes, which
means that it has to succeed for m trials to hack the
system with complex overhead. This highly increases the
security level of our system compared with the system
that uses a centralized authority for data access, so that
the attacker node only has to hack one node, that is, the
centralized authority node.
2) Secret Sharing Based Key Management: To pre-
vent the misuse of the data and protect the privacy of
mobile users, the data is encrypted in our framework.
Further, we propose to use the secret sharing scheme
to achieve decentralized key management in dynamic
wireless environments.
Secret sharing, also named threshold secret sharing,
is originated from [18]. Specifically, in a (m,n) secret
sharing scheme, a secret is distributed among n partic-
ipants; only by collecting m(m ≤ n) secret shares can
re-construct the secret. The decision of values for m and
n controls the strength of the system.
Key Distribution. More formally, in mobile wireless
networks, a data decryption key S is shared among
n devices. To share the S among the n devices,
{c1,c2,...,cn}, we pick a polynomial of order m − 1:
f(x) = S+a1x+a2x2+···+am−1xm−1. Then the key
share Sito be distributed to device i is Si= f(ci)mod p,
where p is a big prime number, and ci denotes the ith
device among n.
We develop the secret sharing method in a fully
distributed manner: Each collector node acts as the dealer
node as defined in the secret sharing scheme [18] and
is responsible to distribute the decryption key of its own
data. Furthermore, since each collector node can encrypt
its data at different time periods, there can be multiple
keys associated with each node in our network. Thus, in
order to identify the key shares that belong to the same
key, the collector node will generate a unique key ID to
append to each key share. The unique key ID will help to
identify the key shares that belong to the same decryption
key. The collector node will destruct the decryption key
after it distributed the key shares.
Key Reconstruction. At a later time, the secret key
S can be reconstructed by using Lagrange interpolation
S = f(0) =?m
i=1Sci∗lci(x)(mod p), where p is a big
53

Page 4

prime number, and lci(x) is the lagrange coefficient of
the ith device and is defined as li(x) =?m
decryption key and each wireless device is unaware
of others’ shares. Further, only the authorized node by
the authentication protocol, e.g., [13], which owns the
certificate key, can reconstruct secret key S.
Key Updating. Given sufficiently long time, an ad-
versary could compromise m nodes and reconstruct
the decryption key of the data. To make our secret
sharing based key management more robust, the key
shares will be updated periodically. We apply proactive
secret sharing [21] in which the key shares will be
expired after a specified time period controlled by the
collector node. The collector node will re-distribute a
set of key shares once the key shares in the previous
distribution have expired. The new key share fnew(x)
can be generated as fnew(x) = S + (a1+ b1)x + ··· +
(am−1+bm−1)xm−1(mod p). Periodically, the collector
node will distribute the n newly generated key shares to
n wireless devices. The old keys are expired and thus
are discarded.
3) Handling Mobility via Neighborhood Prediction:
In a mobile wireless network, the devices carrying key
shares may move farther away, causing much commu-
nication overhead during key reconstruction and even
reconstruction failure (e.g., unreachable devices). Thus,
it is desirable to distribute key shares to devices that
are moving together with the collector node, and conse-
quently increasing the success rate of key reconstruction
in dynamic network environments and reducing the com-
munication overhead and energy consumption during
the reconstruction process. However, this brings in a
new challenge of how to determine the devices that are
traveling together with the collector node. To address
this issue, we propose to use neighborhood prediction.
In particular, we developed an array of key distribution
schemes, which explore correlations embedded in the
moving patterns of wireless devices, to predict devices
that are traveling together for efficient key distribution.
The detailed schemes will be presented in Section V.
During the key distribution phase, the collector node
utilizes these schemes to pick the top n wireless de-
vices that are most likely traveling together with it, and
distributes the n key shares to these devices.
Further, as stated in our network model each mobile
wireless device only keeps the information of its 1-hop
neighbors (i.e., devices within its transmission range).
During the key distribution phase, it is possible that there
are not enough devices within the 1-hop range to share
the key, i.e., the devices within the 1-hop range of the
collector node are less than n. To address this problem,
there are two possible solutions:
Solution 1: The collector could request its 1-hop
neighbors to send the information of their respective
1-hop neighbors back to it as candidates. Under the
j=1,j?=i
cj
cj−ci.
Any subsets of m key shares could reconstruct the
1
2
3
1
2
3
4
5
6
7
8
n
Figure 1.Illustration of TRAP in a 2-hop scenario
scenario that the returned number of candidates is still
less than n, the collector will make iterative requests
to the neighbors of neighbors to collect more candidate
devices, until it collects at least n candidates. Then it
will run the key distribution scheme on these candidates
and choose the top n devices from the results as the key
share holders.
Solution 2: The idea behind the second solution is that
the co-movement is transitive in practice. For instance,
if a mobile user A is traveling together with user B,
meanwhile B is traveling together with C, it is highly
likely that A is also traveling together with C. Thus, the
collector node can utilize this property and distribute
the prediction responsibility of key distribution to its
neighbors for further prediction of the devices traveling
together when there are less than n devices within
the 1-hop neighborhood for key share distribution. The
prediction of key distribution (i.e, the key distribution
scheme) can be successively invoked by the neighbors
of the neighbors until enough candidates are found. The
predicted results at each neighboring node during each
round of invocation will be sent back to the collector
node as candidates for choosing the top n devices.
Transitive Prediction (TRAP) Protocol. We note
that Solution 1 may incur high computational cost and
expensive energy consumption at the collector node.
Thus, in this work, we take Solution 2 and develop
a fully distributed prediction protocol called Transitive
Prediction (TRAP) that builds on top of our key distribu-
tion schemes. We utilize a layered approach (i.e., we call
1-hop neighbors of a node as one layer) to successively
find enough devices that are traveling together with the
collector node for resilient key distribution in multi-hop
mobile environments. In TRAP, the k-hop neighbors of
the collector node is defined as the 1-hop neighbors of
the (k − 1)-hop neighbors of the collector node with
k > 1. Figure 1 depicts TRAP of finding n traveling
together devices with the collector node in a 2-hop
scenario for key distribution.
At every round of TRAP, each involved neighboring
node will run the key distribution scheme to predict top x
devices from its 1-hop neighbors and send the prediction
results as candidates back to the collector node. To
ensure returning the sufficient number of candidates, we
54

