uppgha: uniform privacy preservation group handover

Research ArticleUPPGHA Uniform Privacy Preservation Group HandoverAuthentication Mechanism for mMTC in LTE-A Networks

Jin Cao 1 Hui Li1 Maode Ma 2 and Fenghua Li3

1School of Cyber Engineering State Key Laboratory of Integrated Service Network Xidian University Xirsquoan China2School of Electrical and Electronic Engineering Nanyang Technological University Singapore3State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences Beijing China

Correspondence should be addressed to Jin Cao caoj897126com

Received 27 July 2017 Revised 2 January 2018 Accepted 18 January 2018 Published 28 February 2018

Academic Editor Tom Chen

Copyright copy 2018 Jin Cao et al This is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Machine Type Communication (MTC) as one of the most important wireless communication technologies in the future wirelesscommunication has become the new business growth point ofmobile communication network It is a key point to achieve seamlesshandovers within Evolved-Universal Terrestrial Radio Access Network (E-UTRAN) for massive MTC (mMTC) devices in orderto support mobility in the Long Term Evolution-Advanced (LTE-A) networks When mMTC devices simultaneously roam froma base station to a new base station the current handover mechanisms suggested by the Third-Generation Partnership Project(3GPP) require several handover signaling interactions which could cause the signaling load over the access network and thecore network Besides several distinct handover procedures are proposed for different mobility scenarios which will increase thesystem complexity In this paper we propose a simple and secure uniform group-based handover authentication scheme formMTCdevices based on the multisignature and aggregate message authentication code (AMAC) techniques which is to fit in with all ofthe mobility scenarios in the LTE-A networks Compared with the current 3GPP standards our scheme can achieve a simpleauthentication process with robust security protection including privacy preservation and thus avoid signaling congestion Thecorrectness of the proposed group handover authentication protocol is formally proved in the Canetti-Krawczyk (CK) model andverified based on the AVISPA and SPAN

1 Introduction

Machine Type Communication (MTC) also known asMachine toMachine (M2M) can realize intelligent and inter-active seamless connection among people machine and sys-tem via wireless communication technologies The purposeof the MTC technology is to enable all of machineries andequipment networking and communication ability which isa main way of the Internet of Things (IoT) applicationsThe MTC technology has been commercialized in EuropeSouth Korea Japan and so on which are mainly usedin security monitoring mechanical services and mainte-nance business public transport system fleet managementindustrial automation city information and so on With awidely range of potential applications [1] it has been activelydeveloped and enhanced by many standards forums andorganizations including IEEE ETSI 3GPP and 3GPP2 In

particular 3GPP is becoming increasingly active in this areawith several work items defined onMTC especially for LongTerm Evolution Release 10 named as LTE-Advanced (LTE-A)[2]

Compared with other wireless networks the LTE-Anetwork has a higher capacity and lower transmission delayand thus can provide higher data rate and better coverageand extensibility for the real-time mobile MTC applicationsTherefore the LTE-A network can be served as an idealplatform for the MTC technology to provide strong supportfor the development of MTC However the emergence ofMTC technology has brought new challenges for the LTE-Anetwork Different from traditionalHuman toHuman (H2H)terminals the MTC devices (MDs) will lead to a variety ofdifferent requirements including lower energy consumptionand better security due to its characteristics of unsupervisedIn addition the number ofMTCdevices is rapidly increasing

HindawiSecurity and Communication NetworksVolume 2018 Article ID 6854612 16 pageshttpsdoiorg10115520186854612

2 Security and Communication Networks

MTC market analysis forecasts 50 billion machines areexpected to use wired or wireless communication technolo-gies by the year 2020 [3] Moreover the analysis results showthat the number of MDs is connected to a single base stationin 2020 to be anywhere from 10000 to 100000 [4] Thereforeit will bring huge loads on wireless access networks and LTE-A core network [5] when sea of MDs concurrently connectsto the LTE-A network It is particularly acute when a largenumber of MDs simultaneously move away from the currentbase station to a new base station For example for a largenumber of goods transported on a freight train some relevantsensor devices could be deployed in each car of goods tomonitor the states of the goods in the transportation A largenumber of surveillance cameras temperature and humiditysensors and smoke detectors could also be deployed onthe train to perform different functions A large number ofmonitoring and sensor terminals equipped with the peopleand vehicles participated in marathon cycling car rallygame and so on are used to track the body functionsthe performance of the vehicles and so on These devicesneed to support the real-time communication between theside of the road other vehicles or remote servers In thismobility scenario frequent handover signaling interactionnot only causes the signaling load on the access networkand core network but also increases the terminal energyconsumption The current handover methods suggested bythe 3GPP committee require each MD independently toexecute the same handover authentication process as thecommon User Equipment (UE) [6] which results in severalsecurity vulnerabilities described as follows

(i) The current handover mechanisms need severalrounds of signaling interaction [7 8] and complexhandover key management mechanism [9ndash11] whichare not suitable for a group of energy limited MDs toachieve seamless handovers in mobility scenarios

(ii) Owing to the support of many new types of basestations such as Home eNodeB (HeNB) eNB andRelay Nodes (RNs) 3GPP committee [7 8] hasaddressed distinct handover procedures for differentscenarios such as the handovers between eNBsbetween HeNBs between a HeNB and an eNB andthe inter-MME handovers when the base stations aremanaged by different MMEs which will increase theoverall system complexity

(iii) Since some base stations such as HeNB and RNs canbe easily owned by third parties a robust mutualauthentication between MDs and base stations isrequired in handover process to withstand severalprotocol attacks such as impersonation attacks Man-in-the-Middle (MitM) attacks and replay attacks [12ndash15]

(iv) Due to lack of user identity and location privacypreservation an attacker can easily trace a spe-cial MDrsquos movement locus Therefore a fast andsecure privacy preservation handover authenticationscheme for a large number of MDs is required toensure the continuity ofMTCapplications in the LTE-A networks

In this paper taking the advantage of the novelmultisignature and AMAC techniques we propose a newuniform privacy preservation group handover authenticationprotocol for mMTC within E-UTRAN in LTE-A networks(UPPGHA) which can be applied to all of mobility scenariosin LTE-A networks Compared with the current 3GPPstandards and other related schemes our scheme can notonly largely reduce the signaling cost and thus avoid networkcongestions but also provide robust security and privacyprotection By the scheme a mass of MDs is initialized toform a MTC group and choose a group leader [16] Whenthe MTC group moves to the coverage of the target eNB(eNB2) the eNB2 can simultaneously authenticate the MTCgroup by checking the multisignature and AMAC generatedby the group leader on behalf of all the group members andderives a distinct session key for each MD

Our contributionsmade in this paper can be summarizedup as follows

(1) We proposed a simple handover authentication pro-cess to achieve mutual authentication and key agree-ment between multiple MDs and the target eNBsimultaneously

(2) By our solution the network congestion incurred byfrequent handover for mass of MDs can be avoided inthe LTE-A networks

(3) The proposed scheme not only has been formallyvalidated by both the CK model and the formalverification tool AVISPA and SPAN to show its secu-rity against various malicious attacks but also canprovide robust security protection including privacypreservation and traceability

Compared with the conference version [17] which merelyprovidesmutual authentications and key agreements betweenmMTC devices and eNB and does not give the detailed secu-rity analysis and performance evaluation we not only identifya few distinctive security requirements in group handoverauthentication protocol and achieve the identity privacypreservation and traceability in new design but also formallyverify the proposed new protocol by employing the CKmodel and formal verification tool AVISPA and SPAN andanalyze in detail the performance of our proposed protocolcompared with the newest works in terms of signaling costcommunication cost and computational cost In addition westill give the performance analysis under unknown attacksand point out that our new scheme outperforms otherschemes even if there are some unknown attacks

The reminder of this paper is organized as follows InSections 2 and 3 we review the related work and introducethe MTC network architecture respectively In Section 4 theproposed scheme is presented in detail The security analysisand the performance evaluation on our scheme are presentedin Sections 5 and 6 Finally we drew the conclusion of thepaper in Section 7

2 Related Works

Until now there are only few research works on the handoverauthentication process for a large number of devices in

Security and Communication Networks 3

eNB

MTCdevice

HeNB EPC MTCserver

eNBPDN-GW

MTCserver

RN

MTCdevice eNB MMES-

GWHSS

MTCdevice

MTCdevice

MTCdevice

MTCdevice

LTE-Uu

LTE-Uu

LTE-Uu

LTE-Uu

S1

S1

S1

X2

X2

X2

S1

Figure 1 MTC network architecture

wireless networks [18ndash21] 3GPP TR 33868 [6] has proposeda MD grouping method for congestion avoidance By thismethod a huge number of MDs can construct a MTC groupto handle easily It is very suitable formass ofMDs inmobilityscenarios in the LTE-A networks However it is only appliedto the communications between MDs and the MTC serverwithout consideration of handover security in the current3GPP standard

Fu et al [18] have proposed a new group-based handoverauthentication scheme with privacy protection in the mobileWiMAX network By the scheme a lot of UEs can form ahandover group By performing a handover authenticationprocess the target base station (TBS) acquires all the detailsof the handover group memberrsquos security context from theserving base stations (SBS) when the first UE of the samehandover groupmoves to the TBSThen the TBS can directlyauthenticate the rest of the UEs in the same handover groupwithout the Extensible Authentication Protocol (EAP) andSecurity Context Transfer phases Thus the scheme canreduce the handover signaling cost in the mobile WiMAXnetworks However the scheme in [18] incurs the authenti-cation traffic between BSs which is not fit in with the LTE-Anetworks due to the lack of direct interface between the eNBsand the HeNBs in the intra-MME handover and inter-MMEhandover processes

