4.1
Introduction
In this chapter, we carry out a simulation based study of the rekeying protocol presented in the previous chapter. The features of the protocol are analyzed in terms of simulation metrics that we deem relevant to assess its basic advantages over the classical LKH scheme:
• the communication overhead; • the number of losses.
Simulation results are used to understand that the proposed rekeying protocol offers an opti- mization in terms of scalability, reliability and answers to the requirement of customer satisfac- tion over LKH. We therefore first analyze the efficiency of the simple partitioning scheme, then deal with the performance of the hybrid reliability method based on the proposed User-oriented Key assignment algorithm.
4.1.1
Implementation
The proposed rekeying mechanism described in the previous chapter is implemented as a discrete- event simulator in C. The events represent the actions of a key server and operations performed by recipients such as join, leave or change of status to become permanent. In order to show the significance of the performance of our protocol, the original logical key tree is also imple- mented. Therefore, the simulator can run in two modes. One mode simulates the original LKH
70 4. SIMULATION-BASED VALIDATION OF THE PROPOSED PROTOCOL
scheme whereby only one key tree is defined to manage all group members and the other mode simulates the proposed partitioning scheme using two key trees: one for volatile members and the other one for permanent members.
With respect to scalability, we can set a different rekeying algorithm in each of the main modes. If individual rekeying is adopted, the key trees are updated after each join or leave event. Using batch rekeying, the duration of the rekeying interval is defined and all the joining and leaving members are collected in a queue. The corresponding rekeying operation is performed at the beginning of the subsequent interval.
In order to have results in terms of reliability, we simulate a packet loss probability which is independent for each client as an input simulation parameter. We therefore can analyze the number of members losing at least one rekeying packet during each rekeying operation. In both modes (classical LKH - Two key trees), three optional reliability mechanisms are available as follows:
• No reliability: the rekeying packets are sent without any additional packets; • Static replication: every rekeying packet is transmitted a given number of times;
• hybrid FEC: this option illustrates the proposed hybrid reliability method where the key server first defines FEC blocks with respect to the proposed user oriented key assign- ment algorithm, then, based on the parameters α and β, transmits each block with the corresponding parity packets.
Type Distribution Parameters
1 Uniform lower bound, upper bound 2 Exponential mean value
3 Normal mean value and standard deviation 4 Log Normal mean value and standard deviation 5 Pareto mean value and distribution shape 6 Hyperexponential mean value and distribution covariance 7 Triangular lower bound, upper bound, mode
8 Zipf Zipfαand n
Table 4.1: The probability distributions implemented in the simulator
Finally, we can also simulate different customer behaviors. The main parameters for this aspect are the inter-arrival and service time distributions for each class of client (short-duration and long-duration). The arrival time and membership duration of each member can be defined as random variables. The simulator either uses a random variable generator, given the required parameters for each type of distribution or the client behavior can explicitly be specified. It is possible to specify the exact arrival times and service times of clients. Thanks to this option, one can simulate the efficiency of the proposed rekeying protocol with respect to real customer
Table 4.2 summarizes the choice of parameters for the simulator. We regroup system parame- ters into four main sections: the key tree options define the main parameters with respect to the key tree; the customer behavior where the user defines the inter-arrival and service time distribution of both short-duration and long-duration members; the parameters related to the time; the reliability features describing the method used for reliability.
Keytree Options
keytree mode 1: one key tree (SKT) 2: 2 key trees (2KT)
keytree outdegree the degree of the key tree with respect to keytree mode rekeying option 1: individual rekeying
2: batch rekeying
Customer behavior
inter-arrival_s inter-arrival time distribution parameters for short-duration members (or the file) inter-arrival_l inter-arrival time distribution parameters
for long-duration members (or the file) service-time_s service time distribution parameters
for short-duration members (or the file) service-time_l service time distribution parameters
for long-duration members (or the file)
Time parameters
rekeying interval for members in SKT Ts
rekeying interval for volatile members Tv
rekeying interval for permanent members Tp=δTv
threshold time value tth
total simulation time T
Reliability features
loss probability p
subtree height for hybrid FEC blocks a
reliability method 1: None
2: Replication (n: replication factor) 3: hybrid FEC (α,β)
Table 4.2: The simulator’s system parameters
4.1.3
Simulation metrics
In this section we present the major simulation metrics that are relevant for the analysis of the proposed rekeying protocol.