Page 5

choose x = n in TRAP. The collector node will then
choose the top n devices from the returned candidates
based on the prediction criteria (e.g., the association rule
in Association-rule-based scheme in Section V) in our
key distribution schemes to share the key. Thus, in TRAP
the computation of successive prediction is distributed
at the neighbors that are traveling together, and conse-
quently the computational cost and energy consumption
at the collector nodes is significantly reduced.
C. Adversary Model
In this work, we consider adversaries that can com-
promise any wireless devices to obtain the key shares.
Once a node is compromised, an adversary can get the
key share stored on the node if any, however, it cannot
decrypt the data stored on the compromised node. An
adversary needs to compromise up to m nodes in order
to reconstruct the key to decrypt the data on a collector
node. Further, once a node is compromised, an adversary
may generate fake data and then distribute key shares of
the fake data in the network. However, this behavior will
not affect the secure access of the legitimate data cached
in the network. Thus, it is not the focus of our work.
IV. ROBUSTNESS ANALYSIS
In this section, we formally analyze the robustness
of our TRAP protocol in mobile wireless networks.
For mathematical tractability, we make the assumption
that the wireless nodes are randomly deployed in the
network, the node distribution follows a homogeneous
Poisson point process with a density of ρ nodes per unit
area [5], [17]. Note that ρ varies over the entire large
network due to the mobility of nodes. This assumption is
reasonable and has been widely used in analyzing multi-
hop mobile wireless networks [6], [15], [11].
A. Robustness Analysis
The (m,n) secret sharing scheme splits the decryption
key into n shares and distributes the n shares to n
devices. However, due to the mobility of the network, it
is possible that these key shares may not be accompanied
together while time goes. Thus in the following, we
analyze the robustness of the protocol via the probability
that legitimate users can successfully reconstruct the key.
One-hop scenario. This scenario considers the case that
there are sufficient m key shares available in the 1-
hop neighborhood of the node for key re-construction.
Assume that each node has a transmission range r; thus it
covers an area A = πr2. Since the number of nodes N in
the area A follows a Poisson distribution, the probability
that a node has i nodes in its 1-hop neighborhood is
Pr(N = i)=
γ = ρπr2. Further, we define p1, the percentage of
nodes in the 1-hop neighborhood of the collector node
that hold key shares. Let i1 be the total number of
nodes in 1-hop neighborhood. Since as each legitimate
γi
i!e−γ, where the expected node degree
user possesses a key share already, it needs to collect
another m − 1 key shares to reconstruct the key. It is
straightforward that p1i1 must be at least m − 1. Thus
we have:
Pr(i1p1≥ m − 1) = 1 − Pr(i1<m − 1
p1
)
= 1 −
?
m−1
p1
?
?
−1
j=1
γj
j!e−γ,
(1)
where γ = ρπr2.
Multi-hop scenario. This scenario considers the case
that there are less than m−1 key shares available in the
(k−1)-hop (k ≥ 2) neighborhood, but at least m−1 key
shares in the k-hop neighborhood of the collector node
for key re-construction. The (k − 1)-hop neighborhood
covers an area Ak−1 = π((k − 1)r)2, while the k-
hop neighborhood of a node (with transmission range
r) covers an area Ak = π(kr)2. Let ik−1 and ik be
the number of neighbors in the (k − 1)-hop and k-hop
neighborhood. Similar to the 1-hop scenario, we define
pk as the percentage of nodes in k-hop neighborhood
that carry key shares. Since the legitimate user (holding
a key share already) can collect t ∈ [m − 1,n − 1] key
shares from the k-hop neighborhood but less than m−1
neighbors from the (k −1)-hop neighborhood, we have:
Pr(m − 1 ≤ ikpk≤ n − 1|ik−1pk−1< m − 1)
=
Pr(ik−1<m−1
Pr(m−1
pk
Pr(ik−1<m−1
Pr(ik<m−1
Pr(ik−1<m−1
?
?
where the expected node degree γ?= ρπ(k −1)2r2and
γ = ρπk2r2.
Pr(m−1
pk
≤ ik≤n−1
pk) + Pr(ik−1<m−1
pk−1)
≤ ik≤n−1
pk−1)
pk)
pk−1)
m−1
pk
j=1
?
j=1
pk−1)
−
pk∪ ik−1<m−1
pk−1)
= 1 −
= 1 −
??
?
−1
γj
j!e−γ
m−1
pk−1
−1
γ?j
j!e−γ?
,
(2)
B. Discussion
Based on the theoretical analysis, we choose different
parameter setup to measure the probability of robustness
in our approach.
We fix the value of γ (e.g., γ = 15), the expected num-
ber of nodes in 1-hop neighborhood, and vary the value
of p1, the ratio of the nodes in the 1-hop neighborhood
that holds key shares. Figure 2 (a) presents the robustness
probability of key reconstruction in the 1-hop neighbor-
hood with n = 15 and m = 4,6,8 and 10 for the setup
of the (m,n) secret sharing scheme. We observed that
for all the m values, the robustness probability increases
55