Lai et al [19] have proposed a secure and efficient grouproaming scheme for MTC between 3GPP and WiMAXnetworks By adopting the certificateless aggregate signaturetechnique the MMEASN-GW can simultaneously trust alarge number of MDs in the handover process and obtainsan independent session key with each MDThus the schemecan largely reduce the signaling cost and provide robustsecurity protection However it is designed for 3GPP-WiMAX interworking architecture which is not feasible forthe LTE-A network In addition the scheme brings a lot ofcomputational costs due to the pairing operations

For inter-E-UTRAN group mobility the group-basedanonymity handover authentication scheme is proposed in[20] By the scheme in [20] when the first MTC device in the

MTC handover group leaves from the current eNB to the tar-get eNB the current eNB or the currentMME transmits all ofthe handover group membersrsquo security contexts to the targeteNB or the MME controlling the target eNBThen the targeteNB can authenticate the rest of theMTC devices in theMTChandover group locally However this scheme still incurs alot of signaling cost and communication cost and inherits thevulnerabilities of security context transfer (SCT)mechanismIn addition it cannot achieve the mutual authentication andthe traceability of MDs Subsequently Kong et al presenta secure handover session key management mechanism fora group on-board UEs via mobile relay in LTE-A networks[21] By the scheme in [21] each on-board UE generatesthe session key with the connected Donor eNB (DeNB)and sends the encrypted session key by using the MMErsquospublic key to the mobile relay node (MRN) Then the MRNemploys the proxy reencryption mechanism to reencrypt theencrypted session key and sends the reencrypted result to theDeNB Finally the DeNB decrypts the session key with itsprivate key without contacting the MME This scheme canachieve forward and backward key separations andwithstandcollusion between the MRN and the DeNB However itbrings a lot of computational costs due to the use of pairingoperations and cannot achieve the mutual authenticationbetween the MRN and the DeNB

3 Preliminary

31 MTC Network Architecture As shown in Figure 1 alarge number of MDs can communicate with the MTCserver via the LTE-A network domain in the MTC networkarchitecture The LTE-A network allows the following twotypes of connections to the MTC server(s) the MTC serverlocated within the operator domain with the control by theLTE-A network and the MTC server outside the operatordomain without the control by the LTE-A network TheLTE-A network domain consists of the Evolved-UniversalTerrestrial Radio Access Network (E-UTRAN) and EvolvedPacket Core (EPC) The EPC is comprised of a MME and a


ServingGateway (SGW) and a Packet DataNetworkGateway(PDN GW) together with a Home Subscriber Server (HSS)The E-UTRAN consists of several types of base stationsincluding eNodeB (eNB) Home eNodeB (HeNB) and RelayNode (RN) HeNB is a low-power access point and is typicallyinstalled by a subscriber in the residence or a small officeto improve the indoor coverage It can connect to the EPCwith S1 interface over the Internet via a broadband backhaulEach eNB or HeNB can communicate with another withan X2 interface and can access to the MMEsS-GWs witha S1 interface E-UTRAN also supports relaying by havinga Relay Node (RN) wirelessly connect to an eNB servingthe RN known as Donor eNB (DeNB) The DeNB providesX2 and S1 proxy functionality between the RN and othereNBs or MMES-GWs respectively Similar to the commonUE there are mainly three different mobility scenarios whena large number of MDs move from a HeNBRNeNB to anew HeNBRNeNB including the handovers between twoMMEs (called inter-MMEhandover) the handovers betweenan eNBRNHeNB and another base station both of whichare managed by the same MME without an X2 interface(called intra-MME handover) and the handovers betweenan eNBRNHeNB and another base station with an X2interface (called X2-based handover) [7 8] Since the currenthandover mechanisms suggested by 3GPP committee [7 8]need several signaling interactions they result in the severesignaling congestions in the E-UTRAN and the EPC when ahuge number ofMDs handover to the new eNB concurrentlyIn addition different mobility scenarios need to execute thedistinct handover processes which may increase the overallsystem complexity

32 Multisignature and Aggregate Message AuthenticationCode In 1983 the multisignature scheme was firstly pro-posed by Itakura andNakamura [22] in which a lot of signerscan cooperate to sign the same message and any verifier canverify the validity of themultisignature SubsequentlyHwangand Lee [23] proposed a novel ElGamal-like multisignaturescheme using self-certified public keys By this scheme theself-certified approach has been adopted to provide moresecrecy against the active and impersonation attacks com-pared with identity-based and certificate-based approachThe analysis result shows that the scheme [23] can providerobust security protection with ideal efficiency

Katz and Lindell [24] firstly proposed the notion ofaggregate message authentication codes (AMACs) in whichmultipleMAC tags generated by different senders onmultipledifferent messages can be aggregated into a shorter tag andonly the recipient who shares a distinct key with each sendercan verify the validity of the aggregate tag

33 Canetti-Krawczyk (CK) Model The CK model is afamous model for proving the security of authentication andkey agreement protocols [25] It captures a large class ofpractical attacks and desirable security properties such asthe impersonation attack and man-in-the-middle attack InCK model there is an adversaryA who has been completelycontrolled over the network and tries to break the privacyof the session key or the authentication of the players The

security of the protocol in CK model is completed by a gamebetween theA and the userA can get access to the sessionsand interact with themvia the queriesThere are the followingqueries thatA can perform

(i) Corrupt (119880)A can get the private key of a user usingthis query

(ii) Session key reveal (119880119894 119880119895) this query returns thesession key between 119880119894 and 119880119895

(iii) Session state reveal (119880119894 119880119895) this query returns allthe internal state information of 119880119894 associated with aparticular session 119904 with 119880119895

(iv) Hash (119909) given a value119909 to this query a randomvalueis output All of the queries and the answers of Hashare stored in a list

(v) Test (119880119894) this query aims at capturing the privacyof the session key After several queries A shouldchoose a session as the test session The query isanswered as follows one flips a coin 119887 if 119887 = 1 itoutputs the session key to A if 119887 = 0 it outputs arandom value to A This query can be issued onlyto a session where the session key session state andcorrupt queries have not been requested and it can beissued only once

In order to simplify the construction and proof of keyagreement protocols two adversarial models are definedin CK model the unauthenticated adversarial model (UM)and the authenticated adversarial model (AM) The UMcorresponds to the real world where the adversary completelycontrols the network in use and may modify or createmessages from any party to any other party The AM is anideal version of the UM where the adversary can choosewhether or not to deliver a message but if a message isdelivered it must have been created by the honest userswithout alteration In this way authentication mechanismscan be separated fromkey agreementmechanisms by provingthe key agreement secure in the AM and then applying anauthenticator to the key agreement messages so that the newprotocol is secure in the UM

Definition 1 A key agreement protocol 120587 is called SK-secureif the following properties are hold for any adversary Ain the AM (1) protocol 120587 satisfies the property that if twouncorrupted parties complete matching sessions and thenboth of them output the same key (2) the probability thatAcorrectly guesses the bit 119887 is nomore than 12 plus a negligiblefraction in the security parameter

Theorem 2 Let 120587 be a SK-secure key agreement protocol inthe AM and let 119862 be a secure authenticator which translatesmessages in the AM into messages in the UMThen 1205871015840 = 119862(120587)is a SK-secure key agreement protocol in the UM [25]

4 Proposed Scheme UPPGHA

Before the proposed scheme is described we firstly give somebasic assumptions for our scheme We consider the MTCmobility scenarios such as a large number of surveillance


Table 1 Definition of notations of our scheme

Notation Definition119901 119902 Two 119896-bit primes119892 A generator with the maximal order in 119885lowast119873119867() A secure hash function119867 0 1lowast rarr 119885lowast1198731198671() A secure hash function1198671 119885lowast119873 times 119885lowast119873 rarr 119885lowast119873ID119894TID119894 Node 119894rsquos private identity and temporal identity119889PK Privatepublic key of KGC 119890 times 119889 equiv 1 mod 120601(119873) and PK = (119873 119890)GIDTGIDGPK MTC grouprsquos group identitytemporal

group identitygroup temporal public keySK119894PK119894 Privatepublic key of node 119894RN119894 119903119894 Random number119870ASME119894 Session key between node 119894 and HSSMME(sdot)119870ASME119894

Encrypted results using119870ASME119894

119870119894 Session key between node 119894 and eNB2

cameras temperature and humidity sensors and smokedetectors are deployed on the train to perform differentfunctions where massive of MDs travel through the sameeNBs at the same train or vehicles and can form a MTCgroup in device initialization process MDs support multiplecommunication technologies both mobile broadband tech-nology such as mobile WiMAX and WCDMALTELTE-Aand local area networking technology including BluetoothZigBee and UWB and other coming technologies such aspower line communications (PLC) [26] Due to the meritsof low power high capacity broadcast and robust securityZigBee technology has been widely used in IoTs or sensornetworks In this paper it is assumed that MDs support boththe LTE-A and ZigBee communication

In this section we propose a new uniform privacypreservation group handover authentication mechanism(UPPGHA) when the MTC group moves from the sourceeNBRNHeNB to the target eNBRNHeNB By our schemethe HeNBs the eNBs and the RNs are collectively referred toas the eNBs In fact the proposed scheme is to achieve thefollowing four security goals

(1) Mutual authentication to mutually authenticate theMTC group and the target eNB simultaneously after ahandover with low signaling cost and communicationcost

