Key delivery - in multi-hop wireless networks for mobile users

LAS 3 RAS 3

A.3 HOKEY

A.3.5 Key delivery

In [Hoeperet al., 2010], the delivery of keys belonging to diﬀerent levels of the key hierarchy can be performed in a proactive way, e.g. a Home AS can deliver DSRK key to a Foreign AS before it requests. The mechanism uses RADIUS packet form.

EAP Initiate/Re-auth Start

EAP Initiate/Re-auth(SEQ,MAC)

AAA-Response(rMSK, EAP Finish/Re-auth(SEQ, MAC))

MC Authenticator Foreign AS

AAA-Request(Authenticator-ID, EAP Initiate/Re-auth(SEQ, MAC))

EAP Finish/Re-auth(SEQ, MAC)

Figure A.8: HOKEY re-authentication in a foreign network

Appendix B

Time consumption of asymmetric cryptographic primitives

I measured the time consumption of some widely known and analyzed public key based key ex-change, digital signature and encryption algorithms listed below.

Key exchange algorithms

– Diﬃe-Hellman [Diﬃe and Hellman, 1976]

– Elliptic Curve Diﬃe-Hellman [Certicom Research, 2000]

Digital signature algorithms – RSA [Rivestet al., 1978]

– DSA [FIPS PUBS, 1994]

– Elliptic Curve DSA (ECDSA) [Certicom Research, 2000]

Cipher algorithms – RSA

– Elliptic Curve ElGamal (ECELG) [Rabah, 2005]

These cryptographic primitives are already implemented in various crypto libraries. For my measurements, I chose the Open SSL library [OpenSSL, 2010], because of the following reasons:

1) it is a widely used open source library, 2) each crypto primitive is already implemented in it (except for ECElGamal, but general operations over diﬀerent elliptic curves are supported), 3) it is available in a crosscompiled version for each architecture which is supported by the OpenWRT [OpenWRT, 2010] embedded Linux distribution.

I measured the time consumption of the above listed algorithms with diﬀerent key sizes or using diﬀerent elliptic curves. In each case, I considered the average value of 100 measurements.

In the case of Diﬃe-Hellman key agreement algorithms, I measure the time needed to compute the common key by the two protocol participants. In the case of digital signature algorithms, I mea-sure the time of generating and verifying signatures on a single block of data. The meamea-surements of the encryption algorithms are performed in the same way as in the case of digital signature: I mea-sure the time consumption of the encryption and the decryption, of a single randomly generated data block.

Herein, I deﬁne what key parameters were considered in diﬀerent public key crypto algorithms.

In the case of non-EC algorithms, I measured the time consumption with 256, 384, 512, 1024 and 2048 bit long keys. The generator number of DSA was always 5 and the prime was generated

Table B.1: Test elliptic curve parameters Name Organization Size RSA/DSA Field

secp112r1 SECG 112 512 Fp

secp112r2 SECG 112 512 Fp

secp128r1 SECG 128 704 Fp

secp128r2 SECG 128 704 Fp

secp160k1 SECG 160 1024 Fp

secp160r1 SECG 160 1024 Fp

secp160r2 SECG 160 1024 Fp

sect113r1 SECG 113 512 F2^m

sect113r2 SECG 113 512 F2^m

sect131r1 SECG 131 704 F2^m

sect131r2 SECG 131 704 F2^m

sect163k1 SECG 163 1024 F2^m

sect163r2 SECG 163 1024 F2^m

c2pnb163v1 X9.62 163 1024 F2^m

c2pnb163v2 X9.62 163 1024 F2^m

wtls1 WAP 113 512 F2^m

wtls5 WAP 163 1024 F2^m

wtls8 WAP 112 512 Fp

wtls9 WAP 160 1024 Fp

randomly in each run. The exponent of the public key of the RSA algorithm is 65537 both in the case of encryption and digital signature. The elliptic curve based algorithms requires to deﬁne an elliptic curve on which the operations can be performed. The OpenSSL implements the elliptic curves proposed and standardized in three diﬀerent documents issued by three diﬀerent organiza-tion: SECG [Standards for Eﬃcient Cryptography Group (SECG), 2000], ANSI X9.62 [Accredited Standards Committee X9, 2005], and WAP [Wireless Application Forum, 1999]. In Table B.1, I describe the properties of elliptic curves I considered while measuring the time consumption.

ECRYPT II [FP7 ECRYPT II, 2007] recommendation for 2008 says that the 1024 bit asym-metric keylength and elliptic curves with 160 bit are suﬃcient for short-term protection (some years). And 816 bit asymmetric keylength and elliptic curves with 128 bit are not suﬃcient for conﬁdentiality, and oﬀer only very short-term protection for other purposes.