Page 6

0.10.2 0.3 0.40.50.6 0.70.80.9
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
p1
Robustness Probability


m=4
m=6
m=8
m=10
0.1 0.20.3 0.40.5 0.60.7 0.80.9
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
p1
Robustness Probability


m=10
m=15
m=20
m=25
m=30
(a) n = 15(b) n = 50
Figure 2.
6, 8, and 10 and (b) m = 10, 15, 20, 25, and 30 in the secret sharing
method.
Robustness probability for 1-hop scenario with (a) m = 4,
with increasing p1. This is straightforward as the more
key shares moving together, they make better chance for
key reconstruction. Figure 2(b) shows the results when
we change to n = 50 and m = 10,15,20,25 and 30 for
the setup of the (m,n) secret sharing scheme. It has a
similar trend as Figure 2(a). Furthermore, we observed
that the smaller m value is, the smaller p1is needed to
achieve a robustness probability threshold, since fewer
number of key shares are needed for key reconstruction.
Figure 3 presents the robustness probability in a 2-
hop scenario with the (10, 15) secret sharing method.
Similar to the 1-hop neighborhood scenario, we vary the
value of p2, the ratio of the nodes holding key shares
in the 2-hop neighborhood. Meanwhile, we set the value
of p1, the percentage of nodes holding key shares in the
1-hop neighborhood, as 0.1, 0.3 and 0.5 respectively. In
general, the analytical robustness probability is as high
as near to 1 for most of the cases. This indicates the
feasibility of applying TRAP using the secret sharing
method to mobile wireless networks.
We note that the value of m and n are both adjustable
in our scheme depending on the scheme designer, which
can vary from the network size, robustness requirement,
security level and other considerations. The security
analysis of our approach can be found in [24].
V. KEY DISTRIBUTION SCHEMES
Careless key distribution will result in key shares
scattered across the whole network and thus degrade the
performance of key reconstruction. Therefore, how the
key shares are distributed is of utmost importance. Based
on our theoretical analysis in Section IV, ideally the
key shares should be distributed to the nodes that move
together in the network. In this section, we investigate
three schemes to decide which nodes should be assigned
the key shares in the TRAP protocol. The three key
distribution schemes can be classified into two types,
the one that does not respect the relationships between
moving patterns of different nodes (i.e., correlation-blind
scheme), and the one that does (i.e., correlation-aware
schemes). For the first type, we design a scheme named
random selection, while for the second type, we design
two schemes, namely association-probability-based, and
0.10.120.140.160.180.2
0.95
0.955
0.96
0.965
0.97
0.975
0.98
0.985
0.99
0.995
1
p2
Robustness Probability
p1=0.5
p1=0.3
p1=0.1
Figure 3.
secret sharing setup.
Robustness Probability in the 2-hop scenario with (10, 15)
association-rule-based. As it is possible that there are
less than n nodes in the 1-hop neighborhood of the
current node, these schemes aim at choosing x ≤ n
nodes, where x is either the number of available nodes
in the current 1-hop neighborhood (when there are less
than n such nodes), or n, when there are sufficient n
nodes in the 1-hop neighborhood.
A. Correlation-blind Scheme
We design the random selection scheme that picks
x nodes without considering the moving patterns of
these nodes. The idea is straightforward: the x nodes are
randomly picked from the 1-hop neighborhood, without
taking the moving patterns of these nodes into consid-
eration. This is a naive approach to distribute the key
shares. It is obvious that this scheme may be suffered
from inefficient key reconstruction, as the x nodes that
hold key shares are likely to move apart in the future
and consequently the collection of x key shares from
these x nodes will be costly in terms of communication
overhead. Unfortunately, most existing schemes [18],
[25], [13] use this random-selection strategy to do the
key distribution.
B. Correlation-aware Schemes
The key to improve the performance of key recon-
struction procedure is to distribute the key shares to
the nodes that are moving together, i.e., the nodes that
have strong correlations between their moving trajec-
tories. To achieve this goal, we design two schemes,
namely association-probability-based, and association-
rule-based, to determine the x nodes for key distribution
by considering the correlations between their moving
patterns. For these two schemes, we use different mech-
anisms to measure the correlations/associations between
different moving trajectories.
1) Association-probability-based Scheme:
scheme, we measure the correlation/association between
different moving trajectories as probability. In particular,
given a current node c and a candidate node c?, let T and
T?be the trajectories of c and c?within the time window
W, then the association probability Prabetween c and
c?is computed as Pra= C/|W|, where C is the number
of time points in W that c?is in the 1-hop neighborhood
In this
56