(2) Session key agreement to derive a secure session keybetween each MD in the MTC group and the targeteNB respectively after the successful authentication

(3) Identity privacy preservation to achieve MDrsquo identityand location anonymity and unlinkability in grouphandover authentication process User anonymitymeans that the identities of MDs and the groupidentity should be hidden and the attacker cannotdisclose real identities of MDs even if the eNB hasbeen compromised Unlinkability means that evenif several different communication session messagesbetween the same MD and eNB have been collectedthe MD should still not be traceable and linkable

(4) Traceability to reveal the MDrsquos real identity and tracetheMD by the HSS under the controversial scenarios

Our scheme starts with the initial authentication phasefor preparing a handoverThen theMTCgroup and the targeteNB implement the uniform privacy preservation grouphandover authentication phase to achieve the above fourgoals In the uniform privacy preservation group handoverauthentication phase the target eNB can authenticate thewhole MTC group simultaneously based on the novel tech-niquesmultisignature and aggregatemessage authenticationcode (AMAC) The specific process is described in detailas follows The notations used in the scheme are defined inTable 1

41 Initial Authentication Phase In this phase a MTC groupwill be constructed by a mass of MTC devices (MDs) andan identity of the MTC group GID will be embedded intoMDs in the device initialization process according to thespecification made by 3GPP committee [16] The same MTCgroup will exist in the same area andor have the sameMTC features andor belong to the same MTC user A groupleader of the group MDleader will be also chosen in deviceinitialization process based on the communication capabilitycommunication link quality storage status and battery statusof each MD When each MD in the MTC group registers tothe network it performs an initial full authentication processwith a MME and HSS and then obtains its private key andself-verified public key from Key Generate Center (KGC)The eNBs have the same function as the MDs to obtain theseprivate keys and self-verified public keys after expirationtime The KGC can be integrated with the HSS which haspreestablished secure channels with the HSS by using thenetwork domain security (NDS)IP [27] This phase can bedescribed as follows Here KGC computes 119873 = 119901119902 where 119901and 119902 are two random secret prime integers and constructsthe key pair (119890 119889) satisfying 119890 times 119889 equiv 1 mod 120601(119873) Then itselects a generator 119892 with the maximal order in the 119885lowast119873 andtwo Hash functions 119867 0 1lowast rarr 119885lowast119873 and 1198671 119885lowast119873 times 119885lowast119873 rarr119885lowast119873 Finally it publishes the master public key PK = (119873 119890)


Table 2 Identity list for MTC group

Group ID Grouptemporal ID

Group temporalpublic key

Group member IDgroup member temporal IDIDMD1 sdot sdot sdot IDMD119899

GID

TGID1RN1 GPK1 TID1MD1RN1MD1 sdot sdot sdot TID1MD119899RN1MD119899TGID2RN2 GPK2 TID2MD1RN2MD1 sdot sdot sdot TID2MD119899RN2MD119899

TGID119898RN119898 GPK119898 TID119898MD1RN119898MD1 sdot sdot sdot TID119898MD119899RN119898MD119899

and the system parameters (1198671198671) and keeps the mastersecret key 119889 secret

Let MD1 MD119899 be the MTC group members eachMD119894 executes the following procedure when it first registersto the network

411 MD119894 rarr HSSKGC (IDMD119894 GID119883119894)119870ASME119894 It is assumed

that the Evolved Packet System Authentication and KeyAgreement (EPS-AKA) [9] is implemented in the initialfull authentication process After the AKA according to thescheme in [23] MD119894 chooses a random number 119909119894 isin 119885119873 ashis secret key SKMD119894 = 119909119894 and computes 119883119894 = 119892minus119909119894 mod 119873Then it sends the privatepublic key request message withits identity IDMD119894 group ID GID and 119883119894 encrypted by thesession key 119870ASME119894 between MD119894 and the HSSKGC to theHSSKGC via the MME Here the session key 119870ASME119894 isderived between MD119894 and the HSSKGC after the AKA

412HSSKGC rarr MD119894 (GPK119895TGID119895TID119895MD119894119895=1sdotsdotsdot119898)119870ASME119894

After the receipt of the privatepublic key request messagefrom each MD119894 the HSSKGC executes the following oper-ations for MD119894

(1) Choose 119898 random numbers RN119895119895=1sdotsdotsdot119898 and thencalculate a set of unlinkable temporal group identitiesTGID119895 = GID oplus 119867(RN119895119889) when the first MD in theMTC group registers to the network

(2) Choose 119898 random numbers RN119895MD119894119895=1sdotsdotsdot119898 and thencalculate a set of unlinkable temporal identitiesTID119895MD119894 = IDMD119894 oplus 119867((RN119895MD119894)119889 TGID119895)119895=1sdotsdotsdot119898 forMD119894

(3) Calculate PK119895MD119894 = (119883119867(119883119894)119894 minus TID119895MD119894)119889 mod 119873 (119895 =1 sdot sdot sdot 119898) as MD119894rsquos temporal public keys

(4) When all of the privatepublic key request messagesfrom all individualsMD119894 in theMTCgroup have beenreceived the HSSKGC computes the set of grouptemporal public key GPK119895 = ((prod119899119894=1119883RN119895sdot119867(119883119894)

119894 ) minusTGID119895)119889 mod 119873 for each temporal group identity(TGID119895) Then the (GPK119895TGID119895TID119895MD119894119895=1sdotsdotsdot119898)encrypted by the 119870ASME119894 is sent to each MD119894 Inaddition the HSSKGC establishes and stores anidentity list for MTC group as shown in Table 2 in itsdatabase

Each eNB executes the same procedure as that of theMD119894 in the initial full authentication phase unavoidable

After the eNB is verified successfully the eNB chooses arandom key 119909eNB isin 119885119873 as his secret key SKeNB = 119909eNBand computes 119883eNB = 119892minus119909eNB mod 119873 and then sendsIDeNB 119883eNB to the HSSKGC which are encapsulated in thelast message of Internet Key Exchange Protocol Version 1(IKEv1) or IKEv2-based [27] device authentication and sentto the corresponding eNB securely After the receipt of themessage including IDeNB and119883eNB theHSSKGCderives theeNBrsquos public key PKeNB = (119883119867(119883eNB)

eNB minus IDeNB)119889 mod 119873 andsends it to the eNB securely

In our proposed scheme all of public keys in our pro-posed scheme are generated and maintained by HSSKGCOnce the suspicion of the validity of the public key MDor eNB can directly send the public key verification requestmessage to the HSSKGC to request to determine the validityof the public key

42 Uniform Privacy Preservation Group Handover Authenti-cation Phase In this phase the group handover authentica-tion for all of MDs in the MTC group is accomplished whenthe MTC group moves away from the source eNB (eNB1) tothe target eNB (eNB2) simultaneously In order to ensure thatthe whole MTC group securely hands over to the same eNB2we take the advantage of the multisignature scheme [23] andthe AMAC scheme [24] to achieve the mutual authenticationand key agreement between the MTC group and the eNB2As shown in Figure 2 it works as follows Here let TID119895119879 =⟨TID119895MD1 TID

119895MD119899⟩

Step 1 When the MTC group moves into the coverage of theeNB2 each MD119894 executes the following procedure

(1) Choose a random number 119903119894 isin 119885lowast119873 and compute 119877119894 =119892119903119894 mod 119873 then pick an unused temporal identityTID119895MD119894 and corresponding temporal group identityGTID119895 and broadcast 119877119894 TID119895MD119894 and TGID119895 toother 119899 minus 1 MDs in the MTC group including thegroup leader (MDleader) Note that this step can bepreexecuted before the MTC group hands off to theeNB2

(2) Upon the receipt of all of 119877119895 from other 119899 minus 1 MDscompute 119877119879 = prod119899119895=1119877119895 and 119862 = 119867(119877119879 TID119895119879 TGID119895 NAIeNB2) then calculate 119878119894 = 119903119894 + SKMD119894 timesRN119895 times 119867(119883119894) times 119862 and send (TID119895MD119894 TGID119895NAIeNB2 119877119894 119878119894) to the MDleader where NAIeNB2 isNetwork Access Identifier of eNB2


Choose ri isin ZlowastN ＝ＩＧＪＯＮ Ri = gr

SＨ＞ Ri Ｈ＞Ｌ＝ＣＰ Rj (j = i)

CＩＧＪＯＮ RT = prodnj=1Rj

C = H(RT ４）＄jT ４）＄j ）2

)Si = ri + ３＋－＄

times ２j times H(Xi) times C

(1) ４）＄j－＄

４）＄j ）2 Ri Si

S－＄ = sumnj=1Sj

(2) R1 Rn ４）＄jT ４）＄J ）2

S－＄０＋j


C = H(RT ４）＄jT ４）＄j ）2

)

VＬＣＳ gS－＄ times (０＋ej + ４）＄j)

Cequiv RT

CＢＩＩＭ r2isin Zlowast

N ＝ＩＧＪＯＮ R2= gr2

S2= r2

+ ３＋2times H(X2

) times H(R2 ）＄2

)

K－＄= R

r2i (i = 1 middot middot middot n)

