Analysis of Key Establishment Techniques for Secure D2D Communication in Emerging 5G Cellular Networks

DOI: https://doi.org/10.46544/AMS.v26i3.01 Abstract Device-to-Device (D2D) communication as part of emerging 5G wireless networks presents a new paradigm for enhancing the performance of traditional cellular networks. The number of devices connected over the internet is dramatically increasing, and cellular operators are struggling to harness the overwhelming data traffic on their networks. D2D communication in a cellular network allows two cellular devices in close proximity to communicate directly with each other without going through the base station. D2D communication faces various challenges that include device discovery, resource allocation, interference and security; however, the security aspects of D2D are not sufficiently addressed. Due to limited computing capability and energy-constrained D2D devices, effective and lightweight security solutions are required for enabling successful D2D capability. To secure D2D communication, session key establishment is the most vital task. Public Key Cryptography (PKC) is the most widely used cryptosystem and have numerous security applications such as encryption, digital signature, and key exchange. This work analyses the performance of three PKC protocols that are commonly used for session key establishment and exchange, namely, Diffie-Hellman (DH), Rivest-Shamir-Adleman (RSA) and Elliptic Curve Diffie-Hellman (ECDH), with a focus on D2D communication. We performed extensive simulations for DH, RSA and ECDH, in D2D communication scenarios using OMNET++ simulator and explored the effect of various network factors on key establishment delays such as network size, the impact of interference between D2D pairs and the effect of interference from cellular users upon D2D users as well. The results reported in this paper can provide significant insight in assessing the suitability of DH, RSA and ECDH for the key establishment for D2D in 5G networks.


Key Establishment and Management
To secure the communication among the D2D devices, secure key establishment is a vital task. The key management is concerned with the generation, storage and exchange of the keys. The authentication allows the devices to identify each other and allow only legitimate users to use the D2D services. The public-key cryptographic (PKC) algorithms are commonly used for key establishment and digital certificates. Because of PKC computational overhead, they are rarely used for usual encryption; rather, symmetric-key cryptographic (SKC) algorithms (AES/DES) are used commonly. PKC techniques are often used to exchange/create keys for SKC algorithms. Key management is also a very crucial issue in group communication in D2D. The D2D requires key updating dynamically because devices enter and leave the group frequently. Further, for emerging peer-topeer D2D applications running over resource-constrained mobile devices, PKC techniques with lower overhead become critical.

Related Work
Several approaches have been suggested in the literature for authentication and key establishment in the D2D context. These can be categorised on the basis of a limited number of recognised PKC algorithms such as RSA, Diffie-Hellman (DH) and Elliptic Curve Cryptography (ECC). The Rivest-Shamir-Adleman (RSA) scheme was the first used public-key cryptosystem published in 1978 by Ron Rivest, Adi Shamir, and Len Adleman at MIT. The RSA cryptographic system is based on the practical difficulty of factorising the product of two large prime numbers. RSA is computationally intense and hardly used for general encryption; however, RSA has other applications like Key Exchange and Digital Signatures. RSA requires a larger key size; the normal key size being used for the encryption is 1024 bits.
The authors (Fouda et al., 2011) provide a broad overview of smart grid communication and implement a lightweight message authentication mechanism tailored for smart grid communication. This scheme is based on DH, HMAC and RSA cryptographic functions. The simulation results show that the scheme has less communication overhead and low latency compared to Elliptic Curve Digital Signature Algorithm (ECDSA). However, the scheme has more computation overhead due to RSA encryption.
The DH key exchange algorithm is the most simple and commonly used key exchange algorithm. The security and effectiveness of DH key exchange depend on the difficulty of computing discrete logarithms. A secure key establishment based on Diffie-Hellman (DH) key exchange and commitment scheme for D2D communication is presented by Shen et al. (2014). The authors in the proposed network (Sedidi et al., 2016) assisted key exchange protocols for cellular D2D communication in 5G, based on DH key exchange and HMAC cryptographic function. Elliptic curve cryptography (ECC) is a competing scheme used in resource-constrained environments like ad-hoc networks. The strength of ECC relies on the complexity of elliptic curve discrete logarithms. The principal attraction towards the ECC is that it provides an equal level of security for smaller key sizes as compared to RSA and DH. For instance, to protect a 128-bit AES key, it would take a 3072-bit key for RSA and DH, whereas ECC can provide an equal level of security with a 256-bit key (Sedidi et al., 2006). The length of the key is directly proportional to the computational complexity of the protocol that results in larger overhead. In proposed mutual authentication and anonymous key distribution (AKD) scheme for smart grid has been proposed (He et al., 2016). The authors adopt ID-based PKC and Schnorr's signature for AKD. Simulation results show that AKD has less computation overhead and small verification delays. The authors (Pereira et al., 2014) use Role-Based Access control (RBAC) for authorisation and ECC (Elliptic Curve Cryptography) for the key establishment. The object has to be pre-registered with the RA (Registration Authority). The RA is responsible for generating and storing the public key for the network devices. The theoretical analysis shows its resilience against MITM attack and replay attack.

