Preventing Unauthorized Messages and Achieving End-to-End Security

Preventing Unauthorized Messages andAchieving End-to-End Security in Delay

Tolerant Heterogeneous Wireless NetworksHany Samuel and Weihua Zhuang

Department of Electrical and Computer Engineering, University of Waterloo, Ontario, CanadaEmail: {hsamuel, wzhuang}@bbcr.uwaterloo.ca

Abstract—Maintaining user connectivity over heteroge-neous wireless networks will be a necessity with the widespread of wireless networks and limited geographic cover-age and capacity of each network. In [1], we propose asuper node system architecture based on the concept ofdelay tolerant network (DTN) to overcome roaming userintermittent connections over interconnected heterogeneouswireless networks. Mobile ad hoc networks play a key role inthe super node system as it can provide a coverage for areasthat lack a network infrastructure to bridge gaps betweenwireless networks within the system. Long delays combinedwith the lack of continuous communications with a networkserver introduces new challenges in information security formobile nodes in a DTN environment. One of the major openchallenges is to prevent unauthorized traffic from enteringthe network. This paper addresses this problem withinthe super node system. Two schemes are proposed: one isbased on asymmetric key cryptography by authenticatingthe message sender, and the other is based on the idea ofseparating message authorization checking at intermediatenodes from message sender authentication. Consequently,the second scheme uses symmetric key cryptography inorder to reduce the computation overhead imposed onintermediate mobile nodes, where one-way key chains areused. A simulation study is conducted to demonstrate theeffectiveness of each scheme and compare the performancewith and without using an authorization scheme. Moreover,the problem of secure end-to-end message exchanges isintroduced by mapping the problem from a challengednetwork domain (i.e., among roaming nodes) to a reliablenetwork domain (i.e., among super nodes over the Internetbackbone). The proposed symmetric key based scheme isextended to achieve end-to-end security.

Index Terms—End-to-end information security, preven-tion of unauthorized traffic, delay tolerant network (DTN),heterogeneous wireless networks, connectivity, intermittentlinks.

I. INTRODUCTION

For ubiquitous networking, efficient internetworkingamong various types of wireless networks is essential.However, gaps in wireless network coverage and intermit-tent connections from/to a mobile node pose challengesin providing seamless service to roaming users. Our

This paper is presented in part in a paper presented at IEEE Globecom2009.

This work was supported by a Strategic Project Grant from the NaturalScience and Engineering Research Council (NSERC) of Canada.

Manuscript received May 1, 2009; revised September 16, 2009;accepted September 30, 2009.

previous work [2] presents a super node based systemthat adopts the delay tolerant network (DTN) architectureto overcome these limitations.

The DTN architecture [3] is proposed to handle com-munications over challenged networks, which are char-acterized by long delays and frequent disconnections. Itis based on an Internet-independent middleware, whichhandles sending and receiving of bundles (self containedmessages) across the network using the underlying pro-tocol stack. With a long end-to-end delay expected overa challenged network, DTNs cannot accommodate anyreal-time applications, but mainly support time insensitiveapplications. Message delivery in a DTN is done by firststoring a message (i.e. bundle) and then forwarding iteither to its destination or to an intermediate node thathas a high probability to deliver it to the destination. Forexample, in the epidemic routing technique [4], each nodeforwards a received message to all its neighbor nodes.The message delivery mainly depends on node mobility,taking advantage that one of the message carriers maymeet with the message’s destination node.

Among challenges in a DTN due to long delays andfrequent disconnections, one major open issue is howto limit unwanted (i.e., unauthorized) traffic within anetwork. The problem of preventing unauthorized trafficin regular networks is handled analogues to the problemof authentication, authorization and accounting (AAA).Authenticating user and assigning access privileges intraditional networks are performed by a special networknode such as an access point in a wireless local areanetwork (WLAN), a base station in a cellular network,or a network server in general. In a DTN, long delaysand frequent disconnections make a continuous contactwith such a network node impossible. As a result, a newscheme is required to cope with the new constraints.

In a DTN, an end-to-end route between the messagesource and the destination consists of a sequence of in-termediate nodes in addition to the end nodes. These inter-mediate nodes can play a special role in the network suchas message mules [5], [6] or they can be regular nodes [7].The process of message delivery requires message storingand forwarding by intermediate nodes, which consumesnetwork resources in terms of node buffer space and radiospectrum bandwidth. As a result, identifying and limitingunauthorized messages will reduce the overhead imposed

152 JOURNAL OF COMMUNICATIONS, VOL. 5, NO. 2, FEBRUARY 2010

© 2010 ACADEMY PUBLISHERdoi:10.4304/jcm.5.2.152-163

on the network. However, this requires the intermediatenodes to be able to authenticate the messages and verifymessage original sender’s eligibility to use the networkbefore accepting the message. There is no general solutionproposed for this problem within the DTN architecture[8]. Most of existing solutions are highly specialized to aspecific network scenario. For example, the work in [9]assumes that each node knows all eligible nodes’ publickeys. When a message is received, the signature is verifiedagainst all known eligible public keys. This technique isdifficult to scale for a large heterogeneous network dueto an expected huge number of nodes. Related techniqueshave been introduced for a vehicular network, such as theHAB (huge anonymous keys based) protocol [10]. TheHAB protocol is to secure vehicular networks where eachnode possesses a huge set of keys to sign messages. Thereare many techniques that use the same idea of asymmetrickey cryptography with a pre-distributed set of keys ateach node (e.g., [11] and [12]), and the GSIS protocol[13] which does not require each node to store a hugenumber of keys. A problem with all these techniques isthe extensive use of asymmetric key cryptography, whichconsumes a significant amount of resources in terms oftime and computing power. This problem is addressed forvehicular networks in [14], where the proposed solutionuses symmetric key cryptography, when a connection isavailable with a road side unit (RSU), to reduce theoverhead.

Another major open issue in a DTN is how to secureend-to-end message exchanges. Unlike regular networks,it is difficult in a DTN environment to control messageroute. A malicious intermediate node that gets a copyof a message can disclose and/or change the messagecontents. As a result, end-to-end message security (i.e.,message confidentiality and authenticity) is a necessity ina DTN. Secure end-to-end messages exchanges requiremutual authentication between the communicating parties,i.e., the sender and receiver(s). In a large size networkscenario, mutual authentication requires the communica-tion with a trusted third party (e.g., certificate authority).Traditional techniques for end-to-end security cannot beapplied directly to a DTN environment due to the po-tential unavailability of a physical end-to-end path eitherbetween the message’s sender and the receiver or betweeneach of them and a trusted third party. Without availablecommunications with a trusted third party, communicatingparties are not able to perform mutual authentication ina timely manner to allow the communication. There aresome adaptations of regular techniques to handle thisproblem within a DTN, such as the work in [15] whichproposes to use Identity Based Cryptography (IBC) andto adapt the regular public key cryptography to achievesecure end-to-end message exchanges. The main idea isto minimize the required communication with a trustedthird party to overcome the unavailiabity of a continuousconnection with the trusted third party. However, mostof the proposed techniques are based of public keycryptography. In this paper, we propose a technique for

achieving end-to-end secure message exchanges withinthe super node architecture, which employs symmetrickey cryptography to reduce the computation overheadassociated with public key cryptography. The main ideais to map the problem of mutual authentication from theunreliable network domain ( i.e., between communicatingnodes) to a reliable network domain (i.e., between supernodes).