(3) R2 ）＄2

S2 ０＋2

(4) R2 ）＄2

S2 ０＋2

VＬＣＳ gS2 times (０＋e

2+ ）＄2

)H(R2

）＄2)

equiv R2

CＩＧＪＯＮ K－＄Ｃ= －i = H1(K－＄

Ri)(5) －i

－ = －1 oplus －2 middot middot middot oplusoplus －n

(6) －

(7)VＬＣＳ－

CＩＧＪＯＮ

－＄1 middot middot middot －＄n －＄Ｆ＞Ｌ 2

ＧＩ＞ N

ＧＩ＞ N

Rr2

Figure 2 Uniform privacy preservation group handover authentication phase

Step 2 Upon the receipt of all of (TID119895MD119894 TGID119895NAIeNB2 119877119894 119878119894) the MDleader computes 119878MD = sum119899119895=1 119878119895and sends the authentication request message with (1198771 119877119899TID119895119879TGID119895NAIeNB2 119878MDGPK119895) to the eNB2Step 3 Upon the receipt of the authentication request mes-sage from the MDleader the eNB2 works as follows

(1) Check if NAIeNB2 is valid and then verify 119892119878MD times(GPK119890119895 + TGID119895)119862 equiv 119877119879 by computing 119877119879 = prod119899119895=1119877119895and 119862 = 1198671(119877119879 TID119895119879 TGID119895 NAIeNB2)If the verification succeeds the eNB2 authenticatesthe whole MTC group and jumps to (2) Otherwiseit sends an authentication failure message to theMDleader

(2) Choose a new random number 119903eNB2 isin 119885lowast119873 andcompute 119877eNB2 = 119892119903eNB2 mod 119873 and then calculate119878eNB2 = 119903eNB2 + SKeNB2 times 119867(119883eNB2) times 119867(119877eNB2 IDeNB2)

(3) Send the authentication response message with(119877eNB2 IDeNB2 119878eNB2 PKeNB2) to the MDleader Thencompute the session key 119870MD119894 = 119867(119877119903eNB2

119894 ) for eachMD119894 in the MTC group to guarantee the subsequentcommunication

Step 4 After the authentication response message from theeNB2 the MDleader broadcasts this message to other MDs inthe MTC group

Step 5 Upon the receipt of the message from the MDleadereach MD119894 executes the following process

(1) Check 119892119878eNB2 times (PK119890eNB2 + IDeNB2)119867(119877eNB2 IDeNB2 ) equiv119877eNB2 If the verification succeeds the MD119894 truststhe eNB2 and jumps to (2) Otherwise it sends anauthentication failure message to the eNB2 via theMDleader

(2) Compute the session key 119870MD119894 = 119867(119877119903119894eNB2) andMAC119894 = 1198671(119870MD119894 119877119894)

(3) Finally send the MAC119894 to the MDleader to confirm the119870MD119894 agreement

Step 6 Upon the receipt of all ofMAC119894 from theMTC groupthe MDleader derives MAC = MAC1 oplus MAC2 oplus sdot sdot sdot oplus MAC119899and sends it to eNB2

Step 7 After the receiving the MAC the eNB2 verifiesMAC If the verification succeeds the eNB2 confirms 119870MD119894agreement with each MD119894

43 Identity Tracking Phase In order to track the MTCgroup after the eNB2 trusts the MTC group it transmits thetemporal identities TID1015840119895MD119894119894=1sdotsdotsdot119899 and the temporal groupidentity TGID1015840119895 to the HSSKGC via the MME Upon thereceipt of the message the HSSKGC searches its databaseto find the corresponding RN119895 and executes the following


operations to obtain the real group identity of the MTCgroup

TGID1015840119895 oplus 119867(RN119895119889) = GID oplus 119867(RN119895119889) oplus 119867(RN119895119889)= GID

(1)

Once the GID has been derived the MTC group will betracked and determined by the HSSKGC If the HSSKGCneeds to further know real identity of each MD in the MTCgroup it can find related RN119895MD119894 and calculate

TID1015840119895MD119894 oplus 119867(TGID1015840119895 (RN119895MD119894)119889)

= IDMD119894 oplus 119867(TGID1015840119895 (RN119895MD119894)119889)

oplus 119867(TGID1015840119895 (RN119895MD119894)119889) = IDMD119894

(2)

5 Security Evaluation

In this section the formal security analysis in CK model andthe formal verification tool AVISPA and SPAN are conductedto show that our proposed protocols can work correctly toachieve robust security properties

51 Security Analysis

Multi-Decisional Diffie-Hellman (M-DDH) Problem [28]Define a Multi-Diffie-Hellman (M-DH) and a RandomMulti-Diffie-Hellman (RM-DH) distributions of size 119899 asM-DH119899 = (119892119909119894) 119892119909119894119909119895 | 1199091 119909119899isin119877119885119902 and RM-DH119899 =(119892119909119894) 119892119903119895119896 | 119909119894 119903119895119896isin119877119885119902 1 le 119895 le 119896 le 119899 An polynomialtime adversary cannot distinguish whether a tuple is fromM-DH119899 or from RM-DH119899 with a probability higher than anegligible value

Our scheme satisfies the following security properties

Mutual Authentication and Key Agreement in CK Model Inour proposed UPPGHA the HSSKGC can ensure a mutualauthentication between the MTC group and the eNB2 basedon the technique of multisignature and ElGamal signatureTo be authenticated by the eNB2 each MD in the MTCgroup generates the signature 119878119894 by using its private keyand then the multisignature is obtained by summing all thesignatures from theMTC group which will be verified by theuse of the self-verified group public keyGPK generated by theHSS and the HSSrsquos private key After performing the mutualauthentication each MD and eNB2 negotiate a distinctsession key using the DH algorithm based on the DiscreteLogarithm Problem (DLP) to protect the communicationover air interface between the eNB2 and each MD in theMTC group Moreover the AMAC technique is applied toguarantee the session key agreement between each MD andeNB2

Actually as shown in the UPPGHA our trick is employ-ing a signature scheme to authenticate the random value119877119894 = 119892119903119894 and 119877eNB2 = 119892119903eNB2 Then employing this signature(authenticator) we can transform a protocol which is SK-secure in the AM into a protocol which is SK-secure in

the UM Based on this idea we divide the proof of theauthentication and key agreement into two parts Firstly weprove that the adversary in the AM cannot correctly guessthe bit 119887 in the test session with the property nomore than 12plus a negligible fraction Secondly we use a secure signature-based authenticator to transform the protocol in the AM to asecure protocol in UM

Theorem 3 TheUPPGHA protocol without a signature-basedauthenticator is SK-secure in the AM provided that M-DDHproblem is hard and119867 is a random oracle

Proof In the AM each MD119894 sends its random value 119877119894 = 119892119903119894to the MDleader and then the MDleader transmits these 119877119894 tothe eNB2 Then eNB2 send a random value 119877eNB2 to eachMD After that the session key between eNB2 and each MD119894is computed as119870 = 119867(119892119903119894119903eNB2 ) We assume that a polynomialtime adversary A can guess the output of a test sessionquery with a nonnegligible advantage 120576 in the AM (correctlycomputed the session key) that is Pr[A succeeds] = 12 + 120576then we can solve the M-DDH problem

We simulate the protocol for the adversary and make useofA to solve the M-DDH problem Suppose there are 119899MDsand an eNB2 in the communication and the 119904th session ofMDs and eNB2 are expressed asΠ119904MD119894 eNB2 andΠ119904eNB2 MD119894 Wecan answer all of the queries asked byA since we initialize allof the participants The proof is in the random oracle modelwhich means the output of the Hash function is randomIn the simulation all of the Hash value must be obtainedfrom a Hash query So if A can win the game and correctlyguess the bit 119887 in the test session he needs to compute thesession key between MD119894 and eNB2 and ask the Hash querywith these values (119870 = 119867(119892119903119894119903eNB2 )) Firstly we exclude thecollisions on the transcripts ((119877119894 = 119892119903119894 119877eNB2 = 119892119903eNB2 ))since if a collision occursA can get the session by the corruptquery According to the birthday paradox we can bound theprobability by 1199022119904 2119897 where 1199022119904 denotes the number of sessionsand 119897 is the security parameter We then continue to simulatethe protocol We choose a bit 119887 if 119887 = 1 we choose atuple (119892119909119894 119892119909119894119909119895) from M-DH set Otherwise we randomlychoose a tuple (119892119909119894 119892119903119895119896) from RM-DH set Then we chooseone session as the test session and imbed these 119892119909119894 into theprotocol instead of the values inΠ119904MD119894 eNB andΠ119904eNBMD119894 IfAperforms the test query then a value chosen from M-DH orRM-DH will be returned Suppose that the test session A isexactly the session we chose the probability of this event is11199022119904 As aforementioned if A succeeds in guessing 119887 in thetest session and then he must have computed the DH value119892119909119894119909119895 from 119892119909119894 and 119892119909119895 In such case we can solve theM-DDHproblem either So the probability of solving the M-DDH is(1(1199022119904 sdot 119902ℎ)) sdot Pr[A succeeds] where 119902ℎ denotes the numberof the Hash queries (we need to check which Hash query Awas asked in the test session from one of 119902ℎ queries) Actuallyas we know the probability of solving M-DDH problem is anegligible value [28] Here we denote this probability as 120576Thenwe can obtain sdotPr[A succeeds] le 12+1199022119904 2119897+120576(1199022119904 sdot119902ℎ)where 1199022119904 2119897 + 120576(1199022119904 sdot 119902ℎ) is a negligible value So we concludeTheorem 3


The security of the UPPGHA protocol in the AM isproved then we show the signature-based authenticatoris a secure authenticator As shown in [23] the signaturescheme we used is based on factorization (FAC) and discretelogarithm (DL) assumptions Under the integer factorizationand DL assumptions the signature proposed in [23] is asecure signature So using this authenticator we can concludethat the proposed protocol is SK-secure in the UM