System Model, Results and Analysis
We have considered three PKC based protocols, namely RSA, Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH), for key establishment (in terms of key pair generation, key exchange and key agreement) in D2D underlay communication. The performance analysis of key establishment/exchange algorithms is based on the overhead associated with the use of computing and communication resources. The two operations, i.e., computation and communication, form the basis of most of the protocols that involve the transport of information over insecure channels. We have taken the bench-marks results of these two operations performed on an Intel Core i7-5930k CPU with 32 GB of RAM running Windows 10 Enterprise 64-bit (Liu et al., 2014). The bench-mark results for key size RSA (3072), DH (3072) and ECC (256) are shown in Table 1.
To implement the public key exchange protocol, the key size is taken as the payload length of the packet, and the computation time is implemented using self-timer delays (Amin and Biswas, 2015). We also introduced a new performance measure called key establishment delay, which is the time taken by the D2D pair to establish the symmetric key.

Simulation Setup and Scenarios
The performance of key establishment and exchange methods has been evaluated using SimuLTE in OMNET++ (El-Hamawi et al., 2014). Fig. 2 shows the simulation model for this study that depicts a network with a number of cellular and D2D users. The network consists of a single cell with each UE associated with eNB. The UE are far (50m) from eNB and close (20m) to each other. Each UE has one to one correspondence with other UE, this form a unicast D2D pair. Both UEs in D2D pair have the capability to send and receive data over the D2D link. The UEs are using UDP as their transport layer protocol. This model is representative of a network-assisted D2D communication scenario underlying cellular networks . In network-assisted D2D communication, the UE-A sends a packet to UE-B without traversing eNB in contrast to traditional two-hop communications. In spite that the eNB instructs the UE-B to listen on the same RBs (Resource Blocks) on which the UE-A is transmitting data, in network-assisted D2D communication, the eNB is involved in control information exchange but never involved in data exchange 22. The link between the D2D users is also called side link (SL) and should be distinct from uplink (UL) and downlink (DL). The SL is carved out from the UL frequency resources, where the interference is expected to be less severe. Fig. 3 shows the sequence chart for Diffie-Hellman's (DH) key exchange protocol. Alice initiates a session by sending a request to Bob. Bob accepts the request and acknowledges back. Alice generates public and private key pair of length 3072 bits using DH. The computation time required for key pair generation is 0.05 (Sedidi and Kumar, 2016) seconds and subsequently sends its public key to Bob. After receiving Alice's public key, Bob generates his own key pairs and sends his public key back to Alice. Once the public key is exchanged by both parties, the session key is established after a computation time of 0.018 seconds.

Impact of increasing D2D pairs
We have performed extensive simulations for ECC, DH and RSA in underlay D2D communication scenarios by considering no cellular equipment in the network. To ascertain the impact of an increasing number of devices on key establishment delay, we increased the number of D2D pairs from 1 to 16. As shown in Fig. 4, key establishment delays for ECC, DH, and RSA generally increase for the increasing number of pairs. For a smaller number of pairs, we observed that delay for DH and ECC exhibits the minimum difference. However, for a larger number of devices, the difference between ECC and DH increases significantly. More specifically, the difference between ECC and RSA increases from 0.131s to 0.902s when D2D pairs are increased from 1 to 16 (Alvarez et al., 2017). Interestingly, we have also observed that the difference between RSA and DH is reduced significantly for a larger number of D2D pairs. For instance, the difference between RSA and DH is reduced from 1.666s to 0.8574s as D2D pairs increase from 1 to 16 . This shows that for a higher number of D2D pairs, DH key establishment delay starts approaching that of RSA. In general, we note that ECC outperforms the DH and RSA in terms of having the least key establishment delay.