I have measured the time consumption of crypto primitives in two diﬀerent devices. One device is a regular access point which will be responsible for authenticating the mesh clients in my proposed mechanism. The access point is a Linksys wireless router (WRT54GL v1.1) with 200 MHz MIPS CPU, 16 MB RAM and 4 MB Flash. The other one is a more powerful device as the mesh clients have usually more power than an access point, I used a desktop PC with Core2Duo 6400 CPU and 1 GB RAM.

In FigureB.1, B.2, and B.3, I plotted the results of the measurement of key exchange, digital signature and encryption algorithms, respectively. On thexaxis, I show the delay of the ﬁrstly measured operation (i.e., calculation of the common key by the ﬁrst party, generation of a digital signature, and encryption), while on the y axis, I show the time consumption of the secondly measured operation (i.e., calculation of the common key by the second party, digital signature veriﬁcation, and decryption). The placing of a point, which is related to a speciﬁc algorithm with a speciﬁc key parameter, shows the delay of the two operations. The name of the algorithms and the key parameters are indicated in the legend of the ﬁgures. Elliptic curves correspond to the abbreviations in TableB.1; the standards and the OpenSSL library use the same or similar names.

For the sake of better readability, I grouped the points into groups and the points are indicated with the same mark in FigureB.1,B.2, andB.3if the points are close to each other.

The DH and ECDH key exchange algorithms are for establishing shared secret between two parties which has no prior knowledge of each other, but the algorithms themselves do not provide

0 50 100 150 200 250 300 0

50 100 150 200 250 300

Time of key generation − node 1 (ms)

Time of key generation − node 2 (ms)

DH−256 bits DH−384 bits ECDH−sect113r1 ECDH−sect113r2 ECDH−wtls1 DH−512 bits ECDH−secp112r1 ECDH−secp112r2 ECDH−secp128r1 ECDH−secp128r2 ECDH−sect131r1 ECDH−sect131r2 ECDH−sect163k1 ECDH−c2pnb163v2 ECDH−wtls5 ECDH−wtls8 ECDH−wtls9 ECDH−secp160k1 ECDH−secp160r1 ECDH−c2pnb163v1 ECDH−secp160r2 ECDH−sect163r2 DH−1024 bits

(a) Access point

0 1 2 3 4 5 6 7 8

Time of key generation − node 1 (ms)

Time of key generation − node 2 (ms)

DH−256 bits DH−384 bits ECDH−sect113r1 ECDH−sect113r2 ECDH−wtls1 DH−512 bits ECDH−secp112r1 ECDH−secp112r2 ECDH−secp128r1 ECDH−secp128r2 ECDH−sect131r1 ECDH−sect131r2 ECDH−wtls8 ECDH−secp160k1 ECDH−secp160r1 ECDH−secp160r2 ECDH−sect163k1 ECDH−sect163r2 ECDH−c2pnb163v1 ECDH−c2pnb163v2 ECDH−wtls5 ECDH−wtls9 DH−1024 bits

(b) PC

Figure B.1: Time consumption of key exchange algorithms

authenticity. Two things can be drawn from the previous statement: 1) Assuming that the con-nection key is derived from the result of the key exchange algorithm, the key size must be secure enough otherwise an attacker who logged the communication can decrypt it after breaking the key;

2) Beside the key exchange algorithm some other public key algorithms (typically digital signature) should be used to provide authenticity.

In FigureB.1(a)andB.1(b), one can see the time consumption of the key exchange algorithms performed in AP and PC, respectively. As it is expected, the delay of calculating the common key is independent of which private key is used when the common key is calculated.

Considering the time consumption of DH algorithm in AP, I can derive that this mechanism is not promising nowadays, as the delay is much longer for secure key sizes (1024 bit – 300 ms) than a QoS-aware application can tolerate. This is the case for the ECDH in most cases, however some elliptic curves (c2pnb163v2, sect163k1, wtls5 and wtls9) with secure key sizes can be calculated around 50 ms in my representative AP. In any other considered cases, the ECDH algorithm is either slow or insecure.

As Figure B.1(b)shows, a PC is powerful enough to perform such algorithms. Unfortunately, it does not accelerate the key agreement process as the access point and the mesh client has to perform the generation of the common key in parallel.

Note that in FigureB.1(a)andB.1(b), I do not indicate the time consumption of the DH with 2048 bit key size, because it has such a long delay that it would decrease the readability of the ﬁgures. In a powerful PC, it needs around 37 ms and in a less powerful AP, it lasts around 1.79 s.