This paper mainly investigates how to limit unautho-rized traffic within a mobile ad hoc network (MANET)as a major component of the super node system. Theproposed schemes are mainly adjusted to fit delay tolerantnetwork based MANETs that serves as access networkswithin the super node architecture. However, the conceptcan be adapted to fit within different DTN scenarios. Weadopt traditional public key infrastructure (PKI) basedcertificates to solve the problem under consideration.We also propose a new technique based on an idea ofseparating the message authorization and message senderauthentication at intermediate nodes. The new techniqueuses symmetric key cryptography to reduce the over-head from that when using asymmetric key cryptography.Although the proposed technique is introduced withinthe super node system, it can be generalized to otherDTN scenarios. We discuss how to achieve end-to-endmessage exchanges by extending the proposed approach.Our contributions can be summarized as five folds: i)Adopting traditional PKI based certificates for limitingunauthorized traffic within the super node system; ii)proposing the new idea of separating the problems ofmessage sender authentication and message authorizationat an intermediate node; iii) introducing a new techniquebased on symmetric key cryptography, employing theconcept of one-way hash function, and introducing theconcept of key group to reduce the overhead induced byasymmetric key cryptography techniques; iv) evaluatingthe performance of the proposed techniques over differentrouting techniques; and v) introducing the idea of movingthe problem of mutual authentication to super nodes inorder to reduce overhead imposed on the communicatingmobile nodes.

The rest of this paper is organized as follows. SectionII gives a brief overview of the super node system and adetailed description of the system model considered inthis work. Section III presents the proposed solutions,section IV discusses how to achieve end-to-end security,and section V provides performance evaluation of the pro-posed solutions. Finally, section VI presents conclusionsof this work.

II. THE SYSTEM MODEL

We consider a global information transport platform,which consists of a number of heterogeneous wirelessaccess networks (e.g., cellular networks, mobile ad-hocnetworks, WLANs, etc.) that are interconnected over anInternet backbone [16], as illustrated in Figure 1. Eachnetwork is connected to the Internet through a DTNgateway [3]. Each mobile node is able to connect to the

JOURNAL OF COMMUNICATIONS, VOL. 5, NO. 2, FEBRUARY 2010 153

© 2010 ACADEMY PUBLISHER

platform through a subset of the wireless access networks.A node may be connected for a period through oneaccess network, disappear for an extended period, andthen reappear from the same access network or from adifferent access network. Here, we focus on data com-munications for delay insensitive applications. To handlecommunication for this system, the super node architec-ture [2] is introduced. The super node architecture em-ploys the concept of store and forward message exchangemechanism in DTN to provide reliable communicationfacilities for roaming users with intermittent connections.A roaming user can frequently encounter extended periodsof disconnections and/or an intermittent connection withits current network, which causes the unavailability of anend-to-end stable communication path to the user. As aresult, message exchange over the super node system isusually done through DTN bundles to achieve successfulcommunication.

In the super node system, each super node is respon-sible for a set of users. Each user (mobile node) hasa unique and fixed home super node, independent ofits location changes. Communications among the supernodes and the gateways are assumed to be reliable andsecure over the Internet. Each mobile node should contactits super node to update its location upon connecting toan access network. To send a message, the source nodefirst locates the super node of the destination node basedon user ID hashing. With the latest location update of thedestination node provided by its super node, the sourcenode then tries to establish an end-to-end connection withthe destination. If the connection setup fails or the con-nection drops at any time, all the messages are sent to andstored at the destination super node for forwarding to thedestination node upon its reconnection. To better illustratethe approach, consider a simple scenario as shown inFigure 1. Node A wants to send a message to node B.By hashing the ID of node B, it locates the super nodeSB of node B. Node A sends to SB a query about nodeB’s location. Super node SB sends to node A a messagethat contains the latest known location of node B. Then,node A tries to establish a direct connection to node B,which may be possible in some cases (e.g., if node B isconnected through a WLAN or a cellular network) or maybe infeasible (e.g., if node B is connected through a sparsead hoc network with intermittent links). Suppose that nodeB is connected through a wireless ad hoc network. NodeA first tries to establish a connection with node B directly,but fails; then node A sends the messages to super nodeSB . Regardless of node B current access network, it isSB’s responsibility to deliver the messages to node B overthe access network. Message exchanges between eithernodes A and SB or nodes SB and B is not guaranteedto be delivered successfully, yet it depends on the currentnetwork condition and the employed routing technique.

The main function of DTN gateways is to provide thestore and forward functionality over the existing networkprotocol stacks. For example, a DTN gateway is placedto interface between MANET and the Internet backbone.

Fig. 1. The system architecture with super nodes.

Any message (i.e., bundle) sent over the MANET usingits DTN routing protocol to a destination located in adifferent network should be forwarded and stored at thegateway. The gateway converts the received message to asuitable format for delivering it to the destination gatewayusing the underlying Internet protocols. When the mes-sage is received by the gateway in the destination network,it is converted by the gateway to a suitable format fordelivering over that network (e.g., cellular network) toits destination. The gateway connection to the Internetbackbone is assumed to be reliable and continuous. Eachnetwork should have its gateway that handles the messageexchanges between the Internet and its network users. Asa result, the number of gateways required will equal thenumber of end access networks. On the other hand, asuper node is to function as a delegate for a set of usersregardless of these users current access networks. Thenumber of the super nodes will be a function of the totalnumber of users, depending on many factors such as loadbalancing. The super node functions can be carried out bya server in the Internet that has the required capabilitieswith sufficient buffer space and processing power. As aresult, a gateway can act as a super node too if it hasthe required capabilities. The super node architecture canbe regarded as an adaptation of the super node concept inpeer-to-peer networks (where a super node plays a specialnetwork role for regular peers [17]) to the DTN domain.More details about the super node system are given in[2].