Page 7

Time Point
T1
T2
T3
T4
Neighbor ID
c1,c3,c4
c2,c3,c5
c1,c2,c3,c5
c1,c2,c5
Neighbor Set
{c1}
{c2}
{c3}
{c4}
{c5}
(b) The support of 1-node set
Support
0.75
0.75
0.75
0.25
0.75
(a) The neighborhood of c0
Neighbor Set
{c1,c2,c3}
{c1,c2,c5}
{c2,c3,c5}
{c1,c3,c5}
(c) The support of 3-node set
Support
0.25
0.5
0.5
0.25
Table I
ILLUSTRATION OF THE Association-rule-based SCHEME.
of c. We rank the probability Pra in descending order
and pick the top-x nodes in the sorted list as the key
distributees.
2) Association-rule-based Scheme: Association rule
technique is a well-known machine learning mechanism
that can effectively discover hidden associations in the
collection of data. In general, an association rule is
defined as an expression X ⇒ Y , where X and Y are
value set, with support s%. It indicates the fact that X
tends to be associated with Y , with the evidence that
s% of tuples contain both X and Y . We adapt it to
our problem for finding x nodes that have associated
moving patterns. To be more specific, we try to find
the rule X ⇒ Y from D of the highest support s%,
where X = {c}, the current node that is looking for
candidates from its current 1-hop neighborhood, and Y
is a set of x nodes {c1,...,cx}, i.e. an x-node set. The
rule indicates the fact that node c is moving together with
nodes c1,...,cx. The support s% equals to the number
of time points at which both {c} and {c1,...,cx} locate
in the 1-hop neighborhood.
There has been active research on efficient association
rule mining algorithms. However, we cannot directly
apply these algorithms to our problem, as they return the
association rules whose supports are no less than a given
threshold, while in our case, we look for the x-node
association rule of the highest support, which is unknown
before mining. If we set the threshold as 0, it will result
in computing all possible
x
nodes) combinations of associations, which will be very
expensive. Therefore, our goal is to efficiently discover
the x-node association rule that is of the highest support
from the trajectory data. If there are multiple such rules,
we pick the one of the largest support, and choose the
x nodes in the Y side of the rule.
The general principle of most of association rule min-
ing algorithms for efficient mining is to make use of the
monotone property of the association rules, which refers
to the fact that any subset of a frequent itemset (i.e., of
large support) must be frequent [2]. Thus generating the
candidate itemsets in each pass only needs to use the
frequent itemsets found in the previous pass. We utilize
this property and design the following algorithm. First,
given the current node c that is looking for candidates
from its current 1-hop neighborhood, for each candidate
?t
?(t : number of candidate
Figure 4.
and its vicinity in Germany.
The simulation data sets are generated based on the city
node c?, we compute the support of 1-node association
{c} ⇒ {c?}, and rank these supports in descending
order. Following the monotone property of association
rules, the target x-node association of the top-1 support
must be chosen from the 1-node associations of the
top-x support (i.e., the support of the top x-th item
in the sorted item list). Therefore, we pick the 1-node
associations of the top-x support. If there are exactly
x such nodes, they are the x key distributee nodes that
we look for. Otherwise, out of the x?> x nodes, we
compute the support for all possible x-node associations,
and output the one of the largest support. Our algorithm
only needs at most?x?
choices, where t is the set of all possible candidate nodes,
our algorithm is much more efficient.
We use an example to illustrate our algorithm. Con-
sider a collector node c0whose neighborhood at various
time points is shown in Table I (a). Assume x=3. We
first calculate the support of all 1-node association, with
the result shown in Table I (b). There are four nodes
c1,c2,c3 and c5 that are of top-3 support 0.75. Then
we calculate the support of
sets. Table I (c) shows that out of these four candidates,
{c1,c2,c5} and {c2,c3,c5} both have the same highest
support value. We pick one and return it as the final
result.
x
?passes to find x key distributee
nodes. Compared with checking all possible?t
x
?(t > x?)
?4
3
?
= 4 possible 3-node
VI. SIMULATION EVALUATION
In this section, we describe our simulation methodol-
ogy and present the results that evaluate the effectiveness
of our schemes.
A. Methodology
We would like to evaluate the feasibility of applying
our approaches in application environments (e.g. traffic
monitoring in VANETs) using mobile wireless networks.
Thus, we conducted simulations based on mobile devices
generated from a city environment and its vicinity in
Germany [7] as shown in Figure 4. The size of the area
is 25000m × 25000m. We generated 1000 nodes and
placed them randomly inside the city as a real-world
network. To further simulate real-world scenarios, during
57