Impact of Cellular Users on Key Establishment Delay
To comprehend the effect of cellular users in the given scenario, we now present the results of average key establishment delay and the number of transmitted packets. For this analysis, the number of D2D pairs is fixed at eight while the number of cellular users is increased gradually. Fig. 5 and Fig. 6 depict the results for the increasing number of cellular users for the three key exchange protocols. The number of cellular users that communicate in the cell via eNodeB is increased from 0 to 20. The cellular users are assumed to be running VoIP applications, while D2D pairs are running key exchange algorithms for session key establishment. It can be seen from the figure that for key establishment, the average number of packets sent for DH is the largest among the three protocols, while the least number of packets has been sent for RSA. One can observe that the number of transmitted packets generally increases with an increase in the number of cellular users in the network. In terms of key establishment delay, the impact of the increased number of cellular users is shown in Fig. 6. The DH incurs the largest key establishment delay due to the higher number of packets sent by the D2D pairs (c) Fig. 7. (a). Impact of interference on average key establishment delay, Fig. 7. (b). Sent packet to lower layer, Fig. 7. (c).

Received packet from a lower layer
To assess the impact of interference and retransmissions on key establishment delay, we consider statistics of individual D2D pairs as depicted in Fig.7(a), Fig.7 ( b),and Fig.7 (c). It can be observed from Fig.7(a) that the key establishment delays for the 2 nd , 5 th , and 8 th pair are considerably higher than those of other pairs. This phenomenon can be explained by observing Fig.7 (b) and Fig.7 (c), which show the number of the MAC layer packets sent and received for all eight D2D pairs. It is evident that the number of MAC packets is much higher for the 2 nd , 5 th , and 8 th pairs, primarily retransmissions due to increased interference. The packet size significantly affects the network performance; a larger packet size will take a longer transmission time, resulting in more chance of collision at the physical layer. The key size was used as the length of the payload of the packet during our simulation. RSA and DH use 50% longer keys than ECC. When the performance of ECC, RSA and DH was analysed in a highly contended environment, we observed that the interference influenced RSA and DH more than ECC. Consequently, this resulted in ECC in minimal communication overhead and key establishment delay.

Conclusions
This work has presented the analysis of key establishment and exchange mechanisms in D2D communication scenarios based on three public-key cryptographic (PKC) techniques: RSA, DH, and ECC. The key size is directly tied to computation power; ECC uses significantly smaller keys than those required by RSA or DH yet delivers equivalent cryptographic strength. The key pair generation and agreement time of ECC are much faster than RSA and DH. Thus, ECC can save roughly 10% of computational overhead than DH and RSA. The results gathered through extensive simulations demonstrate that ECC affords minimal communication overhead and key establishment delay compared to DH and RSA. This performance is considered even more critical when the network size significantly increases, and the delay requirements need to be kept to a minimum to ensure end-users' quality of service (QoS) requirements. The results also show that the RSA has an advantage over DH in terms of communication overhead for larger network sizes. More specifically, as the number of D2D pairs in the network increases to twelve or more, the communication overhead for DH becomes higher than that for RSA and ECC. This is critical for future ultra-dense networks where hundreds of devices may simultaneously communicate with each other. The analysis conducted in this work in terms of key establishment delays and communication overhead for ECC, DH and RSA can be of critical importance for assessing the suitability of these techniques in the forthcoming 5G network incorporating the D2D communication framework. This work has focused on the key establishment in a unicast scenario. However, in a dense multiuser network, cooperative schemes can be used to minimise the delay in the key establishment procedure. Motivated by this, we intend to extend our work to exploit group key establishment in a multicast scenario. This exciting approach in a cooperative D2D environment can open new avenues for the provisioning of robust and flexible key establishment protocols in D2D networks.