There exist related schemes to handle communicationswith roaming users, such as in the terminodes project [18],yet they do not handle the potential intermittent connec-tions to the users. The terminodes project is proposed toconstruct a huge self-organized network of mobile nodes.It is assumed that, with a large number of nodes, the nodedensity is high. As a result, an end-to-end path is likelyto exist between two communicating nodes. However,the super node architecture is concerned with the in-terconnection of heterogeneous wireless access networksto provide a continuous connection for a roaming userover the networks (e.g., cellular networks, MANETs, andWLANs). For MANETs within the super node system,it is assumed that the networks can be sparse so that



an end-to-end path between nodes within the networkis unlikely. Communications in terminodes are based onassigning each node with a virtual home region (VHR).Each node should determine its geographical locationand send this information back to all the nodes withinits VHR. Any node wishing to communicate with thisnode should determine its location by contacting any nodewithin its VHR and then forward its messages to thislocation. However, applying the technique to solve theproblem under study in our research raises many issues:First, without availability of the destination node, thecommunication will not take place and/or the messageswill be lost; Second, with the potential unreliability of theparticipating nodes, the node location information is notguaranteed to be stored reliably within the VHR; Third,due to the potential unreliable communication betweennodes within the VHR, the location information storedwithin the nodes in VHR may be inconsistent; Finally,the VHR may happen to be empty of nodes at any time,which prevents the communication with all the associatednodes to be located. On the other hand, the super nodearchitecture solves these issues by replacing the VHR witha reliable super node residing in the Internet, which actsas a communication delegate for the node, so that evenwith unavailability of the node itself the message deliverycan still take place.

Preventing unauthorized traffic over the super nodesystem implies preventing it over the access networks.However, within the super node system, some accessnetworks already have a security infrastructure to preventunauthorized nodes from using the networks such ascellular networks and secure WLANs. As a result, herewe focus on wireless networks that do not have an in-frastructure such as MANETs. The MANET model underconsideration is shown in Figure 2, where the coverageof a MANET is limited to a geographical area. In thearea resides a DTN gateway which connects the accessnetwork to the system. Within the MANET, there are anumber of mobile nodes that can freely roam over thenetwork coverage area. These nodes may have differentcommunication capabilities in terms of wireless trans-mission range, memory size, and available transmissionpower. The nodes are free to enter (such as node E) orleave (such as node F ) the area and consequently joinor leave the network. A node can be unreliable as itcan switch off at any time with or without a warningmessage. Two nodes are connected when they are ableto communicate with each other, i.e., when they arewithin each other’s transmission range. For simplicity, weassume that all nodes have the same transmission rangeand that, if node A can receive messages from node B,node B can receive messages from node A as well. We areinterested in a situation where mobile nodes are sparselydistributed and the network is very likely to be partitioned,such that an end-to-end path rarely exists between a pairof communicating nodes.

The DTN gateway has a fixed location within the geo-graphical area, with communication functions and capa-

Fig. 2. An illustration of the MANET under consideration.

bilities similar to those of an ordinary mobile node. Thatis, the gateway is assumed to have a limited transmissionrange, and can communicate directly only with the nodeswithin its transmission range. The gateway transmissionrange covers only a small portion of the MANET geo-graphical area. On the other hand, the gateway has higherprocessing power and larger storage (buffer) space thanother roaming nodes. In terms of node mobility patterns,there is no restriction on node movements (except areasonable upper bound on the velocity). An assumptionis that some nodes usually roam toward the gateway, sothat the gateway can communicate with the roaming nodesfrom time to time. This assumption can be satisfied bycarefully choosing the gateway location, depending on thegeographical features of the service coverage area.

The role of granting network access to a mobile nodeshould be assigned to a specific entity. This entity isdetermined based on the network under consideration.In our system model, the gateway grants network ac-cess to nodes currently connected through the networkunder its jurisdiction. The gateway is assumed to haveno-knowledge about node private information such aspasswords, current status, etc. In order to decide whetheror not to grant access to a node, the gateway contacts thesuper node responsible for the node. The communicationbetween the gateway and the super node is assumed tobe reliable and secure over the Internet backbone. Eachsuper node and the gateway have a public-private key pair.Each node should know the public key of its super node.Each node has a public-private key pair and the publickey is stored at its super node.

III. THE PROPOSED SECURITY SCHEMES

Within the MANET access network, any roaming nodecan send a message over the network. Regardless of thesender, the intermediate nodes will carry and forwardthis message to either its destination (if it is within thenetwork) or the gateway (if the destination is in anothernetwork). The main goal of this work is to prevent themessages of unauthorized users to be carried over thenetwork. However, unauthorized nodes can roam overthe network and participate (if they want) in messageforwarding of other authorized nodes, yet they cannot



TABLE INOTATIONS

Notation DescriptionIDA the public identifier of entity A

| message concatenation operationSA the super node of node A

PKA the public key of node A

SKA the private key of node A

EncK(·) symmetric key encryption function with key K

DecK(·) symmetric key decryption function with key K

Ki symmetric key with index i

EX(·) asymmetric key encryption function with key X

DX(·) asymmetric key decryption function with key X

H(·) one-way hash function such as SHA-1Hi(·) applying hash function H for i timesHMACK(·) a keyed-hash message authentication code, which

is generated with symmetric key K

KGn a key group of length n

send their own messages. This assumption is based on thework introduced in [19] which argues that unauthorizednodes can help in delivering messages in the networkas the unpredictable nature of a DTN reduces the ef-fectiveness of tampering with message attacks to that ofsimple network failures. As a result, our goal is not toprevent unauthorized nodes from participating in messageforwarding as data mules but to prevent them from beingable to send their own messages over the network. Oneapproach to solve the problem is to let intermediate nodescarry and forward a message regardless whether or notthe sender is allowed to use the network resources (i.e.,to send the message over the network). As the messagereaches the gateway, the gateway can check the messagesender and discard the message. This solution does notprevent unauthorized traffic, because message discardingoccurs at the gateway after an unauthorized message hasalready been carried over the network and sometimes itmay be delivered without going through the gateway.However, this approach moves the message checkingprocess to the gateway, which reduces message checkingoverhead imposed on the intermediate nodes. On theother hand, with an increase of unauthorized messages,the network performance degrades (as to be discussed inSection V).

The two approaches proposed in the following de-pend mainly on attaching a message authentication code(MAC) block to each message. Using this block, anyintermediate node can decide to carry the message orto discard it without the need to contact a third party.The difference between the two approaches is how tocalculate the MAC block. The first approach is based onasymmetric key cryptography which is inefficient for thesystem model under consideration. As a result, the secondapproach is based on redefining the problem to separatethe message authorization from the message sender au-thentication. The second approach uses symmetric keycryptography to reduce the overhead in the first approach.Table I summarizes the notations for easy reference.

A. PKI Certificate Based Scheme

The gateway is the node that can decide which useris eligible to use the network resources, i.e., it acts as a

trusted third party. However, a continuous contact with thegateway from a mobile node is likely not possible withinthe system under consideration to allow the intermediatenodes to verify message sender eligibility to use theresources. One possible solution is to let the gateway actas a certificate authority which issues a PKI certificate foreach authorized user.

When a node, A, first connects to the network, it shouldcontact its super node, SA. This connection message musttravel through the gateway to reach the super node:

ConnectMsg←IDA | IDnet | TimeStamp | SIGA,

SIGA←ESKA(H(IDA | IDnet | TimeStamp)).