Page 8

the simulation period some new nodes may move into the
city environment and some existing nodes may move out
the city environment. We studied two different scenarios
with respect to the traveling speed of the node: walking
speed (5ft/sec) and vehicular traveling speed (50ft/sec)
by randomly choosing multiple subsets of nodes. The
scenario using the regular walking speed simulates data
collection through mobile phones carried by people,
while the scenario with the vehicular traveling speed
intends to study the applications enabled by the data
collected through VANETs. There are no pre-defined
trajectories for each node. However, group of nodes may
travel together to common destinations (e.g. shopping
malls or museums in the city).
B. Metrics
We utilize the following metrics to evaluate the effec-
tiveness of our key distribution schemes using neighbor-
hood prediction:
Prediction Accuracy. We measure the effectiveness
of the key distribution through neighborhood prediction.
We split our simulation study time into two periods:
past and future. The data in the past is used to perform
prediction, whereas the data in the future is used to
validate the prediction accuracy. For a given collector
node, we define the prediction accuracy as the per-
centage of the intersection of the predicted devices that
will travel together in the future ({Npredict}) and the
devices that are indeed traveling together in the future
({Nfuture}):|{Npredict}∩{Nfuture}|
effectiveness of our key distribution schemes by studying
the statistical characteristics of the prediction accuracy
through calculating its Cumulative Distribution Function
(CDF) and averaged prediction error.
Time Performance. By measuring the time that each
scheme needs to perform neighborhood prediction for
key distribution, we evaluate the efficiency across dif-
ferent schemes. This metric helps to benchmark our
schemes in the simulation environment and further in-
dicates the feasibility of implementing them in real
wireless devices.
|{Npredict}|
. We will evaluate the
C. Results
1) Prediction Accuracy: Cumulative Distribution
Function (CDF) Measurement: 1-hop Scenario. We
are interested in studying what is the probability of
different key distribution schemes that can perform
neighborhood prediction with 100th, 75th, 50th, and
25th percentile accuracy. Figure 5 presents the CDF of
prediction accuracy with respect to different m and n
in the secret sharing method under the walking speed.
In Figure 5, n is set to 15 and 50 respectively and
m is set to 10 and 20 respectively. In this simulation
setup, n is the network size and all the nodes are
within the transmission range of the collector node.
We observed that Association-rule-based scheme tops
1008060 40200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Prediction Accuracy (%)
Probability
Random Selection
Association−probability−based
Association−rule−based
100 80 6040 200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Successful Prediction Ratio(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
(a) Walking speed, m=4 (b) Walking speed, m=10
100 806040 200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Prediction Accuracy (%)
Probability
Random Selection
Association−probability−based
Association−rule−based
10080 60 40200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Prediction Accuracy (%)
Probability
Random Selection
Association−probability−based
Association−rule−based
(c) Vehicular speed, m=4
Figure 6. CDF of prediction accuracy under different traveling speed
when n = 50.
(d) Vehicular speed, m=10
out the performance, whereas Random Selection has the
worst prediction performance. In general, Correlation-
aware schemes outperform the Correlation-blind scheme.
Further, we found that under a fixed m, the larger the
n is the higher the prediction accuracy can be achieved.
Because under a larger n, there are more nodes that
are holding key shares travel together with the collector
node, and thus the probability of a successful key recon-
struction is increased. On the other hand, under a fixed
n, the smaller the m is the higher the prediction accuracy
can be achieved. Because under a smaller m, it requires
fewer nodes that are holding key shares travel together
in order to achieve successful key reconstruction.
Figure 6 presents the comparison of the Prediction
Accuracy CDFs under different traveling speed, walking
speed and vehicular speed, with different setups of the
secret sharing method, i.e.,(4, 50) and (10, 50). We
observed the similar performance trend as in Figure 5:
Correlation-aware schemes outperform the Correlation-
blind scheme. Further, the performance of our key distri-
bution schemes under the vehicular speed is qualitatively
the same as the performance under the walking speed.
This indicates that our approach is generic across differ-
ent device traveling speed.
Averaged Prediction Error: 1-hop scenario. Fig-
ure 7 (a) and (b) present the percentage of the predic-
tion error versus different (m,n) setups in the secret
sharing method across our key distribution schemes
under the walking speed. We observed that Correlation-
aware schemes incur smaller prediction errors (less than
36%) and the Association-rule-based scheme presents
the smallest prediction errors in all cases. Further, un-
der a fixed n, the prediction error increases with the
58