In FigureB.2(a) andB.2(b), the time consumption of the digital signature can be seen in the case of AP and PC, respectively. The three analyzed algorithms show two diﬀerent properties with the predeﬁned key parameters. The RSA algorithm with small public key exponent is two or three degree quicker when the digital signature is veriﬁed compared to the process of signing. The ECDSA and the DSA are the opposite of RSA, the generation is two or three degree quicker than the veriﬁcation if the operations are performed in the same powerful device. The reason is that in the case of signature generation the most time consuming operations can be performed without the knowledge of the data that has to be signed.

Note that one operation is time consuming considering the analyzed algorithms, and the other one only needs 1-2 ms even if the device has limited capacity. Furthermore, in the case of a powerful device (like PC), only the signature generation of RSA with 2048 bit needs considerable time. In the case of less powerful device (AP), from FigureB.2(a), one can read that an AP is not able to perform the operation which has higher delay (generation of digital signature in the case of RSA and veriﬁcation in the case of DSA and ECDSA) with secure key sizes within a considerable time.

0 100 200 300 400 500 600 700 0

20 40 60 80 100 120 140 160 180

Time of signing (ms)

Time of verification (ms)

RSA−256 bits RSA−384 bits RSA−512 bits RSA−1024 bits RSA−2048 bits DSA−256 bits DSA−384 bits DSA−512 bits DSA−1024 bits ECDSA−secp112r1 ECDSA−secp112r2 ECDSA−secp128r1 ECDSA−sect113r1 ECDSA−sect113r2 ECDSA−wtls1 ECDSA−wtls8 ECDSA−secp128r2 ECDSA−secp160k1 ECDSA−secp160r1 ECDSA−sect131r1 ECDSA−sect131r2 ECDSA−secp160r2 ECDSA−sect163r2 ECDSA−c2pnb163v1 ECDSA−wtls5 ECDSA−sect163k1 ECDSA−c2pnb163v2 ECDSA−wtls9 DSA−2048 bits

(a) Access point

0 5 10 15

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5

Time of signing (ms)

Time of verification (ms)

RSA−256 bits RSA−384 bits RSA−512 bits RSA−1024 bits RSA−2048 bits DSA−256 bits DSA−384 bits DSA−512 bits DSA−1024 bits ECDSA−secp112r1 ECDSA−secp112r2 ECDSA−secp128r1 ECDSA−wtls8 ECDSA−secp128r2 ECDSA−sect113r1 ECDSA−sect113r2 ECDSA−wtls1 DSA−2048 bits ECDSA−sect163k1 ECDSA−sect163r2 ECDSA−c2pnb163v1 ECDSA−c2pnb163v2 ECDSA−wtls5 ECDSA−secp160k1 ECDSA−secp160r1 ECDSA−secp160r2 ECDSA−wtls9 ECDSA−sect131r1

(b) PC

Figure B.2: Time consumption of digital signature algorithms

0 50 100 150

0 100 200 300 400 500 600 700

Time of encryption (ms)

Time of decryption (ms)

RSA−256 bits RSA−384 bits RSA−512 bits RSA−1024 bits RSA−2048 bits ECELG−secp112r1 ECELG−sect131r1 ECELG−sect131r2 ECELG−secp112r2 ECELG−secp128r1 ECELG−secp160k1 ECELG−sect163r2 ECELG−secp128r2 ECELG−secp160r1 ECELG−secp160r2 ECELG−c2pnb163v1 ECELG−wtls9 ECELG−c2pnb163v2 ECELG−wtls5 ECELG−wtls8 ECELG−sect113r1 ECELG−sect113r2 ECELG−wtls1 ECELG−sect163k1

(a) Access point

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 0

5 10 15

Time of encryption (ms)

Time of decryption (ms)

RSA−256 bits RSA−384 bits RSA−512 bits RSA−1024 bits RSA−2048 bits ECELG−secp112r1 ECELG−secp112r2 ECELG−secp128r1 ECELG−wtls8 ECELG−secp128r2 ECELG−sect113r1 ECELG−sect113r2 ECELG−wtls1 ECELG−secp160k1 ECELG−sect163k1 ECELG−wtls9 ECELG−sect163r2 ECELG−c2pnb163v1 ECELG−c2pnb163v2 ECELG−wtls5 ECELG−secp160r1 ECELG−secp160r2 ECELG−sect131r1 ECELG−sect131r2