Based on the connection message, the super node canauthenticate the user identity and inform the gatewaywhether or not this user should be granted access over thenetwork and the period of granted access. As the supernode knows the node public key, it constructs a permissionmessage and sends it back to the gateway:

PermMsg←IDA | IDnet | Duration | TimeStamp

| PKgateway | PKA | SIGSA,

SIGSA←ESKSA

(H(IDA | IDnet | Duration

| TimeStamp | PKgateway | PKA)).

As the node does not know the public key of thegateway, the super node includes the gateway public keyin the permission message to authenticate the gateway.The gateway uses this message and issue a temporarycertificate to grant the node access to the network:

CertA←IDA | IDnet | ExpT ime | PKgateway

| PKA | SIGgateway,

SIGgateway←ESKgateway(H(IDA | IDnet | ExpT ime

| PKgateway | PKA)).

The node checks the authenticity of the certificate bychecking the permission message. To send a message overthe network, the node signs the message with its privatekey and sends the signed message with the certificate.Intermediate nodes can check the message authenticityby checking the certificate. This implies that each in-termediate node performs two asymmetric operations percarried message, one to check the message signature andthe other to check the certificate itself. Based on therouting technique used, the intermediate node forwardsthe message with its certificate attached.

Limiting the certificate live time overcomes the prob-lem of certificate revocation in order to revoke nodeaccess. Upon certificate expiration, the node can recontactthe gateway to request more network access time. Theproblem with this approach is the overhead imposedby the required number of asymmetric operations. Amessage sender should sign the message in order toforward it. Each intermediate node receiving the messageshould verify the signature and the sender’s certificate,which requires two asymmetric decryption operations permessage. With a large number of messages, this can



represent a overwhelming overhead, considering powerlimited portable devices.

B. Symmetric Key Based Scheme

This main proposed technique uses symmetric keycryptography to reduce the number of required asym-metric operations and hence the imposed overhead. Thetechnique uses the concept of one-way key chain [20].One-way key chain is a sequence of keys generatedby consecutive applications of a one-way hash function.Figure 3 shows the generation of a one-way key chain

Fig. 3. One-way key chain of length L.

with a seed key K0, which is randomly chosen. Thechain is generated by consecutive applications of one-wayhash function H(·) to the seed value (i.e, key). Any keyKx can be used to reveal any subsequent key Ky , wherey > x. By the one-way hash function definition, a key Ky

cannot be used to obtain a key Kx where x < y, becausethis implies to reverse the one-way hash function. As aresult, the direction of key usage, in the chain, is in thereverse direction of the key generation. For example, for akey chain of length L with initial key K0, the generationrequires applying the hash function H for L − 1 times;but the first key to use is KL−1, the second key is KL−2,and so on. To generate a key Ki, the hash function shouldbe repeatedly applied for i times on the seed key:

Hi(K0)=Ki, 0 < i < L.

The introduced idea is based on the fact that theasymmetric key cryptography based technique not onlyproves the message legitimately, but also authenticatesthe sender identity which is not required in the problemunder consideration. The authentication of the senderidentity should be a problem of the message destination(not intermediate nodes), which is part of the process ofestablishing end-to-end security. Intermediate nodes needonly to ensure that any received message is authorized tobe carried over the network, but not to prove the identityof its sender. With a symmetric key to compute a messagesignature using a key hashing algorithm, only authorizednodes should know the key that will be regularly updatedby the network gateway. The network access time as-signed to a node varies depending on the node, similarto the certificate live time. The gateway can generate aset of keys, and each key is to be used within a timeframe in the network. Nodes check each received messageagainst the key used when the message were issued basedon the message time stamp. Due to potential long delaysin message delivery, existing messages may belong to

different time frames and consequently different keys.This requires that a new node should receive not onlythe keys that cover its network access period but also oldkeys to participate in message forwarding. This is solvedby employing the concept of one-way key chain.

The network gateway generates a key chain to be usedover a long time period. The gateway splits the timeperiod into equal durations (frames), and each key in thechain is used for a specified duration. Based on how longa node is permitted to access the network, a subset ofthe chain (key group) is shared with the node. To send amessage, the sender node generates a MAC block using akey based on the message time stamp. Intermediate nodescheck the MAC block against the shared key chain tocheck if the message is legitimate to be carried or not.

When a node, A, connects to the ad hoc networksupervised by gateway G, it sends a connection messageto its super node. When the super node receives themessage, it sends a permission message to the gateway.The gateway grants network access to this node for aspecific time period by sending a key group that coversthis period. For example, if the key live time is tkey , andthe gateway wants to grant an access period of 5tkey , thenthe gateway should send the current key and the next4 keys to the node. We call the keys key group (KG).If the current key is Kx, the key group of size n is aconcatenation of n key:

KGn←kx | kx−1 | . . . | kx−n+1.

To reduce the message size, the gateway does not needto send all the keys in the key group, but only the lastkey Kx−n+1 in the group and the group length. Thenode can generate the group by consecutively applying thehash function. The gateway generates the network accessmessage by encrypting the key group with the node publickey:

AccessMessage←EPKA(KGn | TimeStamp).

After verifying the access message and the permissionmessage, the node gets the key group and starts commu-nicating over the network.

It should be noted that the node can generate all thekeys that precede the first key in the key group (using thehash function). It is expected that the messages alreadycirculating in the network are encrypted using previouskeys, so that the node can verify the validity of thesemessages. The node cannot generate any key for a futuretime period using the key group based on the one-waykey chain properties. For example, the node that receiveda key group KGn with current key Kx can generate anyprevious key Ki where L− 1 ≤ i < x . If a node needsto communicate over the network after the expiry of itskey group, it should re-register with the gateway.

After obtaining the key group, the node can startcommunicating with other nodes. When the node wants tosend a message, it needs to generate a MAC block usingthe current network key and forwards it to neighbor nodes(based on the routing technique applied). The message



exchanges are in the form of

ExchangedMsg←Msg | TimeStamp | MAC,

MAC←HMACKx(Msg | TimeStamp).

When an intermediate node receives a message, it checksthe MAC block and then stores the message to be for-warded. The intermediate node is not able to disclosethe message contents because the message Msg shouldalready be encrypted with another key shared between thesource and the destination to achieve end-to-end securecommunications, as discussed in Section IV.

To prevent any node from continuing the communica-tion with a previously granted key group, messages sentwith expired keys are discarded as follow: Key Ki has atime frame [tx, tx+tkey] and each message has a live timetmessage. If a message at time t > tx + tkey + tmessage

is authorized with key Ki, it will be discarded.With the proposed approach, a message sender needs to

perform one symmetric key encryption per message. Eachintermediate node also needs to perform one symmetrickey decryption per message. Intermediate nodes store theoriginal message (if valid) for future forwarding. Theydo not need to re-compute the message MAC whenforwarding the message.