Page 9

1008060 40200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Successful Prediction Ratio(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
100806040200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Prediction Accuracy(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
100806040 200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Prediction Accuracy(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
(a) n=15, m=6
Figure 5.
(b) n=50, m=6(c) n=50, m=20
Cumulative Distribution Function(CDF) of prediction accuracy under the walking speed.
m=4m=6 m=10
0
0.1
0.2
0.3
0.4
0.5
Average Error
Association−rule−based
Association−probability−based
Random Selection
(a) 1-hop scenario, n = 15
m=4m=6 m=10
0
0.1
0.2
0.3
0.4
0.5
Average Error
Association−rule−based
Association−probability−based
Random Selection
(b) 1-hop scenario, n = 50
Averaged prediction error using TRAP under the walking speed.
m1=4 m1=10
0
0.1
0.2
0.3
0.4
0.5
Average Error
Association−rule−based
Association−probability−based
Random Selection
(c) 2-hop scenario, n = 50
Figure 7.
increasing number of m. Overall, the results of averaged
prediction errors are inline with the observations of
prediction accuracy in Figure 5. This is encouraging as
it indicates that our key distribution schemes are highly
effective in distributing the key shares to those devices
that are traveling together with the collector node.
TRAP: 2-hop Scenario. We next present the results
when there are not enough devices within the transmis-
sion range of the collector node and the key distribution
will be performed in the multi-hop range of the collector
node. Figure 8 presents the CDF of the prediction
accuracy for a (20, 50) secret sharing method in a 2-hop
scenario. During key reconstruction,there are not enough
key shares within the transmission range of the collector
node that are traveling together with it, e.g., m1=4 and
6 in this simulation. The rest of the key shares will be
collected through the second hop of the collector node
using TRAP. We found that the key distribution schemes
have better performance when m1 = 10 as shown in
Figure 8 (b) than those when m1= 4 (Figure 8 (a)). This
is because when there are more key shares can be found
in the 1-hop range, there will be less nodes carrying
key shares need to be found in the 2-hop range, and
consequently the prediction accuracy increases. Further,
when there are more key shares need to be collected
in the 2-hop range, i.e., m1= 4, the Association-rule-
based scheme can still reach the probability of 84%
to achieve the prediction accuracy of 80% or higher.
Additionally, the results of the averaged prediction error
shown in Figure 7 (c) are consistent with our prediction
accuracy. Thus, these results provide strong evidence of
the effectiveness of TRAP.
Time performance. Finally, we study the time effi-
ciency of our key distribution schemes. Table II presents
the time measurements of our schemes when using
various setups of m and n in the secret sharing method.
We observed that the time to perform key distribution
through neighborhood prediction is in the order of mil-
liseconds for all the schemes by using a DELL desktop
with Intel Core2 Q6600 2.4GHz processor. Further,
we found that the schemes, e.g., Association-rule-based
scheme, which provide higher prediction accuracy run
slower. Thus, there exists a tradeoff between the predic-
tion accuracy and the computation time. Our results will
provide a guidance for choosing different schemes based
on application needs in practice.
VII. CONCLUSION
In this work, we proposed a fully decentralized key
management framework to facilitate secure data access
in mobile wireless networks, where cryptographic keys
Scheme setting
Random Selection
Association-probability-based
Association-rule-based
Scheme setting
Random Selection
Association-probability-based
Association-rule-based
(4, 15)
10.2
27.8
29.2
(4, 50)
13.6
42.2
44.3
(6, 15)
10.48
31.4
33.0
(6, 50)
14.08
41.4
45.8
(10, 15)
11.06
44.6
46.2
(10, 50)
14.6
48.6
49.7
Table II
TIME PERFORMANCE (IN MILLISECOND) ACROSS DIFFERENT KEY
DISTRIBUTION SCHEMES
59