Replay Attack Resistance Our proposed UPPGHA can with-stand the replay attack by the use of the random numbers(119903119894 and 119903eNB2) Whenever the MTC group moves into thecoverage of the eNB2 both of the random numbers areupdated on each MD and the eNB2 Thus all session keys arefreshly obtained based on these values to resist against thistype of attacks

Impersonation Attack and Man-in-the-Middle (MitM) AttackResistance Since the session keys are established based onthe DH problem by our scheme a MitM adversary could notderive the session keys by the use of the public values from thecommunication channel between each MD119894 and the eNB2 Itis infeasible to forge a valid multisignature and an ElGamalsignature to deceive eNB2 or each MD119894 without the secretkeys of eNB2 or each MD119894 Therefore our scheme can not beexposed to the impersonation attacks Furthermore takingthe advantage of the multisignature all of MDs in the MTCgroup sign the same message including the same temporalgroup identity TGID and all of group memberrsquos temporalidentities and the MDleader can validate the signatures fromthe group members Thus other legal MDs who do notbelong the MTC group can not masquerade the MTC groupmembers to deceive the eNB2 or the EPC by signing the samemessage

Insider Attack and DoS Attack Resistance By our proposedUPPGHA each MD in the MTC group derives a distinctsession keywith the eNB2Without the correct secret randomvalues 119903119894 of the MD119894 any other MDs in the MTC group cannot obtain the legal session key 119870MD119894 of the MD119894 and thuscan not masquerade the MD119894 to deceive the eNB2 or theEPC Therefore our scheme can defend the insider attackby the MTC group members In addition the MDleader canauthenticate each MD119894 by verifying the signature 119878119894 for thesamemessage fromMD119894 and thus any attacker can not makeDoS attacks to the eNB and the EPC by computing a lot ofinvalid signatures

Identity Privacy Preservation By our proposed UPPGHA theset of temporal identities of a MD temporal group identitiesand temporal group public keys are derived instead of thereal identities and transmitted securely to each MD in initialfull authentication phase Since the temporal identity of eachMD and the temporal group identity are generated by usingthe unknown random number any attacker or eNBs cannotreveal the MDrsquos real identity and real group identity Inaddition a new temporal identity of each MD and a newtemporal group identity are selected and used in each grouphandover authentication process any adversary cannot link

the temporal identities by eavesdropping the communicationchannel between theMTCgroup and eNB2 Furthermore thetemporal group public key GPK119895 is generated by using therandom number and temporal group identity and is updatedin each grouphandover authentication process any adversarycannot derive the value prod119899119894=1119883119894 Thus anyone except theHSSKGC cannot trace the MTC groups movement trail

Traceability Under dispute scenarios the HSSKGC canreveal the real identity of the MTC group according to thetemporal identity by using the stored random number andits privacy key Therefore once a signature is in dispute orother controversial incidents happen the HSSKGCwho hadassigned temporal identities to the real identity of the MTCgroup is able to trace the MTC group

Signaling Congestion Resistance By our scheme the signalingcongestion can be avoided in terms of low signaling overheadand fast verification On the one hand a large number ofhandover request messages from the MTC group will beaggregated into a single request message by a group leaderand then the single handover request message is sent to theeNB2 In addition the eNB2 only calculates a signature andsends it to the group leader via a single signaling messageMoreover our scheme provides a simple authenticationprocess only with 3-handshake between the MDleader andthe eNB2 without contacting any other third party such asMME and HSS Thus it can largely reduce the signalingcost and thus avoid the signaling overload On the otherhand the eNB2 can simultaneously authenticate a group ofMDs by adopting the technique of the multisignature andAMAC and quickly create the session keys with the MTCgroup Therefore it can alleviate the burden of the eNB2 andensure the QoS requirement of the MTC users without therestriction of handover requests

We also give a security comparison between our schemeand other similar handover authentication protocols inTable 3

52 AVISPA and SPAN Due to the openness of the wirelesscommunication channel the intruder can intercept and storethemessages on the channel replay oldmessages analyze andmodify messages as far as it knows the required keys andsend anynewmessages that it composed towhoever at itswillimpersonating other agents This type of attack is commonlyregarded as Dolev-Yao (DY) attack In this paper we examinevarious security properties of the proposed scheme by theAVISPA [29] and the SPAN [30] which analyze protocolsunder the assumptions of perfect cryptography and the com-munication channel is under the control of a DY intruderThe AVISPA employs the High-Level Protocol SpecificationLanguage (HLPSL) to specify the security protocols andtheir security properties and utilizes four back-end toolsto check the security of protocols which include On-the-FlyModel-Checker (OFMC) Constraint-Logic-based AttackSearcher (CL-AtSe) SAT-based Model-Checker (SATMC)and Tree Automata based on Automatic Approximationsfor the Analysis of Security Protocols (TA4SP) In additionSPAN provides a graphical user interface for the protocoldesigner to easily interact with AVISPA capabilities


Table 3 Security comparison

Protocols [7 8] [18] [19] [20] [21] Our schemeMutual authentication times radic radic times times radicKey agreement radic radic radic radic radic radicReplay attack resistance times radic radic radic radic radicImpersonation attack resistance times radic radic radic times radicMan-in-the-middle attack resistance times radic radic radic times radicInsider attack and DoS attack resistance - radic radic radic radic radicIdentity privacy preservation times radic times radic times radicTraceability times times times times times radicSignaling congestion resistance times times radic times times radic

Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP

Receive ACCESSREPSend

AGGREGATIONREP

AGGREGATION REQSend ACCESS

ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1

Figure 3 The state transition relations of our model

Since multiple MDs can independently achieve theauthentication and derive its session key with the eNB thereis no communication between them except that the groupleader In order to simplify the analysis our scheme includesthree roles MD1 MD119892 (ie MDleader) and eNB and fivemessages which are described as follows

(1) ACCESS REQ MD1 rarr MD119892 (IDMD1 GID IDeNB2 1198771 1198781)(2) AGGREGATION REQ MD119892 rarr eNB (IDMD1

IDMD119892 GID IDeNB 1198771 119877119892 119878MDGPK)(3) ACCESS RES eNB rarr MD119892 MD119892 rarr MD1 (IDeNB119877eNB 119878eNBPKeNB)(4) ACCESS REP MD1 rarr MD119892 MAC1(5) AGGREGATION REP MD119892 rarr eNB MAC

HLPSL has a formal semantics based on LamportrsquosTemporal Logic of Actions (TLA) [31] which is a state-of-the-art model analyzer that enumerates the reachable statesin a finite-state model and checks that invariance propertieshold in each of these states Due to the limited space we onlygive the state transition relations of three roles in our modelas shown in Figure 3 where we neglect the specific formaldescription of our scheme

By our scheme our security goals are to achieve themutual authentication between the MTC group and the eNBand security session key establishment between eachMD and

the eNB As shown in Algorithm 1 we specify the securitygoals of our proposed scheme using AVISPA

Finally we employ the OFMC and CL-AtSe to verify thatthe proposed scheme maintains its security objectives evenunder various attacks The outputs of the model checkingresults by using SPAN in OFMC and CL-AtSe are shown inFigures 4 and 5 respectively According to Figures 4 and 5we can conclude that our scheme can achieve the securitygoals and withstand various attacks including MitM attacksimpersonation attacks and replay attacks under the test ofAVISPA and SPAN using the OFMC back-end and CL-AtSeback-end

6 Performance Evaluation

In this section we firstly analyze the performance of theproposed UPPGHA by comparing it with the current LTE-A handover mechanisms in [7 8] and other related schemes[18ndash21] in terms of the signaling cost the communicationcost and the computational cost Then we evaluate the sit-uation when there are some attacks in execution of protocolsIt is assumed that there are 119899MDs in the MTC group

61 Signaling Cost On the signaling cost we mainly evaluateour scheme by comparing with the schemes [7 8 18ndash21] interms of the number of signaling messages According todistinct mobility scenarios the LTE-A handovermechanisms[7 8] and the GAHAP [20] can be divided into three different


goal

secrecy of sec md1 kme1 sec enb kme1 $K MD1$ is secret between MD1 and eNB

secrecy of sec mdg kme2 sec enb kme2 $K MDg$ is secret between MDg and eNB

authentication on s md1 eNB authenticates MD1 by verifying $S 1$

authentication on s enb1MD1 authenticates eNB by verifying $S eNB$authentication on s mdg eNB authenticates MDg by verifying $S leader$authentication on s enb2 MDg authenticates eNB by verifying $S eNB$end goal

Algorithm 1 Analysis goals of the model

Table 4 Comparison of related schemes

Related schemes Signaling cost Communication costX2-based HO [7 8] 5119899 (3119887 + 2120575)119899Intra-MME HO [7 8] 7119899 (4 minus 119887)119899Inter-MME HO [7 8] 8119899 (4 minus 119887 + 120578)119899X2-based HO [20] 3119899 + 2 3119887119899 + 2120575Intra-MME HO [20] 3119899 + 4 3119887119899 + 4Inter-MME HO [20] 3119899 + 5 3119887119899 + 4 + 120578[18] 4(119899 minus 1) + 5 4119899119887 + 120575[19] 119899 + 9 (119899 + 1)119886 + 4[21] 6119899 2119899119886 + 2119899119887 + 2119899120575Our scheme 2119899 + 4 (2119899 + 1)119886 + 3119887