IV. END-TO-END MESSAGE SECURITY

Preventing unauthorized users from sending their mes-sages over the network does not implies the confidentialityof exchanged authentic messages. Any malicious nodethat receives a message for forwarding can expose themessage contents. Due to the inability to control themessage forwarding route within the system under con-sideration (especially for an unstructured open networksuch as MANET), secure end-to-end message exchangesare mandatory.

In the system under consideration, the existence ofsuper nodes that can communicate reliably and securelyover the Internet backbone offers an advantage to relaxthe constraints of end-to-end secure message exchanges.The main idea is to use the super node as a node delegatethat performs the mutual authentication and key sharingon behalf of the mobile node. Under the super-nodearchitecture, there are two communication scenarios fornode-to-node message exchanges: 1) the message senderand receiver can find a physical end-to-end path, and2) a physical end-to-end path cannot be established, sothat messages are routed through the destination’s supernode. In both cases, the source node should contact thedestination’s super node. For the first case, the sourcenode has to contact the destination’s super node to locatethe destination, while in the second case all messages aresent through the super node.

We propose to use symmetric encryption to ensureinformation security for communications between a nodeand its super node. All message exchanges are encryptedusing a shared secret key, which reduces the overheadimposed by asymmetric cryptography based techniques.The shared key is updated periodically to prevent its

exposure. Updating the shared key requires handshakingbetween the node and its super node, which is challengingwith the expected node’s frequent long disconnections.To handle key updates, a key chain is shared betweenthe node and its super node. The key chain is used for aperiod of time which is divided into time frames of equallength and, for each time frame, a specific key from thechain is used to secure the communications. At the endof a time frame, both the node and its super node updatethe shared key to the next key from the key chain withoutthe need of any handshaking between them. After all thekeys from the chain are used, a new key chain will begenerated and shared between the node and its super node.This technique does not need to include the secret keyin the exchanged messages as in traditional asymmetriccryptography based techniques. Asymmetric cryptographyis used only during the chain initialization to securelyexchange the key chain and to allow the communicatingparties to authenticate each others, as discussed next.

When a node, A, is connected through an accessnetwork, it sends a connection message to its super nodeto update the super node with its current location andto be granted the privilege to access the access networkresources as discussed in Section III. If there is no sharedkey chain or a previously shared chain expired, node A

initializes a new chain by generating a random key as thechain seed value K0 and length L. The node prepares theconnection message as:

ConnectMsg←IDA | IDnet | EPKSA(K0 | L)

| TimeStamp | SIGA,

SIGA←ESKA(H(IDA | IDnet

| EPKSA(K0 | L) | TimeStamp)).

The access network identifier IDnet is to inform thesuper node of its current location. The connection mes-sage contains a time stamp field to prevent a reply attack.The key chain information is encrypted with the supernode public key to ensure that only the super node candecrypt this information. The node signs the message withits private key to enable the super node to authenticate thesender identity. The super node verifies the connectionmessage and initializes the key chain. The super nodesends access information to the node as discussed SectionIII. The node and its super node can start exchangingmessages secured with the current shared key, Ki, fromthe shared key chain:

ExchangedMsg←(EncKi(msg | TimeStamp)|i).

The node does not have to initialize a new key chainuntil all the keys in the current key chain are used.This allows the node to be disconnected from its supernode while keeping an up-to-date shared key without anyhandshaking between them.

Due to the expected delay in message delivery, mes-sages may not be delivered in sequence. Hence, thereceiver (i.e., the node or its super node) may receive



messages encrypted with the keys out of order, or withprevious keys other than the current key. The proposedtechnique addresses this potential problem by includinga time stamp in the message. The receiver accepts themessage as long as the key index matches the enclosedtime stamp.

To establish a secure end-to-end message exchangebetween two nodes, our proposal is to use the desti-nation node’s super node as the destination’s delegate.This moves the mutual authentication process from thecommunicating nodes (where the communication is chal-lenged) to their super nodes (where the communicationis reliable and secure). The first step for communicationsbetween two nodes is that the source node inquiries aboutthe destination node location from the destination node’ssuper node. This step can be used to enable the destinationsuper node to authenticate the source node identity. Thedestination super node issues a permission for securecommunication in the form of an access ticket that thesource node can use to communicate with the destinationnode. With the access ticket, the destination node doesnot need to re-authenticate the source node as the ticketproves that the sender is authenticated by the destinationsuper node. Moreover, the source node does not need toauthenticate the destination node because the destinationnode is the only one who can extract the shared keyinformation from the ticket.

Fig. 4. The procedure to establish an end-to-end secure messageexchange.

Figure 4 shows the proposed procedure to establish asecure end-to-end message transfer between two nodes.Suppose that node B wants to start a secure communica-tion with node A. Node B locates the super node SA andsends a communication request, Req, to SA as follow:

Req←(IDA | IDB | TimeStamp |

i | EncKi(IDA | IDB | TimeStamp)

︸︷︷︸

AuthenticationPart

).

The authentication part in the request message isencrypted by the current shared key between node B

and its super node. If SA is not the super node ofnode B, it cannot authenticate the sender identity. As aresult, it forwards the request message to node SB (basedon the assumption that super nodes can communicate

reliably and securely over the Internet backbone). NodeSB verifies that node B is the sender of this messagebased on their shared key chain and generates accessticket ticketB to SA for a secure communication withnode B. Super node SB replies to SA with an accessmessage that is secured based on the assumed existingsecure connection between the super nodes:

ticketB←i | EncKi(IDA | IDSA

| KB

| TimeStamp | ExpirationT ime),

AccessMsg←KB | ExpirationT ime | ticketB .

The access ticket ticketB can be used only by node A

and/or its super node SA, which is declared as a part ofthe ticket. The ticket also contains a randomly generatedsecret key KB to secure the communications with nodeB. The ticket is valid for a period of time determinedby ExpirationT ime field. The access ticket ticketB

authenticates both nodes A and SA identities to node B.When SA receives the access message that confirms theidentity of node B, it generates an access ticket (ticketA)using the current key, Kj , from the key chain shared withnode A. Super node SA sends an access message to nodeB that contains node A location and ticketA:

ticketA←j | EncKj(IDB | IDSB

| KB |

TimeStamp | ExpirationT ime)

AccessMsg←LocationA | ticketB | EncKB(

ExpirationT ime | ticketA).

When node B receives the access message, KB can beextracted from the ticket ticketB using Ki. Node B canstart communicating with node A or its super node (ifno end-to-end path exists). Each message msg sent fromnode B to node A is encrypted using the shared key KB .An exchanged message includes the encrypted messageand the access tickets, given by

ExchangedMsg←EncKB(msg) | ticketA | ticketB .

When node A receives the message, it checks ticketA

using Kj , and then it decrypts the message using KB

obtained from the ticket. Note that, unlike the previoustechniques [15], a message receiver does not need toauthenticate the message sender and it can decrypt themessage without any delay or asymmetric cryptographyoverhead. Moreover, node A can reply to node B usingticketB so that the communication proceeds without anyneed to contact the super nodes again for authorization.