(b) PC

Figure B.3: Time consumption of encryption algorithms

In Figure B.3(a) and B.3(b), the time consumption of the encryption algorithms can be seen in the case of AP and PC, respectively. Again, I can observe that the public key operation of the RSA, i.e. herein the encryption, is two or three orders of magnitude quicker than the decryption and does not cause more than 1-2 ms delay either in a limited device. The decryption process of the RSA with secure key sizes in AP needs more time than a QoS-aware application can tolerate. Considering the ECELG algorithm, the decryption is quicker than the encryption, but approximately two times, only. While, the quickest decryption with suﬃciently large key size lasts more than 50 ms on average. Thus, the decryption can not be performed in limited device in any case during the handover. A more powerful device (PC) is able to encrypt and decrypt within the considered time with any kind of considered algorithms and with any kind of considered key parameter, except for the RSA decryption with 2048 bits (lasts 15 ms on average).

The conclusion is that using asymmetric key crypto in a powerful device does not preclude the possibility of seamless handover. While on a limited device, such as an AP, some crypto primitives cause too long delays. Here, I collect those from the set of considered algorithms and key parameters which can be performed with a suﬃciently short delay:

Digital signature generation with any key size using DSA or ECDSA

Digital signature veriﬁcation with any key size using RSA

Any digital signature operation with a weak key

Encryption with any key size using RSA

Thus, if the mesh client is as constraint as the considered access point, then they are not able to generate a shared secret securely within a considerable time. Furthermore, they are not able to generate and verify digital signatures using securely large keys. The main consequence is that two computationally constraint devices are not able to authenticate each other and to perform a DH key agreement protocol within the time that a seamless handover requires.

AP Access point

ARM Advanced RISC Machine or Acorn RISC Machine BIONETS BIOlogically inspired NETwork and Services

BWM Blake-Wilson and Menezes Provably Secure Key Transport Protocol CAPWAP Control And Provisioning of Wireless Access Points

CAT Category identiﬁer

CCTV Closed-circuit television

CA Certiﬁcate Authority

CRL Certiﬁcate Revocation List DoS Denial-of-Service

DTN Delay Tolerant Network

EAP Extensible Authentication Protocol

EAPOL EAP over LAN

EU European Union

FP Framework Programme

GSM Global System for Mobile Communications

GW Gateway

HLS Hide-and-Lie Strategy HOKEY Handover Keying

IAPP Inter Access Point Protocol

ID Identity

IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force

IP Interest Proﬁle

IPsec Internet Protocol Security ISP Internet Service Provider

LAN Local Area Network

LAS Local Authentication Server MAC Message Authentication Code MAC address Media Access Control address MANET Mobile Ad Hoc Network

MC Mesh client

MR Mesh router

MSK Master Session Key

Multi-WMN Multi-operator maintained WMN using multiple channels

NTV Node Trust Value

OP Operator

PANA Protocol for carrying Authentication for Network Access

PMK Pairwise Master Key PTK Pairwise Transient Key QoS Quality of Services

RADIUS Remote Authentication Dial In User Service RAS Remote Authentication Server

RRW Restricted Random Waypoint mobility model

RW Random Walk mobility model

SEQ Sequence number

SUMO Simulation of Urban MObility TLS Transport Layer Security

UP User Proﬁle

VANET Vehicular Ad-hoc Network

VoIP Voice over IP

WMN Wireless Mesh Network

[ ´Acset al., 2010] Gergely ´Acs, Levente Butty´an, and L´aszl´o D´ora. Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks. InProceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH’10), Montreal, Canada, June 2010.

[Askoxylakiset al., 2009] Ioannis Askoxylakis, Boldizs´ar Bencs´ath, Levente Butty´an, L´aszl´o D´ora, Vasilios Siris, D´avid Szili, and Istv´an Vajda. Securing Multi-operator Based QoS-aware Mesh Networks: Requirements and Design Options. Wireless Communications and Mobile Computing (Special Issue on QoS and Security in Wireless Networks), 10(5):622–646, 2009.

[Askoxylakiset al., 2010] Ioannis Askoxylakis, Boldizs´ar Bencs´ath, Levente Butty´an, L´aszl´o D´ora, Vasilios Siris, and A. Traganitis. Cross-layer security and resilience in wireless mesh networks.

Cross Layer Designs in WLAN Systems, Troubador Publishing Ltd, Emerging Communication and Service Technologies Series, 2010.

[Boh´aket al., 2007] Andr´as Boh´ak, Levente Butty´an, and L´aszl´o D´ora. An User Authentication Scheme for Fast Handover Between WiFi Access Points. In Proceedings of the Third Annual International Wireless Internet Conference, Austin, Texas, USA, October 22-23 2007. ACM.