Figure 4 Results reported by the OFMC back-end in SPAN

handover processes X2-based handover (HO) intra-MMEHO and inter-MMEHO respectively For the scheme in [18]when the first MDmoves into the coverage of the target eNBthe source eNB contacts with the target eNB and transmitsall of security context information for the MTC group to thetarget eNB and then the target eNB can directly perform themutual authentication with other group members only withtwo-handshake without the involvement of the source eNBFor the scheme in [19] taking the advantage of broadcastingand aggregation to design the signaling message the numberof signaling messages for the group is only (119899 + 9) for theroaming phase For the scheme in [21] due to the use of proxy

Figure 5 Results reported by the ATSE back-end in SPAN

mechanism when on-board UEs hand off the target DeNBthe target DeNB can directly obtain the session key withthe UEs without the involvement of the MME According tothe number of signaling messages we obtain a comparisonof the signaling cost shown as the second row of Table 4Since both the signaling cost and the communication costof the scheme in [20] are much better than these in theLTE-A handover mechanisms [7 8] which has been given inthe scheme in [20] Figure 6 only shows the analysis resultsfor the signaling cost with the increasing of the number ofMDs by comparing our scheme with the schemes in [18ndash21] According to the Figure 6 the signaling cost of eachhandover process by our scheme is much better than that


Table 5 Comparison of computational cost

Each device The eNB (or the MME)[19] 5119879mul = 7685 4119899119879mul + 3119879pair = 19119899 + 48966[21] 4119879exp + 2119879pair = 83544 119899 (3119879exp + 2119879pair) = 34219119899Our scheme 5119879exp = 849 (119899 + 4)119879exp = 0525119899 + 21

X2-based HO [20]Intra-MME HO [20]Inter-MME HO [20][18]

[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges

20 40 60 80 1000Number of the MTC devices (n)

Figure 6 Comparison of the number of signaling messages

by the schemes in [18 20 21] while the scheme in [19] hasbetter performance on the signaling cost than our schemeHowever the scheme in [19] is used to the vertical handoverprocess for 3GPP-WiMAX interworking architecture whichis not feasible to the horizontal handover within E-UTRANin LTE-A networks In addition there is no confirmationmessage from the MDs to the MME in the scheme in [19]In such case theMME cannot determine whether theMDhascompleted the handover authentication process and obtainedthe session key which may incur DoS attacks to the networkThus based on an overall consideration of efficiency andsecurity our scheme has a good performance on the signalingcost compared with other schemes

62 CommunicationOverhead On the communication over-head let the transmission cost incurred by delivering anauthentication packet between the MME and the MD be oneunit the cost between the MDs and the group leader be 119886unit the cost between theMD and the eNB be 119887 unit the costbetween the eNBs be 120575 unit and the cost between MMEs be120578 unit respectively Since the MME locates far away from theeNB the cost 119887 unit is in the range 0 lt 119887 lt 12 Generallythe costs 120575 and 120578 are also lower than 1 unit In addition sincethe distance between MDs is not more than 100 meters thecost 119886 unit is far less than 1 unit In fact the distance betweenMDs and that between MMEs in the EPC are relatively fixedwhile the distance between eNBs and that between the MDand the eNB change greatly due to the different deployment ofthe eNBs In order to facilitate analysis we set 119886 = 0005 and

120578 = 01The comparison of the communication cost has beenshown as the third row of Table 4 Figure 7 shows the analysisresults for the communication cost From the Figure 7 thecommunication cost of our scheme is much lower than thatof the schemes in [18 20 21] which is similar to that of thescheme in [19]

63 Computational Cost In this section we analyze the com-putational cost of our scheme by comparing with the schemein [19] and the scheme in [21] We only consider the cost ofthe following operations including amodular exponentiation119879exp a point multiplication 119879mul and a pairing operation119879pair while other operations such as point addition and one-way Hash function will be ignored According to the timecosts of the primitive cryptography operations presented bythe scheme in [10] the comparison of the computationalcost in the reference schemes is shown in Table 5 Accordingto the Table 5 the computational cost of each MD by ourscheme is much less than that by the scheme in [21] whichis slightly larger than that by the scheme [19] That is becausethe operation cost of modular exponentiation adopted by ourscheme is slightly greater than that of point multiplicationused by the scheme in [19] Figure 8 shows the analysis resultsfor the computational cost of the MME or the eNB Fromthe Figure 8 the computational overhead of the eNB by ourscheme is much less than that by the scheme in [19] and thescheme in [21] with the increase of MDs

64 Performance Analysis under Unknown Attacks Ourscheme can withstand several known attacks described indetail above which cannot impact on the execution ofour protocol However when there are unknown attacksor uncertain attacks and we do not determine when orwhether the unknownuncertain attacks occur in executionof protocol our scheme may be interrupted In this sectionwe will evaluate this situation Since we have no idea whenor whether the unknown attacks happen in the executionof the protocol step where the unknown attack happensis completely random that is the probability of unknownattack happened in 119894 step is 119901 = 1119899sig where 119899sig is thetotal number of the signaling messages in one execution ofprotocol Owing to the space limitations we elaborate thecommunication overhead of our scheme under unknownattacks compared with other related schemes and otherperformance evaluations under unknown attacks are similarto that of the communication overhead Here an impact ratioIR is defined to evaluate the impact degree of communicationoverhead under attacks for one success execution of protocolIn addition we define two parameters co119894 represents the totalcommunication overhead before the attack happens in 119894 stepand cototal shows that the total communication overhead for



[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04

Figure 7 Comparison of communication cost

one success execution of protocol with no attack The impactratio IR is shown as follows

IR = 119901 times sum119899sig119894=1 (1119899sig) co119894 + (1 minus 119901) times cototal(1 minus 119901) times cototal

(3)

The comparison of IR for related schemes is given inTable 6 Figure 9 shows the analysis result of the influence rate(IR) of the one authentication process of existing schemesAccording to Figure 9 the impact degree of our scheme issimilar to the scheme in [18] which is much less than that ofother schemes In addition our scheme can simultaneouslyachieve the authentication for a group of MDs in one successexecution of protocol while the LTE schemes [7 8] thescheme in [18] the scheme in [20] and the scheme in [21]can only provide one-by-one authentication Therefore our

scheme outperforms other schemes even if there are someunknown attacks

7 Conclusion and Future Work

In the mobile MTC applications supported by the LTE-Anetworks frequent handover signaling interaction not onlycauses the signaling load on the access network and corenetwork but also increases the terminal energy consumptionWhen a good deal of MTC devices simultaneously roamsfrom a base station to a new base station it is particularlyserious In this paper we have proposed a simple and secureuniform group-based handover authentication scheme for alarge number of MTC devices based on the multisignatureand AMAC techniques which is to fit in with all of themobility scenarios in the LTE-A networks Our analysis



Related schemes IR on communication cost

X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1

Intra-MME HO [7 8](1199017)(18 minus 8119887)(1 minus 119901) times (4 minus 119887) + 1

Inter-MME HO [7 8](1199018)(18 minus 8119887 + 6120578)(1 minus 119901) times (4 minus 119887 + 120578) + 1

X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1

Intra-MME HO [20](119901(3119899 + 4)) ((911989922 minus 171198992 minus 4) 119887 + 4119899 + 14)

(1 minus 119901) times (3119887119899 + 4) + 1

Inter-MME HO [20](119901(3119899 + 5)) ((911989922 minus 171198992 minus 4) 119887 + (119899 + 5)120578 + 4119899 + 15)

(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]

(119901(4(119899 minus 1) + 5))((10119899 + 34)119887 + 16120575)(1 minus 119901) times (4119899119887 + 120575) + 1

[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1

Our scheme(119901(2119899 + 4))((7119899 + 3)119886 + 10119887)(1 minus 119901) times ((2119899 + 1)119886 + 3119887) + 1

[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t

Figure 8 Comparison of the computational cost of the eNB by ourscheme

results show that our scheme can not only provide a simpleauthentication process with robust security protection butalso largely reduce the signaling costs and communicationcosts and thus avoid signaling congestion

Since the next generation networks (5G) will be designedto meet stringent latency high connection density and highconcurrent access requirements the design of the securityand efficient access and handover authentication for massivedevices in LTE-A cellular networks and future 5G is the keychallenge to achieve future cellular applications security Inour future work we will consider more practical access andhandover authentication mechanism in LTE-A5G networks

based on symmetric cryptography for massive devices withresource limited under the scenarios that they belong to thesame group and there is no correlation respectively

Abbreviations

3GPP Third-Generation Partnership ProjectMTC Machine Type CommunicationM2M Machine to MachinemMTC Massive MTCLTE-A Long Term Evolution-AdvancedUE User EquipmentMD MTC deviceMDleader MTC group leaderAMAC Aggregate message authentication codeEPC Evolved Packet CoreE-UTRAN Evolved-Universal Terrestrial Radio

Access NetworkMME Mobility Management EntityS-GW Serving GatewayPDN GW Packet Data Network GatewayRN Relay NodeUMAM Unauthenticatedauthenticated adversarial

modelHSS Home Subscriber ServereNBHeNB eNodeBHome eNBEPS-AKA Evolved Packet System Authentication and

Key AgreementPLC Power line communicationKGC Key Generate CenterNDS Network domain securityAVISPA Automated Validation of Internet Security

Protocols and ApplicationsSPAN ANimator for AVISPA


X2-based HO [7 8]X2-based HO [20][18]