Page 10

1008060 40200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Successful Prediction Ratio(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
100806040200
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Successful Prediction Ratio(%)
Probability
Random Selection
Association−probability−based
Association−rule−based
(a) n=50, m=20, m1=4
Figure 8. CDF of prediction accuracy under different traveling speed
when n = 50.
(b) n=50, m=20, m1=10
are split into multiple shares and are distributed to
multiple nodes in the network. The data is cached in the
collecting mobile devices within the network to reduce
the high communication overhead and excessive energy
consumption among wireless devices if continuously
forwarding the data to centralized storage nodes. To
handle the node mobility, we further developed the Tran-
sitive Prediction (TRAP) protocol that distributes the key
shares to the nodes that are moving together through
neighborhood prediction for effective key reconstruction
in mobile environments. Additionally, as a part of TRAP,
we designed three key distribution schemes to choose
the distributee nodes that have co-moving patterns by
analyzing the correlation relationship embedded in the
trajectories of co-moving devices. We further derived a
theoretical analysis of the robustness of our approach.
Our simulation results based on data sets generated from
a simulated mobile wireless network in city environ-
ment demonstrated that our key distribution schemes
are highly effective for key reconstruction. Both of our
theoretical analysis and simulation results provide strong
evidence of the feasibility of applying the decentralized
key management framework to achieve resilient data
confidentiality in distributed mobile environments. As a
further goal, we plan to extend TRAP to the energy-
constrained mobile computing model, and investigate the
complexity and overhead of TRAP in terms of energy
consumption.
REFERENCES
[1] A. Abdul-Rahman. The pgp trust model. edi-forum. the Journal
of Electronic Commerce, 1997.
[2] R. Agrawal and R. Srikant. Fast algorithms for mining associa-
tion rules. pages 487–499, 1994.
[3] M. Azizyan, I. Constandache, and R. R. Choudhury. Surround-
Sense: Mobile Phone Localization via Ambience Fingerprinting.
In Proceedings of the International Conference on Mobile Sys-
tems, Applications, and Services (MobiSys), June.
[4] D. Balfanz, D. Smetters, P. Stewart, and H. Wong.
to strangers: Authentication in ad-hoc wireless networks.
Proceedings of the 9th Annual Network and Distributed System
Security Symposium (NDSS), 2002.
[5] C. Bettstetter and C. Hartmann. Connectivity of wireless mul-
tihop networks in a shadow fading environment. pages 28–32,
2003.
Talking
In
[6] C. Bettstetter and J. Zangl. How to achieve a connected ad hoc
network with homogeneous range assignment: an analytical study
with consideration of border effects.
Communications Network, 2002. 4th International Workshop on,
pages 125–129, 2002.
[7] T. Brinkhoff.Generating network-based moving objects.
Proceedings of the 12th International Conference on Scientific
and Statistical Database Management, 2000.
[8] A. Ghose, J. Grossklags, and J. Chuang. Resilient data-centric
storage in wireless ad-hoc sensor networks. In Proceedings of