(invited paper).

[Butty´an and D´ora, 2006] Levente Butty´an and L´aszl´o D´ora. Wiﬁ biztons´ag - a j´o, a rossz, ´es a cs´uf. H´ırad´astechnika, May 2006.

[Butty´an and D´ora, 2009] Levente Butty´an and L´aszl´o D´ora. An Authentication Scheme for QoS-aware Multi-operator maintained Wireless Mesh Networks. In Proceedings of the First IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH’09), Kos, Greece, June 2009.

[Butty´anet al., 2005] Levente Butty´an, L´aszl´o D´ora, and Istv´an Vajda. Statistical Wormhole Detection in Sensor Networks. In Proceedings of Security and Privacy in Ad-hoc and Sensor Networks: Second European Workshop, pages 128–141, Visegrad, Hungary, July 13-14 2005.

Springer-Verlag GmbH.

[Butty´anet al., 2007] Levente Butty´an, L´aszl´o D´ora, M´ark F´elegyh´azi, and Istv´an Vajda. Barter-based cooperation in delay-tolerant personal wireless networks. In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications. IEEE Computer Society Press, June 2007.

[Butty´anet al., 2010a] Levente Butty´an, L´aszl´o D´ora, M´ark F´elegyh´azi, and Istv´an Vajda. Barter Trade Improves Message Delivery in Opportunistic Networks.Elsevier Ad Hoc Networks, 8(1):1–

14, January 2010.

[Butty´anet al., 2010b] Levente Butty´an, L´aszl´o D´ora, Fabio Martinelli, and Marinella Petrocchi.

Fast Certiﬁcate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Net-works. Elsevier Computer Communications, 33:907–922, April 2010.

[D´ora and Holczer, 2010] L´aszl´o D´ora and Tamas Holczer. Hide-and-Lie: Enhancing Application-level Privacy in Opportunistic Networks. In Proceedings of the Second International Workshop on Mobile Opportunistic Networking ACM/SIGMOBILE MobiOpp 2010, Pisa, Italy, February 22-23 2010.

[Abobaet al., 2004] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. Extensible Authentication Protocol (EAP). RFC 3748 (Proposed Standard), June 2004. Updated by RFC 5247.

[Aboudaggaet al., 2006] Nidal Aboudagga, Mohamed Eltoweissy, and Jean-Jacques Quisquater.

Fast Roaming Authentication in Wireless LANs. In 2nd International Computer Engineering Conference: Engineering the Information Society, Cairo, Egypt, 2006.

[Accredited Standards Committee X9, 2005] Accredited Standards Committee X9. American Na-tional Standard X9.62-2005: Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005.

[Adar and Huberman, 2000] Eytan Adar and Bernardo A. Huberman. Free riding on Gnutella.

First Monday, 5(10), October 2000.

[Adjihet al., 2003] C. Adjih, T. Clausen, A. Laouiti, P. Muhlethaler, and D. Raﬀo. Securing the olsr protocol. In Proceedings of the IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net 2003), pages 25–27, 2003.

[Akyildizet al., 2005] I.F. Akyildiz, X. Wang, and W. Wang. Wireless mesh networks: a survey.

Computer Networks, 47(4):445–487, 2005.

[Alimian and Aboba, 2004] Areg Alimian and Bernard Aboba. ”analysis of roaming techniques”.

IEEE Contribution 802.11-04/0377r1, March 2004.

[Aura and Roe, 2005] Tuomas Aura and Michael Roe. Reducing Reauthentication Delay in Wire-less Networks. In SECURECOMM ’05: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05), pages 139–148, Athens, Greece, 2005. IEEE Computer Society.

[Awerbuchet al., 2007] B. Awerbuch, R. Curtmola, D. Holmer, C. Nita-Rotaru, and H. Rubens.

ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks.

ACM Transactions on Information Systems Security, 2007.

[Blake-Wilson and Menezes, 1998] Simon Blake-Wilson and Alfred Menezes. Entity authentication and authenticated key transport protocols employing asymmetric techniques. In Proceedings of the 5th International Workshop on Security Protocols, pages 137–158, London, UK, 1998.

Springer-Verlag.

[Blaˇzevi´cet al., 2002] Ljubica Blaˇzevi´c, Silvia Giordano, and Jean-Yves Le Boudec. Self organized terminode routing. Cluster Computing, 5:205–218, April 2002.