To prevent using expired tickets in communications,messages sent with expired tickets are discarded as fol-low: Given that the ticket expiration time tticket and eachmessage has a live time tmessage, if a message usingthis ticket is received at time t > tticket + tmessage, themessage will be discarded.

A main challenge for authentication over DTN is thedelay required for handshaking to complete the authenti-cation process. In our scheme, the delay is minimized byusing the mandatory message sent to the super node tolocate the destination node. As a result, the sender does



not need to send a separate message for authentication.Moreover, within the lifetime of the issued ticket, thesender does not need to re-send an authentication messagefor each message. Note that there exist some research ef-forts to provide a self organized authentication without theneed to contact a trusted third party, such as the work in[21]. The technique is based on the self signed certificatesissued by the nodes themselves. A main concern for thetechnique to be adapted to the super node architectureis the size of required certificate repositories within eachnode, taking into consideration the huge interconnectednetworks. The authentication requires processing a graphof the intersection among the node certificate repositories,which can be huge for roaming nodes with a possibilityof no shared certificates. With the expected unavailabilityof the communicating nodes and/or an end-to-end path,the handshaking required for the authentication (i.e., toexchange the certificates) can either cause a long delayfor the communication or prevent the communicationcompletely. As it is the responsibility of the nodes toauthenticate each other, the existing technique imposesa processing overhead to all the nodes.

V. PERFORMANCE EVALUATION

A. Routing over the Super Node Architecture

Routing over the super node architecture can be re-garded on two levels. The high level routing is amongsuper nodes and gateways, while the lower level routingis between end user(s) and the gateway over the accessnetwork. Communication among super nodes and gate-ways is assumed to be reliable and secure over the Internetbackbone. The super nodes and gateways are assumed tohave fixed locations over the Internet. As a result, messagerouting among them can base on the regular Internetrouting. When an end user sends a message over an accessnetwork, the message is routed over the access network(to be discussed in the following) to the network gateway.The gateway forwards the message to the destinationuser’s super node over the Internet backbone. The supernode then forwards the message to the gateway of thedestination user’s current access network.

Routing over an access network is a challenge be-cause of the potential unavailability of the destinationnode. It highly depends on the access network. Forinfrastructure based networks (e.g., cellular networks, andWLAN), regular routing techniques can be applied whenthe destination user is available. For example, in cellularnetworks, successful message delivery can be achieved byforwarding the message to the base station through whichthe destination user is currently connected. Routing be-comes more complicated for infrastructure-less networks(e.g., MANETs), due to the potential unavailability of aphysical end-to-end path between the gateway and thedestination user over such networks.

We study how the proposed security schemes affectsystem performance under two different routing tech-niques: the epidemic routing [4] and the dominating set(DS) based routing [7]. In the epidemic routing, each

node forwards a message to all its neighboring nodes,in anticipation that one of these nodes may meet withthe destination node in the near future as it roams. Thismay be inefficient in terms of network resource usage,however it is sometimes necessary. On the other hand,the DS routing limits the number of forwarded messagesrequired to deliver a message by limiting the number ofnodes to which the message should be forwarded by anode. The DS routing counts on forwarding the messageonly to the DS members, which are nodes that have ahigh probability to meet with all the other nodes in thenetwork.

B. Node Mobility ModelNode mobility model is one of the main concerns in

DTN simulation [22]. Our following mobility model usedin the simulation intends to make a compromise betweensimplicity and practicality. The geographical area coveredby the MANET is partitioned to m partitions. When anode is connected to the network, it visits each of thepartitions with a certain probability. The location of amobile node in the future is independent of its locationin the past, given its current location. Denote the locationstate of a mobile node by the partition it resides, andassume that the residence times of all the mobile nodes ineach partition are iid exponential random variables. Then,the user mobility model can be characterized by a one-dimensional continuous-time Markov chain, with locationstate space {1, 2, . . ., m}, as shown in Figure 5.

Fig. 5. Modeling of node movement by a finite-state Markov chain.

The user movement model over the network coveragearea is described by the transition matrix M of theMarkov chain, given by

M =

PL11PL12

. . . PL1m

PL21PL22

. . . PL2m

. . . . . . . . . . . .

PLm1PLm2

. . . PLmm

where PLijis the conditional probability that a mobile

node will enter partition Lj given that it is still connectedto the network and it leaves its current partition Li. Forany partition Li, we have

∑

j PLij = 1. The transitionprobability matrix depends on the geographical charac-teristics of the service area and the network environmentunder study.



C. Simulation Results

We compare the performance of the proposed au-thorization techniques with that of the system with noauthorization. The performance is measured in terms of(1) the number of forwarded messages over the networkto demonstrate how efficiently each technique uses theavailable resources (e.g., radio spectrum bandwidth), and(2) the number of undelivered authorized messages toindicate how reliable the technique is in delivering autho-rized messages. We compare the two proposed securitytechniques in terms of the number of asymmetric keyoperations to measure how efficient the intermediate nodecomputing power is used, with an increasing number offorwarded messages.

In our experiments, the MANET coverage area is arectangle of size 1500m×1500m. The area is partitionedinto 100 150m × 150m partitions. Each simulation pro-ceeds in discrete time steps. There are 50 mobile nodeswith mobility trajectories independent of each other. Foreach simulation run, a transition matrix M is randomlygenerated and stays fixed till the end of the simulation.Initially, the node locations are uniformly distributed overthe service area. As the simulation time increases, eachnode (if connected) moves randomly according to thetransition matrix. When a node moves to a new partition,it stays there for a residence time that is an exponentialrandom variable with an average of 20 simulation steps.At the end of the residence time, the node moves to anew partition with a probability of 0.7, or disconnectsfrom the network with a probability of 0.3. If the nodedisconnects, it will stay disconnected for a duration thatis exponentially distributed with an average of 20 timesteps. For simplicity, we assume that a node is able tocommunicate only with other nodes in the same partition.Messages are generated based on a Poisson process withmean rate of 10

3messages per time step. The source and

destination mobile nodes for each message are selected atrandom. All the messages are equal in size, with the samemessage live time of 40 simulation steps. The buffer spaceis 15 messages at each mobile node and 2000 messagesat the gateway. When the node buffer is full and a newmessage is received, the oldest message in the buffer isremoved to accommodate the new message. Moreover,20 percent of the nodes are unauthorized to use thenetwork resources. They are assumed to behave honestlyin carrying and forwarding messages from others. Inaddition, they generate their own messages and try toinject them to the network.

At the start of simulation, all the nodes generate arequest message to the gateway to gain access to thenetwork based on the proposed security scheme (i.e., theyreceive a certificate in the first approach or a key groupin the second approach). All the nodes are granted thesame access period for simplicity in simulation. Whenthe access period of a node expires, the node has tore-request access from the gateway. At each time step,the node detects its neighbor nodes and exchanges thebuffered messages with them (the messages that the

neighbor nodes do not already have) based on the routingtechnique. Each node also updates its buffer by removingexpired messages. For each experiment, a communicationscenario (i.e., set of messages, user connections, userdisconnections, user movements) is set up randomly andrun for each scheme.