[19][21]Our scheme

02 04 06 08 10Probability of unknown attack happened

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme

0 02 04 06 08 1Probability of unknown attack happened

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04

Figure 9 Comparison of IR on communication cost

HLPSL High-Level Protocol SpecificationLanguage

OFMC On-the-Fly Model-CheckerCL-AtSe Constraint-Logic-based Attack SearcherSATMC SAT-based Model-CheckerTA4SP Tree Automata based on Automatic

Approximations for the Analysis ofSecurity Protocol

Conflicts of Interest

The authors declare that they have no conflicts of interest

Acknowledgments

This work is supported by National Key RampD Program ofChina (2016YFB0800703) the National Natural ScienceFoundation of China (nos 61772404 and U1401251) the

Natural Scientific Basic Research Program Funded byShaanxi Province of China (2017JM6029) and China 111Project (no B16037)

References

[1] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Radio Access Network Study on RAN Improvementsfor Machine-type Communications (Rel 11)rdquo Tech Rep 20113GPP TR 37868 V1200

[2] I F Akyildiz D M Gutierrez-Estevez R Balakrishnan and EChavarria-Reyes ldquoLTE-advanced and the evolution to beyond4G (B4G) systemsrdquo Physical Communication vol 10 pp 31ndash602014

[3] N Nikaein and S Krea ldquoLatency for Real-Time Machine-to-Machine Communication in LTE-Based System Architecturerdquoin Proceedings of Sustainable Wireless Technologies WirelessConference pp 1ndash6 2011


[4] A Zanella M Zorzi A F Dos Santos et al ldquoM2M massivewireless access challenges research issues and ways forwardrdquoin Proceedings of the IEEE Globecom Workshops (GC Wkshpsrsquo13) pp 151ndash156 USA December 2013

[5] J Cao M Ma and H Li ldquoA group-based authentication andkey agreement for MTC in LTE networksrdquo in Proceedings of theIEEEGlobal Communications Conference (GLOBECOM rsquo12) pp1017ndash1022 Anaheim Calif USA December 2012

[6] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Services and System Aspects Security Sspects ofMachine-Type Communications (Rel 12)rdquo Tech Rep 20143GPP TR 33868 V1210

[7] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Services and System Aspects General Packet RadioService (GPRS) enhancements for EvolvedUniversal TerrestrialRadio Access Network (E-UTRAN) access (Rel 14)rdquo Tech Rep2016 3GPP TS 23401 V1400

[8] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Radio Access Networkrdquo Evolved Universal TerrestrialRadio Access (E-UTRA) and Evolved Universal TerrestrialRadio Access Network (E-UTRAN) Overall description (Rel13) 2016 3GPP TS 36300 V1340

[9] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Service and System Aspectsrdquo 3GPP System ArchitectureEvolution (SAE) Security architecture (Rel 13) 2016 3GPP TS33401 V1330

[10] J Cao H Li M Ma Y Zhang and C Lai ldquoA simple androbust handover authentication betweenHeNB and eNB in LTEnetworksrdquo Computer Networks vol 56 no 8 pp 2119ndash21312012

[11] D Forsberg ldquoLTE key management analysis with session keyscontextrdquo Computer Communications vol 33 no 16 pp 1907ndash1915 2010

[12] 3rd Generation Partnership Project ldquoTechnical SpecificationGroup Service and System Aspectsrdquo Security of H(e)NB (Rel8) 2009 3GPP TR 33820 V830

[13] C-K Han H-K Choi and I-H Kim ldquoBuilding femtocellmore secure with improved proxy signaturerdquo in Proceedings ofthe 2009 IEEE Global Telecommunications Conference GLOBE-COM 2009 USA December 2009

[14] H Nicanfar J Hajipour F Agharebparast P TalebiFard andV C M Leung ldquoPrivacy-preserving handover mechanism in4Grdquo in Proceedings of the 1st IEEE International Conference onCommunications and Network Security CNS 2013 pp 373-374USA October 2013

[15] J CaoMMa H Li Y Zhang and Z Luo ldquoA survey on securityaspects for LTE and LTE-A networksrdquo IEEE CommunicationsSurveys amp Tutorials vol 16 no 1 pp 283ndash302 2014

[16] 3rd Generation Partnership Project Technical SpecificationGroup Services and System Aspects Service Requirementsfor Machine-Type Communications (MTC) (Rel 13) 3GPP TS22368 V1310 Dec 2014

[17] J Cao H Li M Ma and F Li ldquoUGHA Uniform group-basedhandover authentication for MTC within E-UTRAN in LTE-Anetworksrdquo in Proceedings of the IEEE International Conferenceon Communications ICC 2015 pp 7246ndash7251 UK June 2015

[18] A Fu S Lan B Huang Z Zhu and Y Zhang ldquoA novel group-based handover authentication scheme with privacy preser-vation for mobile WiMAX networksrdquo IEEE CommunicationsLetters vol 16 no 11 pp 1744ndash1747 2012

[19] C Lai H Li R Lu R Jiang and X Shen ldquoSEGR A secureand efficient group roaming scheme for machine to machine

communications between 3GPP and WiMAX networksrdquo inProceedings of the 2014 1st IEEE International Conference onCommunications ICC 2014 pp 1011ndash1016 Australia June 2014

[20] J Cao H Li and M Ma ldquoGAHAP A group-based anonymityhandover authentication protocol forMTC in LTE-Anetworksrdquoin Proceedings of the IEEE International Conference on Commu-nications ICC 2015 pp 3020ndash3025 UK June 2015

[21] Q Kong R Lu S Chen andH Zhu ldquoAchieve SecureHandoverSession Key Management via Mobile Relay in LTE-AdvancedNetworksrdquo IEEE Internet of Things Journal vol 4 no 1 pp 29ndash39 2017

[22] K Itakura and K Nakamura ldquoA public-key cryptosystemsuitable for digital multisignaturesrdquo NEC Research and Devel-opment vol 71 pp 1ndash8 1983

[23] S-J Hwang and Y-H Lee ldquoRepairing ElGamal-like multi-signature schemes using self-certified public keysrdquo AppliedMathematics and Computation vol 156 no 1 pp 73ndash83 2004

[24] J Katz and A Y Lindell ldquoAggregate Message AuthenticationCodesrdquo in Topics in Cryptology CT-RSA pp 155ndash169 SpringerBerlin Heidelberg Berlin Heidelberg 2008

[25] R Canetti and H Krawczyk ldquoAnalysis of key-exchange proto-cols and their use for building secure channelsrdquo in Advances inCryptology EUROCRYPT vol 2045 of Lecture Notes in ComputSci pp 453ndash474 Springer Berlin 2001

[26] K-R Jung A Park and S Lee ldquoMachine-Type-Commu-nication (MTC) device grouping algorithm for congestionavoidance of MTC oriented LTE networkrdquo Communications inComputer and Information Science vol 78 pp 167ndash178 2010

[27] 3rd Generation Partnership Project Technical SpecificationGroup Services and System Aspects 3G Security NetworkDomain Security (NDS) IP network layer security (Rel 13)3GPP TS 33210 V1300 Dec 2015

[28] E Bresson O Chevassut and D Pointcheval ldquoDynamic groupDiffie-Hellman key exchange under standard assumptionsrdquo inAdvances in CryptologymdashEUROCRYPT vol 2332 of LectureNotes in Comput Sci pp 321ndash336 Springer Berlin 2002

[29] AVISPA v11 User Manual 2006[30] Y Glouche T Genet O Heen and O Courtay ldquoA Security

Protocol Animator Tool for AVISPArdquo ARTIST2 Workshop onSecurity Specification and Verification of Embedded Systems2006

[31] L Lamport ldquoSpecifying Systemsrdquo in The TLA+ Language andTools for Hardware and Software Engineers Addison-WesleyPublishing Company 2002

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


MTC market analysis forecasts 50 billion machines areexpected to use wired or wireless communication technolo-gies by the year 2020 [3] Moreover the analysis results showthat the number of MDs is connected to a single base stationin 2020 to be anywhere from 10000 to 100000 [4] Thereforeit will bring huge loads on wireless access networks and LTE-A core network [5] when sea of MDs concurrently connectsto the LTE-A network It is particularly acute when a largenumber of MDs simultaneously move away from the currentbase station to a new base station For example for a largenumber of goods transported on a freight train some relevantsensor devices could be deployed in each car of goods tomonitor the states of the goods in the transportation A largenumber of surveillance cameras temperature and humiditysensors and smoke detectors could also be deployed onthe train to perform different functions A large number ofmonitoring and sensor terminals equipped with the peopleand vehicles participated in marathon cycling car rallygame and so on are used to track the body functionsthe performance of the vehicles and so on These devicesneed to support the real-time communication between theside of the road other vehicles or remote servers In thismobility scenario frequent handover signaling interactionnot only causes the signaling load on the access networkand core network but also increases the terminal energyconsumption The current handover methods suggested bythe 3GPP committee require each MD independently toexecute the same handover authentication process as thecommon User Equipment (UE) [6] which results in severalsecurity vulnerabilities described as follows

(i) The current handover mechanisms need severalrounds of signaling interaction [7 8] and complexhandover key management mechanism [9ndash11] whichare not suitable for a group of energy limited MDs toachieve seamless handovers in mobility scenarios

(ii) Owing to the support of many new types of basestations such as Home eNodeB (HeNB) eNB andRelay Nodes (RNs) 3GPP committee [7 8] hasaddressed distinct handover procedures for differentscenarios such as the handovers between eNBsbetween HeNBs between a HeNB and an eNB andthe inter-MME handovers when the base stations aremanaged by different MMEs which will increase theoverall system complexity