[Boh´aket al., 2007] Andr´as Boh´ak, Levente Butty´an, and L´aszl´o D´ora. An User Authentication Scheme for Fast Handover Between WiFi Access Points. InIn Proceedings of the Third Annual International Wireless Internet Conference, Austin, Texas, USA, October 22-23 2007. ACM.

[B¨ojthe and Varga, 2011] Zolt´an B¨ojthe and Andras Varga. Omnet++ network simulation frame-work. http://www.omnetpp.org/, 2011.

[Boyd and Mathuria, 2003] Colin Boyd and Anish Mathuria. Protocols for authentication and key establishment. Berlin: Springer-Verlag, 2003.

[Bradleyet al., 1998] K. A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R. A. Olsson.

Detecting disruptive routers: A distributed network monitoring approach. InProceedings of the IEEE Symposium on Security and Privacy (Oakland), 1998.

[Bratkoet al., 2006] Andrej Bratko, Bogdan Filipiˇc, Gordon V. Cormack, Thomas R. Lynam, and Blaˇz Zupan. Spam ﬁltering using statistical data compression models. J. Mach. Learn. Res., 7:2673–2698, 2006.

[Briket al., 2005] Vladimir Brik, Arunesh Mishra, and Suman Banerjee. Eliminating handoﬀ latencies in 802.11 WLANs using multiple radios: applications, experience, and evaluation. In IMC’05: Proceedings of the Internet Measurement Conference 2005 on Internet Measurement Conference, pages 27–27, Berkeley, CA, USA, 2005. USENIX Association.

[Briket al., 2008] Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. Wireless device identiﬁcation with radiometric signatures. In Proc. of the ACM MobiCom, pages 116–

127, 2008.

[Buchegger and Boudec, 2002] S. Buchegger and J-Y. Le Boudec. Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes–Fairness In Dynamic Ad-hoc NeTworks). In Proc. of the 3rd ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc’02), pages 80–91, June 9–11 2002.

[Butty´an and Hubaux, 2003] L. Butty´an and J.-P. Hubaux. Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks. ACM/Kluwer Mobile Networks and Applications (MONET) Special Issue on Mobile Ad Hoc Networks, 8(5), October 2003.

[Butty´anet al., 2007a] Levente Butty´an, L´aszl´o D´ora, M´ark F´elegyh´azi, and Istv´an Vajda. Barter-based cooperation in delay-tolerant personal wireless networks. In Proceedings of the First IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications. IEEE Computer Society Press, June 2007.

[Butty´anet al., 2007b] Levente Butty´an, Tamas Holczer, and Istv´an Vajda. On the eﬀectiveness of changing pseudonyms to provide location privacy in vanets. InIn Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007).

Springer, 2007.

14, January 2010.

[Butty´anet al., 2010b] Levente Butty´an, L´aszl´o D´ora, Fabio Martinelli, and Marinella Petrocchi.

Fast Certiﬁcate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Net-works. Elsevier Computer Communications, 33(8):907–922, April 2010.

[Butty´an, 2009] Levente Butty´an, editor. Design and Prototype Implementation of Access control and Communication Security Mechanisms for QoS-aware Mesh Networks, chapter 3, pages 30–

44. EU-MESH Deliverable, 2009.

[Calhounet al., 2003] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J. Arkko. Diameter Base Protocol. RFC 3588 (Proposed Standard), September 2003. Updated by RFCs 5729, 5719.

[Calhounet al., 2009a] P. Calhoun, M. Montemurro, and D. Stanley. Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11. RFC 5416 (Proposed Standard), March 2009.

[Calhounet al., 2009b] P. Calhoun, M. Montemurro, and D. Stanley. Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Speciﬁcation. RFC 5415 (Proposed Standard), March 2009.

[Certicom Research, 2000] Certicom Research. Speciﬁcation of Standards for Eﬃcient Cryptogra-phy, SEC 1: Elliptic Curve CryptograCryptogra-phy, Version 1.0, September 20 2000.

[Chenet al., 2004] T. Chen, G. Sch¨afer, C. Fan, S. Adams, M. Sortais, and A. Wolisz. Denial of service protection for optimized and qos-aware handover based on localized cookies. InProc. of European Wireless 2004, Barcelona, Spain, February 2004.

[Chenet al., 2007] Jen-Jee Chen, Yu-Chee Tseng, and Hung-Wei Lee. A Seamless Handoﬀ Mech-anism for IEEE 802.11 WLANs Supporting IEEE 802.11i Security Enhancements. In IEEE Asia-Paciﬁc Wireless Communications Symposium, Hsinchu, Taiwan, 2007.

[Chenget al., 2004] Shih-Fen Cheng, Daniel M. Reeves, Yevgeniy Vorobeychik, and Michael P.