0 500 1000 1500 2000 2500 3000104

105

106

107

Simulation Step

Nu

mb

er o

f F

orw

ard

ed M

essa

ges

No Authorization Scheme Under DS

Symmetric Authorization Scheme Under DS

No Authorization Scheme Under epidmic

Symmetric Authorization Scheme Under epidmic

Fig. 6. Comparison of the proposed authorization schemes in terms ofthe number of forwarded under the DS and the epidemic routing.

Figure 6 shows a comparison between the case ofapplying no authorization scheme and the case of ap-plying the proposed symmetric key cryptography basedauthorization scheme under the epidemic routing andDS routing, in terms of the total number of forwardedmessages. It is clear that, with the existence of unau-thorized traffic, the authorization scheme is important toreduce the number of forwarded messages. This appliesto both routing techniques under consideration. Moreover,the number of lost (undelivered) authorized messages ishighly increased in the case of no authentication, as shownin Figure 7. This is mainly due to the limited buffer spaceat intermediate nodes which have to drop old messageswhen buffer overflow occurs. With an increasing numberof unauthorized messages, the probability of droppingauthorized messages increases.

Both of the proposed authorization techniques performequally in terms of the numbers of forwarded messagesand lost messages. However, when comparing them re-garding the number of asymmetric key cryptographicoperations, it is clear that the symmetric key based cryp-tography outperforms the asymmetric key cryptographybased scheme under the routing techniques, as shownin Figure 8. It should be noted that the symmetric keycryptography based scheme does not eliminate the usageof asymmetric key cryptographic operations as a node hasto perform asymmetric key operation to request networkaccess and to receive the key group (if access granted),as discussed in Section III-B. However, with a largernetwork size (in terms of number of nodes) and/or ashorter granted access period per node, even though thesymmetric key cryptography based scheme increases thenumber of the required asymmetric key cryptographic



0 500 1000 1500 2000 2500 3000100

101

102

103

104

Simulation Step

Nu

mb

er o

f L

ost

Au

tho

rize

d M

essa

ges

No Authorization Scheme Under DS

Symmetric Authorization Scheme Under DS

No Authorization Scheme Under epidmic

Symmetric Authorization Scheme Under epidmic

Fig. 7. Comparison of the proposed authorization schemes in terms ofthe number of lost authorized messages under the DS and the epidemicrouting.

operations, it still outperforms the other scheme. This ismainly because the asymmetric key cryptography basedscheme is affected by the same factors as well. As aresult, it is expected that the symmetric key cryptographybased technique always outperforms the asymmetric keycryptography based technique in terms of the numberof asymmetric key cryptographic operations under allconditions.

0 500 1000 1500 2000 2500 3000102

103

104

105

106

Simulation Step

Num

ber

of

Ass

ym

etri

c key

Cry

pto

gra

phy O

per

atio

ns

Symmetric Key Cryptography Scheme Under DS

Asymmetric Key Cryptography Scheme Under DS

Symmetric Key Cryptography Scheme Under epidmic

Asymmetric Key Cryptography Scheme Under epidmic

Fig. 8. Comparison of the proposed authorization schemes in terms ofthe number of asymmetric key cryptography operations under the DSand the epidemic routing.

Comparing the performance of the two routing tech-niques under the proposed authorization scheme, Figure6 shows how the DS routing outperforms the epidemicrouting in terms of the number of forwarded messages,which is consistent with the observation in the absence ofunauthorized traffic [7]. In the presence of unauthorizedtraffic, even without the authorization, the DS routingoutperforms the epidemic routing, as the DS routinglimits the number of nodes that a message should beforwarded to. On the other hand, Figure 7 shows that, withthe authorization scheme in place, the epidemic routing

outperforms the DS routing in terms of the number of lostauthorized messages. With the DS routing, a message ismore likely to be expired before a contact occurs betweena message carrying node and the next DS member.However, the number of lost authorized messages underthe DS routing and the authorization scheme is muchsmaller than that under either the epidemic routing or theDS routing without the authorization scheme.

Considering the number of asymmetric key cryptog-raphy operations, the DS routing outperforms the epi-demic routing, when asymmetric key cryptography basedscheme is employed, as shown in Figure 8. This is becausethe number of asymmetric key cryptography operationsis related to the number of message forwarded in theasymmetric key cryptography based scheme. However,the epidemic routing and DS routing perform similarlyin terms of the number of asymmetric key operationsperformed, when the symmetric key cryptography basedscheme is employed. This is due to the fact that thenumber of asymmetric key operations in this case isproportional to the number of connection messages andpermission messages sent over the network. The highernumber of lost messages in the DS routing likely resultsin more lost connection messages and/or permission mes-sages, which requires the recalculation and resending ofthese messages.

We have carried out extensive simulations to evaluatethe performance of the proposed schemes. The mainobservations can be summarized in the following: (a) Bothschemes introduce an extra delay for a newly connectednode to be able to communicate in the network. This delayaccounts for the time for the access request to reach thegateway and the time for the node to receive the accessgrant information (key group or certificate). However,even with a highly sparse network, the simulation resultsshow that the delay can be neglected when comparedwith the node connection time for the system modelunder consideration; (b) Both proposed schemes introduceextra cost as compared with the case of no authorizationprocedure. This cost is in the form of extra messageexchanges to request and grant node access and the delaythat a node encounters for accessing the network. Thiscost becomes obvious with a very low percentage ofunauthorized messages. However, the overhead imposedby an increase in unauthorized traffic makes the extramessage exchanges totally negligible; (c) When a nodeneeds to extend its network access period, it sends arequest message to the gateway. This introduces a de-lay until the response is sent back. The delay can beeliminated by requesting access in advance before thecurrent access period is expired. The advance period canbe estimated based on the average message delay that anode encounters in contacting the gateway.

VI. CONCLUSIONS

This paper investigates information security in theDTN based super node system. We propose two schemesfor preventing unauthorized traffic in the MANET. The



first one is based on the conventional asymmetric keycryptography that solves the problem by authenticatingthe message sender. The second scheme is based on theidea of separating the issue of traffic authorization fromthe issue of message sender authentication at intermediatenodes. Using the symmetric key cryptography, the schemeis based on the concepts of key chain and key group.We also addresses the issue of end-to-end secure messageexchanges over the super node system, based on the keychain concept. The proposed scheme moves the mutualauthentication phase from mobile nodes to their supernodes for fast and reliable implementation. Computer sim-ulation results demonstrates that 1) the proposed schemesachieve better utilization of the network resources bylimiting unauthorized traffic, 2) the symmetric key basedscheme outperforms the asymmetric key based schemein terms of intermediate node computing power saving,and 3) the dominating set based routing outperforms theepidemic routing under the proposed information securityscheme, in terms of the required number of forwardedmessages, at the cost of increased number of lost mes-sages and a slightly increased number of asymmetric keycryptographic operations.