(iii) Since some base stations such as HeNB and RNs canbe easily owned by third parties a robust mutualauthentication between MDs and base stations isrequired in handover process to withstand severalprotocol attacks such as impersonation attacks Man-in-the-Middle (MitM) attacks and replay attacks [12ndash15]

(iv) Due to lack of user identity and location privacypreservation an attacker can easily trace a spe-cial MDrsquos movement locus Therefore a fast andsecure privacy preservation handover authenticationscheme for a large number of MDs is required toensure the continuity ofMTCapplications in the LTE-A networks

In this paper taking the advantage of the novelmultisignature and AMAC techniques we propose a newuniform privacy preservation group handover authenticationprotocol for mMTC within E-UTRAN in LTE-A networks(UPPGHA) which can be applied to all of mobility scenariosin LTE-A networks Compared with the current 3GPPstandards and other related schemes our scheme can notonly largely reduce the signaling cost and thus avoid networkcongestions but also provide robust security and privacyprotection By the scheme a mass of MDs is initialized toform a MTC group and choose a group leader [16] Whenthe MTC group moves to the coverage of the target eNB(eNB2) the eNB2 can simultaneously authenticate the MTCgroup by checking the multisignature and AMAC generatedby the group leader on behalf of all the group members andderives a distinct session key for each MD

Our contributionsmade in this paper can be summarizedup as follows

(1) We proposed a simple handover authentication pro-cess to achieve mutual authentication and key agree-ment between multiple MDs and the target eNBsimultaneously

(2) By our solution the network congestion incurred byfrequent handover for mass of MDs can be avoided inthe LTE-A networks

(3) The proposed scheme not only has been formallyvalidated by both the CK model and the formalverification tool AVISPA and SPAN to show its secu-rity against various malicious attacks but also canprovide robust security protection including privacypreservation and traceability

Compared with the conference version [17] which merelyprovidesmutual authentications and key agreements betweenmMTC devices and eNB and does not give the detailed secu-rity analysis and performance evaluation we not only identifya few distinctive security requirements in group handoverauthentication protocol and achieve the identity privacypreservation and traceability in new design but also formallyverify the proposed new protocol by employing the CKmodel and formal verification tool AVISPA and SPAN andanalyze in detail the performance of our proposed protocolcompared with the newest works in terms of signaling costcommunication cost and computational cost In addition westill give the performance analysis under unknown attacksand point out that our new scheme outperforms otherschemes even if there are some unknown attacks

The reminder of this paper is organized as follows InSections 2 and 3 we review the related work and introducethe MTC network architecture respectively In Section 4 theproposed scheme is presented in detail The security analysisand the performance evaluation on our scheme are presentedin Sections 5 and 6 Finally we drew the conclusion of thepaper in Section 7

2 Related Works

Until now there are only few research works on the handoverauthentication process for a large number of devices in


eNB

MTCdevice

HeNB EPC MTCserver

eNBPDN-GW

MTCserver

RN

MTCdevice eNB MMES-

GWHSS

MTCdevice

MTCdevice

MTCdevice

MTCdevice

LTE-Uu

LTE-Uu

LTE-Uu

LTE-Uu

S1

S1

S1

X2

X2

X2

S1







3 Preliminary





































GID



















119895MD119899⟩








C = H(RT ４）＄jT ４）＄j ）2

)Si = ri + ３＋－＄


(1) ４）＄j－＄

４）＄j ）2 Ri Si

S－＄ = sumnj=1Sj

(2) R1 Rn ４）＄jT ４）＄J ）2

S－＄０＋j


C = H(RT ４）＄jT ４）＄j ）2

)


Cequiv RT



S2= r2

+ ３＋2times H(X2


)

K－＄= R


(3) R2 ）＄2

S2 ０＋2

(4) R2 ）＄2

S2 ０＋2


2+ ）＄2

)H(R2

）＄2)

equiv R2


Ri)(5) －i


(6) －

(7)VＬＣＳ－

CＩＧＪＯＮ


ＧＩ＞ N

ＧＩ＞ N

Rr2


















(1)





(2)


























Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



eNB

MTCdevice

HeNB EPC MTCserver

eNBPDN-GW

MTCserver

RN

MTCdevice eNB MMES-

GWHSS

MTCdevice

MTCdevice

MTCdevice

MTCdevice

LTE-Uu

LTE-Uu

LTE-Uu

LTE-Uu

S1

S1

S1

X2

X2

X2

S1







3 Preliminary





































GID



















119895MD119899⟩








C = H(RT ４）＄jT ４）＄j ）2

)Si = ri + ３＋－＄


(1) ４）＄j－＄

４）＄j ）2 Ri Si

S－＄ = sumnj=1Sj

(2) R1 Rn ４）＄jT ４）＄J ）2

S－＄０＋j


C = H(RT ４）＄jT ４）＄j ）2

)


Cequiv RT



S2= r2

+ ３＋2times H(X2


)

K－＄= R


(3) R2 ）＄2

S2 ０＋2

(4) R2 ）＄2

S2 ０＋2


2+ ）＄2

)H(R2

）＄2)

equiv R2


Ri)(5) －i


(6) －

(7)VＬＣＳ－

CＩＧＪＯＮ


ＧＩ＞ N

ＧＩ＞ N

Rr2


















(1)





(2)


























Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





































GID



















119895MD119899⟩








C = H(RT ４）＄jT ４）＄j ）2

)Si = ri + ３＋－＄


(1) ４）＄j－＄

４）＄j ）2 Ri Si

S－＄ = sumnj=1Sj

(2) R1 Rn ４）＄jT ４）＄J ）2

S－＄０＋j


C = H(RT ４）＄jT ４）＄j ）2

)


Cequiv RT



S2= r2

+ ３＋2times H(X2


)

K－＄= R


(3) R2 ）＄2

S2 ０＋2

(4) R2 ）＄2

S2 ０＋2


2+ ）＄2

)H(R2

）＄2)

equiv R2


Ri)(5) －i


(6) －

(7)VＬＣＳ－

CＩＧＪＯＮ


ＧＩ＞ N

ＧＩ＞ N

Rr2


















(1)





(2)


























Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






C = H(RT ４）＄jT ４）＄j ）2

)Si = ri + ３＋－＄


(1) ４）＄j－＄

４）＄j ）2 Ri Si

S－＄ = sumnj=1Sj

(2) R1 Rn ４）＄jT ４）＄J ）2

S－＄０＋j


C = H(RT ４）＄jT ４）＄j ）2

)


Cequiv RT



S2= r2

+ ３＋2times H(X2


)

K－＄= R


(3) R2 ）＄2

S2 ０＋2

(4) R2 ）＄2

S2 ０＋2


2+ ）＄2

)H(R2

）＄2)

equiv R2


Ri)(5) －i


(6) －

(7)VＬＣＳ－

CＩＧＪＯＮ


ＧＩ＞ N

ＧＩ＞ N

Rr2


















(1)





(2)


























Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





(1)





(2)


























Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia
















Receive start

Send ACCESSREQ

REQ

Receive ACCESS REQ

Receive ACCESSRES

Send ACCESSREP

Receive

SendAGGREGATION

AGGREGATION

Receive ACCESS3 RES

Send ACCESSRES

REP


AGGREGATIONREP


ReceiveeNB

RES

4 70

51

6 92

8－＄g

－＄1













goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



goal
















[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






[19][21]Our scheme

0

100

200

300

400

500

600

Num

ber o

f sig

nalin

g m

essa

ges










[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




[19][21]Our scheme

0

5

10

15

20

25

30

35

40

45

Com

mun

icat

ion

cost


(a) 119887 = 120575 = 01


[19][21]Our scheme

0

10

20

30

40

50

60

70

80

90

Com

mun

icat

ion

cost


(b) 119887 = 120575 = 02


[19][21]Our scheme

0

20

40

60

80

100

120

140

Com

mun

icat

ion

cost


(c) 119887 = 120575 = 03


[19][21]Our scheme

0

20

40

60

80

100

120

140

160

180C

omm

unic

atio

n co

st


(d) 119887 = 120575 = 04




(3)








X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





X2-based HO [7 8](1199015)(8119887 + 7120575)

(1 minus 119901) times (3119887 + 2120575) + 1



X2-based HO [20](119901(3119899 + 2))((9119899(119899 minus 1)2 + 8)119887 + (2119899 + 5)120575)

(1 minus 119901) times (3119887119899 + 2120575) + 1


(1 minus 119901) times (3119887119899 + 4) + 1


(1 minus 119901) times (3119887119899 + 4 + 120578) + 1[18]


[19](119901(119899 + 9))((6119899 + 8)119886 + 26)(1 minus 119901) times ((119899 + 1)119886 + 4) + 1

[21](1199016)(5119887 + 11120575 + 5119886)

(1 minus 119901) times (2119887 + 2119886 + 2120575) + 1


[19][21]Our scheme


0

500

1000

1500

2000

2500

3000

3500

Com

puta

tiona

l cos

t





Abbreviations








[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(a) 119899 = 50 119887 = 120575 = 02


[19][21]Our scheme


1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s

(b) 119899 = 50 119887 = 120575 = 04


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(c) 119899 = 100 119887 = 120575 = 02


[19][21]Our scheme

1

2

3

4

5

6

7

8

Influ

ence

rate

IR fo

r one

-aut

h pr

oces

s


(d) 119899 = 100 119887 = 120575 = 04







Acknowledgments



References




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


uppgha: uniform privacy preservation group handover

Documents