Wellman. Notes on Equilibria in Symmetric Games. In In Proceedings of Workshop on Game Theory and Decision Theory, 2004.

[ChilliSpot, 2007] ChilliSpot. Open Source Wireless LAN Access Point Controller. http://www.

chillispot.info/, 2007.

[Clancy and Arbaugh, 2006] T. Clancy and W. Arbaugh. Extensible Authentication Protocol (EAP) Password Authenticated Exchange. RFC 4746 (Informational), November 2006.

[Clancyet al., 2008] T. Clancy, M. Nakhjiri, V. Narayanan, and L. Dondeti. Handover Key Man-agement and Re-Authentication Problem Statement. RFC 5169 (Informational), March 2008.

[Clancy, 2008] T. Clancy. Secure handover in enterprise WLANs: capwap, hokey, and IEEE 802.11R [recent advances and evolution of WLAN and WMAN standards]. Wireless Com-munications, IEEE, 15(5):80–85, October 2008.

[Cohen, 2003] Bram Cohen. Incentives Build Robustness in BitTorrent, 2003.

[Cooperet al., 2008] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk.

Internet X.509 Public Key Infrastructure Certiﬁcate and Certiﬁcate Revocation List (CRL) Proﬁle. RFC 5280 (Proposed Standard), May 2008.

[Crowcroftet al., 2004] Jon Crowcroft, Richard Gibbens, Frank Kelly, and Sven ¨Ostring. Mod-elling incentives for collaboration in mobile ad hoc networks. Perform. Eval., 57(4):427–439, 2004.

[Diﬃe and Hellman, 1976] W. Diﬃe and M. Hellman. New directions in cryptography.Information Theory, IEEE Transactions on, 22(6):644–654, 1976.

[D¨otzer, 2005] Florian D¨otzer. Privacy Issues in Vehicular Ad Hoc Networks. InProc. of the PET, pages 197–209, 2005.

[Du and Zhan, 2003] W. Du and Z. Zhan. Using randomized response techniques for privacy-preserving data mining. In Proc. of the 9th ACM SIGKDD, pages 505–510, 2003.

[Farrellet al., 2009] S. Farrell, S.F. Symington, H. Weiss, and P. Lovell. Delay-Tolerant Network-ing Security Overview. draft-irtf-dtnrg-secoverview-06, March 2009.

[F´elegyh´azi and Hubaux, 2006] M. F´elegyh´azi and J.-P. Hubaux. Game Theory in Wireless Net-works: A Tutorial. Technical Report LCA-REPORT-2006-002, EPFL, Feb. 2006.

[F´elegyh´aziet al., 2006] M. F´elegyh´azi, J.-P. Hubaux, and L. Butty´an. Nash Equilibria of Packet Forwarding Strategies in Wireless Ad Hoc Networks. IEEE Transactions on Mobile Computing, 5(5), May. 2006.

[FIPS PUBS, 1994] FIPS PUBS. Digital Signature Standard (DSS).http://www.itl.nist.gov/

fipspubs/fip186.htm, 1994.

[Forsberget al., 2008] D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, and A. Yegin. Protocol for Carrying Authentication for Network Access (PANA). RFC 5191 (Proposed Standard), May 2008. Updated by RFC 5872.

[FP7 ECRYPT II, 2007] FP7 ECRYPT II. European Network of Excellence in Cryptology II (ICT-2007-216646). http://www.ecrypt.eu.org/, 2007.

[Franklinet al., 2006] Jason Franklin, Damon McCoy, Parisa Tabriz, Vicentiu Neagoe, Jamie Van Randwyk, and Douglas Sicker. Passive data link layer 802.11 wireless device driver ﬁn-gerprinting. In Proc. of the USENIX ’06, pages 167–178, 2006.

[Fudenberg and Tirole, 1991] D. Fudenberg and J. Tirole. Game Theory. MIT Press, 1991.

[Funk and Blake-Wilson, 2008] P. Funk and S. Blake-Wilson. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). RFC 5281 (Informational), August 2008.

[Gerlach, 2006] M. Gerlach. Assessing and Improving Privacy in VANETs. In Proc of the 4th ESCAR, November 2006.

[Gibbons, 1992] R. Gibbons. A Primer in Game Theory. Prentice Hall, 1992.

[Gonzalezet al., 2008] O. F. Gonzalez, G. Ansa, M. Howarth, and G. Pavlou. Detection and accusation of packet forwarding misbehavior in mobile ad-hoc networks. Journal of Internet Engineering, 2(1), June 2008.