the 4th International Conference on Mobile Data Management,
pages 45–62, 2003.
[9] J. Girao, D. Westhoff, E. Mykletun, and T. Araki. Tinypeds: Tiny
persistent encrypted data storage in asynchronous wireless sensor
networks. Ad Hoc Networks, Elsevier, 5:10731089, 2007.
[10] D. Joshi, K. Namuduri, and R. Pendse.
and fully distributed key management scheme for mobile ad
hoc networks: an analysis. EURASIP J. Wirel. Commun. Netw.,
2005(4):579–589, 2005.
[11] L. Kleinrock and J. Silvester. Optimum transmission radii for
packet radio networks or why six is a magic number. In National
Telecommunications Conference, volume 1, 1978.
[12] K. Langendoen and N. Reijers.
wireless sensor networks: a quantitative comparison. Comput.
Networks, 43(4):499–518, 2003.
[13] H. Luo and S. Lu. Ubiquitous and robust authentication services
for ad hoc wireless networks. Technical report, 2000.
[14] E. Miluzzo, N. D. Lane, K. Fodor, R. A. Peterson, H. Lu, M. Mu-
solesi, S. B. Eisenman, X. Zheng, and A. T. Campbell. Sensing
Meets Mobile Social Networks: The Design, Implementation
and Evaluation of the CenceMe Application. In Proceedings of
6th ACM Conference on Embedded Networked Sensor Systems
(SenSys), November.
[15] D. Miorandi and E. Altman. Coverage and connectivity of ad
hoc networks in presence of channel randomness.
INFOCOM, pages 491–502, 2005.
[16] R. D. Pietro, L. V. Mancini, C. Soriente, A. Spognardi, and
G. Tsudik. Catch me (if you can): Data survival in unattended
sensor networks. In Proceedings of the IEEE International Con-
ference on Pervasive Computing and Communications (PerCom),
2008.
[17] S. S. K. Quanjun Chen and M. Hassan.
node traffic load in multi-hop wireless sensor networks. IEEE
Transactions on Wireless Communications, 8(2):958–967, feb
2009.
[18] A. Shamir. How to share a secret. Commun. ACM, 22(11):612–
613, 1979.
[19] M. Shao, S. Zhu, W. Zhang, and G. Cao. pDCS: Security and
privacy support for data-centric sensor networks. In Proceedings
of the IEEE International Conference on Computer Communica-
tions (INFOCOM), 2007.
[20] S. Shenker, S. Ratnasamy, B. Karp, R. Govindan, and D. Estrin.
Data-centric storage in sensornets. ACM SIGCOMM Computer
Communication Review archive, 33, 2003.
[21] A. H. Stanis, A. Herzberg, H. Krawczyk, and M. Yung. Proactive
secret sharing or: How to cope with perpetual leakage. pages
339–352. Springer-Verlag, 1995.
[22] A. Studer, E. Shi, F. Bai, and A. Perrig. Tacking together efficient
authetication, revocation, and privacy in vanets. In Proceedings
of the First IEEE International Conference on Sensor and Ad
hoc Communcations and Networks (SECON), June 2009.
[23] S.ˇCapkun, J.-P. Hubaux, and L. Butty´ an. Mobility helps security
in ad hoc networks. In Proceedings of the 4th ACM international
symposium on Mobile ad hoc networking & computing (Mobi-
Hoc), pages 46–56, 2003.
[24] X. Zheng, H. Wang, Y. Chen, H. Liu, and R. Liu. A decen-
tralized key management scheme via neighborhood prediction in
mobile wireless networks. Technical report, Stevens Institute of
Technology, June 2010.
[25] L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network
Magazine, 13:24–30, 1999.
In Mobile and Wireless
In
Secure, redundant,
Distributed localization in
In IEEE
Analysis of per-
60