Providing security support for large ad hoc wireless networks is challenging due to their unique characteristics, such as mobility, channel errors, dynamic node joins and leaves, and occasional node break-ins. In this report, we exploit these characteristics and present our design that sup-ports ubiquitous security for mobile nodes, scales to network size, and is robust against adversary break-ins. In our design, we distribute the functionality of conventional security servers, specifi-cally the authentication services, so that each individual node can potentially provide other nodes certification services. Centralized management is minimized and the nodes in the network col-laboratively self-secure themselves. We propose a suit of fully distributed and localized protocols that facilitate practical deployment. Our protocols also feature communication efficiency to con-serve the wireless channel bandwidth, and independency from both the underlying transport layer protocols and the network layer routing protocols.

We propose an authentication and key agreement protocol for wireless communication based on elliptic curve cryptographic techniques. The proposed protocol requires signi cantly less bandwidth than the Aziz-Di e and Beller-Chang-Yacobi protocols, and furthermore, it has lower computational burden and storage requirements on the user side. The use of elliptic curve cryptographic techniques provide greater security using fewer bits, resulting in a protocol which requires low computational overhead, and thus, making it suitable for wireless and mobile communication systems, including smartcards and handheld devices. 1

Abstract—Multihop wireless mesh networks (WMNs) are finding ever-growing acceptance as a viable and effective solution to ubiquitous broadband Internet access. This paper addresses the security of WMNs, which is a key impediment to wide-scale deployment of WMNs, but thus far receives little attention. We first thoroughly identify the unique security requirements of WMNs for the first time in the literature. We then propose ARSA, an attack-resilient security architecture for WMNs. In contrast to a conventional cellular-like solution, ARSA eliminates the need for establishing bilateral roaming agreements and having real-time interactions between potentially numerous WMN operators. With ARSA in place, each user is no longer bound to any specific network operator, as he or she ought to do in current cellular networks. Instead, he or she acquires a universal pass from a third-party broker whereby to realize seamless roaming across WMN domains administrated by different operators. ARSA supports efficient mutual authentication and key agreement both between a user and a serving WMN domain and between users served by the same WMN domain. In addition, ARSA is designed to be resilient to a wide range of attacks. We also discuss other important issues such as incontestable billing. Index Terms—Authentication, denial-of-service (DoS), key agreement, roaming, security, wireless mesh networks (WMNs).

We propose authentication and key agreement protocol that preserves the anonymity of a mobile user in wireless mobile environments. while a mobile user and his visited network mutually authenticate each other, the anonymity of the user should be preserved. In order to provide user anonymity, we present the computation method of the temporary identity (TID) during the authentication process. TID is initially computed by user at the beginning and renewed by both user and network during the execution of the protocol.

In the current mobile communication networks, users have to trust network operators to make correct charges over the calls they made. There is lack of evidence to resolve possible disputes over the number of calls and the duration of each call. Such a concern may grow when users roam among different network operators. This paper proposes an efficient solution to undeniable billing when a mobile user roams into foreign networks. This is achieved by the combination of digital signature and hash-chaining techniques. Mobile users need to submit a digital signature when requesting a call and release chained hash values during the session so that the call and its duration are undeniable. Our mechanism is light-weighted regarding the storage requirement and computation overheads on a mobile user, and is applicable for mobile phone users equipped with a smart card. Keywords: undeniable billing, mobile communication security, non-repudiation, cryptographic protocol 1 Introduction Mobile comm...

Abstract — Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved. Index Terms — Authentication, key exchange, roaming service, anonymity, secret-splitting, self-certified. Fixed Internet nodes A’s home network, home agent (H) Internet B’s home network, home agent (H) Mobile terminal (M), B Foreign network2 (V)

Our intention is to extend the EIB to a complete security concept which is currently missing in most solutions being developed for communication on the EIB network. This article describes solutions to build a secured way using gateways to a TCP/IP based network without withdrawing the advantage of a secured transmission inside the EIB installation. The concept includes a secured data path starting at a single EIB device as a part of an EIB installation to a device for remote control and supervision. In EIB installations it is quit easy for a potential invader to listen to telegrams and to send them himself to open for example a door. An even higher security leakage is in radio frequency and powerline transmissions. To avoid these problems, cryptographic secure data have to be used for communication. Several algorithms are established used by cash transactions for example. Symmetric methods like DES (Data Encryption Standard) or asymmetric RSA (Rivest-Schamir Algorithm) with encryption key length of 128 Bit should be used. To keep the decentralized structure of the EIB fieldbus system and to minimize the bus traffic not every method is suitable. Research has been done to avoid the above mentioned problems, to establish security devices for the EIB as well as for sensors and actuators. A first approach by using AES (Advanced Encryption Standard) has been realized at our institute.

The purpose of this paper is to inform the reader of the importance of authentication of computer communications and some of the standards that are currently used in authenticating that the entity on the network is the entity that it claims to be. We often hear of security problems such as the internet worm of years back, where a weakness in a computer systems security let a program take over many systems. One way to prevent these invasions, is to ensure that the entity is authentic as well as the data and that the entity really has the access it demands. This paper will give a better understanding of what pitfalls exist in data communications and how to guarantee that the information you rely on is legitimate. 3 Table of Contents ABSTRACT 2 1 SECURITY RISKS IN DISTRIBUTED COMPUTING. 5 1.1 High Tech Communications Means High Tech Criminals. 5 1.2 Threats to Distributed Computing. 5 1.3 What is Authentication? 5 2 DISTRIBUTED COMPUTING AUTHENTICATION METHODS. 6 2.1 Password Authen...

We propose an authentication and key agreement protocol while preserving the anonymity of a mobile user in wireless mobile environments. When a mobile user and his visited network mutually authenticate each other, the anonymity of the user should be preserved. In order to provide user anonymity, we introduce new method of computing the temporary identity (TID) during the authentication process. TID is initially computed by a user at the beginning and updated by both user and network side during the execution of the protocol. In addition to guaranteeing user anonymity, we also consider the secure key agreement at the same time.

Abstract: Authentication in mobile environments has to be performed frequently. Full authentication is time consuming, and repeated execution adversely effects network performance. A solution to accelerate the process is the use of an initial full authentication followed by less expensive reauthentications. This paper proposes two authentication protocols with fast re-authentication: one for users who re-connect to the same network access point after temporary disconnections and another protocol that accelerates handoff for users changing access points. 1.