[Goodmanet al., 2007] Joshua Goodman, Gordon V. Cormack, and David Heckerman. Spam and the ongoing battle for the inbox. Commun. ACM, 50(2):24–33, 2007.

[Hafslundet al., 2004] A. Hafslund, A. Tonnesen, R. B. Rotvik, J. Andersson, and O. Kure. Secure extension to the OLSR protocol. In 2004 OLSR Interop and Workshop, 2004.

[Hartigan, 1975] J.A. Hartigan. Clustering algorithms. John Wiley & Sons, Inc. New York, NY, USA, 1975.

[Heinemann, 2007] Andreas Heinemann. Collaboration in Opportunistic Network. PhD thesis, Fachbereich Informatik der Technischen Universit¨at Darmstadt, 2007.

[Herzberg and Kutten, 2000] A. Herzberg and S. Kutten. Early detection of message forwarding faults. SIAM Journal on Computing, 30(4):1169–1196, 2000.

[Hoeperet al., 2010] K. Hoeper, M. Nakhjiri, and Y. Ohba. Distribution of EAP-Based Keys for Handover and Re-Authentication. RFC 5749 (Proposed Standard), March 2010.

[Huanget al., 2005] Z. Huang, W. Du, and B. Chen. Deriving private information from randomized data. InProc. of the 2005 ACM SIGMOD, pages 37–48. ACM, 2005.

[Hubauxet al., 2004] Jean-Pierre Hubaux, Srdjan ˇCapkun, and Jun Luo. The security and privacy of smart vehicles. IEEE Security and Privacy, 2(3):49–55, 2004.

[Hugheset al., 2000] J. R. Hughes, T. Aura, and M. Bishop. Using conservation of ﬂow as a security mechanism in network protocols. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2000.

[IEEE 802.11r-2008, 2008] IEEE 802.11r-2008. IEEE Standard for Information Technology – Telecommunications and information exchange between systems - Local and metropolitan area networks - Speciﬁc requirements. Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) speciﬁcations. Amendment 2: Fast BSS Transition, July 2008.

[IEEE 802.11s/D6.0, 2010] IEEE 802.11s/D6.0. IEEE Standard for Information Technology – Telecommunications and information exchange between systems - Local and metropolitan area networks - Speciﬁc requirements. Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) speciﬁcations. Draft amendment to standard IEEE 802.11: ESS Mesh Networking, July 2010. (work in progress).

[IEEE Std 802.11f, 2003] IEEE Std 802.11f. IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation, July 2003. (withdrawal in 2006).

[IEEE Std 802.11i, 2004] IEEE Std 802.11i. Medium Access Control (MAC) security enhance-ments, amendment 6 to IEEE Standard for local and metropolitan area networks part 11: Wire-less Medium Access Control (MAC) and Physical Layer (PHY) speciﬁcations., July 2004.

[IEEE Std 802.11-2007, 2007] IEEE Std 802.11-2007. Revision of IEEE Std 802.11-1999: Wire-less LAN Medium Access Control (MAC) and Physical Layer (PHY) Speciﬁcations, June 2007.

[IEEE Std 802.11(R2003), 2003] IEEE Std 802.11(R2003). Wireless LAN Medium Access Con-trol (MAC) and Physical Layer (PHY) Speciﬁcations, June 2003.

[IEEE Std 802.1X-2001, 2001] IEEE Std 802.1X-2001. IEEE Standard for Local and Metropolitan Area Networks - Port-Based Network Access Control, June 2001.

[Juanget al., 2002] P. Juang, H. Oki, Y. Wang, M. Martonosi, L. S. Peh, and D. Rubenstein.

Energy-eﬃcient computing for wildlife tracking: Design tradeoﬀs and early experiences with zebranet. In ASPLOS-X: Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 96–107, New York, NY, USA, 2002. ACM Press.

[Karlssonet al., 2006] Gunnar Karlsson, Vincent Lenders, and Martin May. Delay-tolerant broad-casting. InCHANTS ’06: Proceedings of the 2006 SIGCOMM workshop on Challenged networks, pages 197–204, New York, NY, USA, 2006. ACM Press.

[Kassabet al., 2005] Mohamed Kassab, Abdelfettah Belghith, Jean-Marie Bonnin, and Sahbi Sassi. Fast pre-authentication based on proactive key distribution for 802.11 infrastructure networks. In WMuNeP ’05: Proceedings of the 1st ACM workshop on Wireless multimedia networking and performance modeling, pages 46–53, New York, NY, USA, 2005. ACM.

In document in multi-hop wireless networks for mobile users (Pldal 126-147)