72 4. SIMULATION-BASED VALIDATION OF THE PROPOSED PROTOCOL
Rekeying cost
Thanks to this simulator, given input parameters, we can analyze either the total number of rekeying packets for the whole session or the number of rekeying packets per rekeying interval. The simulator can output the rekeying cost with respect to the chosen reliability method. If the replication method is chosen with parameter n, then the total rekeying cost is:
total_cost(n,t) = n ∗ cost(t)
If on the other hand, the hybrid FEC scheme is chosen, the simulator first constructs the FEC blocks using the user oriented key assignment algorithm (refer to section 3.4.2) and then computes their corresponding number of parity packets. The total rekeying cost will be the sum of all the FEC block sizes including additional parity packets.
Finally, we also can distinguish the rekeying cost resulting from each key tree (single, volatile or permanent).
Number of joining and leaving members
The simulator can also output the number of joining and leaving members. We can distinguish the category of a member (short-duration, long-duration). We can also get the number of false positives, that is the number of short-duration members who have joined the permanent key tree. Thanks to this property, we can get the number of long-duration members treated as permanent and decide the threshold value tththat better fits with our scheme.
Number of losses
Given the loss probability of a packet, the simulator outputs the number of members losing at least one rekeying packet per rekeying interval. We can again distinguish the number of losses with respect to the real categories (short-duration and long-duration) and the monitored categories (volatile and permanent). These values will allow us to compare the efficiency of the proposed protocol with LKH in terms of reliability in general and in terms of customer satisfaction.
Additional join/leave time
Finally the simulator also outputs the average time that a joining member waits for, before re- ceiving its corresponding keying material and symmetrically the average additional time granted to a leaving member that is at most twice the rekeying interval’s duration.
In this section, we describe the simulation parameters that are never modified in further simula- tions. In our simulation, we consider two real categories of members that are equally present in the group: their interarrival time are distributed exponentially with a mean of one second. Their membership duration are distributed exponentially with a mean Msfor short-duration members and Ml for long-duration members. We set the simulation time to T = 10000s and the means to: Ms= 1000s and Ml= 100000s.
Batch rekeying is performed and the rekeying interval is set to Ts = 60s for the single key tree scheme and to Tv= 60s and Tp= 60∗10 = 600s for the proposed partitioning scheme. The packet loss probability is set to p= 0.1
Impact of the threshold time tth
As explained in the previous chapter, in order to define tth, the key server should in one hand regroup a maximum number of long-duration members while trying to keep the number of short-duration members considered as permanent low.
Based on the previously defined parameters, we simulate the partitioning scheme with dif- ferent values of tth and analyze the number of short-duration members considered as being permanent (ie. the number of false positives). Figure 4.1 illustrates these simulations and com- pares the total number of short-duration members joining the group with the number of those joining the permanent key tree.
From this figure, we observe that the number of short-duration members joining the perma- nent key tree decreases exponentially. If the key server sets that at most 5% of short-duration members should be considered as permanent, we end up with tth= 3000 and observe that the resulted proportion of short-duration members transfered to the permanent key tree is 4.98%.
4.2.2
Simulation scenarios
With the given simulation set-up parameters, we analyze the performance of the proposed rekey- ing protocol over the classical LKH scheme with respect to the number of losing members and the rekeying cost (being the number of rekeying packets) in an incremental way:
74 4. SIMULATION-BASED VALIDATION OF THE PROPOSED PROTOCOL 0 2000 4000 6000 8000 10000 12000 0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000
number of short duration members
threshold time
number of short-duration joins number of short-duration as permanent
Figure 4.1: Number of short-duration members as being permanent with respect to tth
spectively for volatile and permanent members and the key server transmits rekeying packets without any additional packets;
• Case 2: we apply our user oriented key assignment algorithm where the key server re- groups rekeying packets such that any member only receives one block to retrieve all of its updated keying material;
• Case 3: we analyze the efficiency of the proposed hybrid reliability scheme which aims to offer a reliable delivery of the keying material to almost all permanent members given parametersαandβ.