ACKNOWLEDGMENT

The authors would like to thank Dr. Bruno Preiss of theResearch In Motion (RIM) for many helpful discussionson this research.

REFERENCES

[1] H. Samuel, W. Zhuang, and B. Preiss, “DTN based dominatingset routing for MANET in heterogeneous wireless networking,”Mobile Networks and Applications, vol. 14, pp. 154 – 164, April2009.

[2] H. Samuel, W. Zhuang, and B. Preiss, “Routing over intercon-nected heterogeneous wireless networks with intermittent connec-tions,” in Proc. IEEE ICC ’08, pp. 2282 – 2286, May 2008.

[3] K. Fall, “A delay-tolerant network architecture for challengedinternets,” in Proc. ACM SIGCOMM ’03, pp. 27–34, 2003.

[4] A. Vahdat and D. Becker, “Epidemic routing for partially con-nected ad hoc networks,” April 2000. [Online]. Available: cite-seer.ist.psu.edu/vahdat00epidemic.html

[5] W. Zhao and M. H. Ammar, “Message ferrying: proactive routingin highly-partitioned wireless ad hoc networks,” in Proc. IEEEFTDCS ’03, pp. 308–314, 2003.

[6] W. Zhao, M. Ammar, and E. Zegura, “A message ferrying approachfor data delivery in sparse mobile ad hoc networks,” in Proc. ACMMobiHoc ’04, pp. 187–198, 2004.

[7] Hany Samuel, W. Zhuang, and B. Preiss, “DTN based dominatingset routing technique for mobile ad hoc networks,” in Proc. QShine’08, July 2008.

[8] S. Farrell, S. Symington, H. Weiss, and P. Lovell, “Delay-tolerantnetworking security overview,” IRTF, DTN research group, Febru-ary 2008.

[9] K. Ren, W. Lou, and Y. Zhang, “Multi-user broadcast authentica-tion in wireless sensor networks,” in Proc. IEEE SECON ’07, pp.223–232, June 2007.

[10] M. Raya and J. P. Hubaux, “Securing vehicular ad hoc networks,”Journal of Computer Security, vol. 15, no. 1, pp. 39–68, 2007.

[11] R. Lu, X. Lin, H. Zhu, P.-H. Ho, and X. Shen, “ECPP: efficientconditional privacy preservation protocol for secure vehicularcommunications,” in Proc. IEEE INFOCOM 2008,pp. 1229–1237,April 2008.

[12] C. Zhang, R. Lu, X. Lin, P.-H. Ho, and X. Shen, “An efficientidentity-based batch verification scheme for vehicular sensor net-works,” in Proc. IEEE INFOCOM 2008, pp. 246–250, April 2008.

[13] X. Lin, X. Sun, P.-H. Ho, and X. Shen, “GSIS: a secure andprivacy-preserving protocol for vehicular communications,” IEEETrans. Vehicular Technology, vol. 56, no. 6, pp. 3442–3456, Nov.2007.

[14] C. Zhang, X. Lin, R. Lu, and P.-H. Ho, “RAISE: An efficient rsu-aided message authentication scheme in vehicular communicationnetworks,” in Proc. IEEE ICC ’08, pp. 1451–1457, May 2008.

[15] N. Asokan, K. Kostiainen, P. Ginzboorg, J. Ott, and C. Luo, “Ap-plicability of identity-based cryptography for disruption-tolerantnetworking,” in Proc. ACM MobiOpp ’07, pp. 52–56, 2007.

[16] H. Jiang, W. Zhuang, and X. Shen, “Cross-layer design forresource allocation in 3G wireless networks and beyond,” IEEECommunications Magazine, vol. 43, no. 12, pp. 20–126, Dec.2005.

[17] V. Lo, D. Zhou, Y. Liu, C. GauthierDickey, and J. Li, “Scalablesupernode selection in peer-to-peer overlay networks,” in Proc.Second International Workshop on Hot Topics in Peer-to-PeerSystems, pp. 18–25, July 2005.

[18] J.-P. Hubaux, T. Gross, J.-Y. Le Boudec, and M. Vetterli, “Towardself-organized mobile ad hoc networks: the terminodes project,”IEEE Communications Magazine, vol. 39, no. 1, pp. 118–124, Jan2001.

[19] J. Burgess, G. D. Bissias, M. D. Corner, and B. N. Levine,“Surviving attacks on disruption-tolerant networks without authen-tication,” in Proc. ACM MobiHoc ’07, pp. 61–70, 2007.

[20] A. Perrig, R. Canetti, D. Tygar, and D. Song, “The TESLAbroadcast authentication protocol,” 2002. [Online]. Available: cite-seer.ist.psu.edu/perrig02tesla.html

[21] J.-P. Hubaux, L. Buttyan, and S. Capkun, “The quest for securityin mobile ad hoc networks,” in Proc. ACM MobiHoc ’01, pp. 146–155, 2001.

[22] P. Luo, H. Huang, W. Shu, M. Li, and M.-Y. Wu, “Performanceevaluation of vehicular DTN routing under realistic mobilitymodels,” in Proc. IEEE WCNC 2008, pp. 2206–2211, April 2008.

Hany Samuel received the B.Sc. degree in 2001 and theM.Sc. degree in 2006, both in electrical engineering, from AinShams University, Cairo, Egypt. He is currently working towardhis Ph.D. degree at the Department of Electrical and ComputerEngineering, University of Waterloo, Ontario, Canada. Hiscurrent research interests include interworking of heterogeneouswireless networks, delay tolerant networks, and peer-to-peersystems. He is a co-recipient of a Best Paper Award from ICSTQShine 2008.

Weihua Zhuang received the B.Sc. and M.Sc. degrees fromDalian Maritime University, China, and the Ph.D. degree fromthe University of New Brunswick, Canada, all in electrical engi-neering. Since October 1993, she has been with the Departmentof Electrical and Computer Engineering, University of Waterloo,Canada, where she is a Professor. She is a co-author of thetextbook Wireless Communications and Networking (PrenticeHall, 2003). She is a co-recipient of a Best Paper Award fromIEEE ICC 2007, a Best Student Paper Award from IEEE WCNC2007, and the Best Paper Awards from Int. Conf. HeterogeneousNetworking for Quality, Reliability, Security and Robustness(QShine 2007 and 2008). Her current research interests includewireless communications and networks, and radio positioning.Dr. Zhuang received the Outstanding Performance Award in2005, 2006, and 2008 from the University of Waterloo foroutstanding achievements in teaching, research, and service,and the Premiers Research Excellence Award (PREA) in 2001from the Ontario Government for demonstrated excellence ofscientific and academic contributions. She is the Editor-in-Chiefof IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY,and an Editor of IEEE TRANSACTIONS ON WIRELESSCOMMUNICATIONS, EURASIP JOURNAL ON WIRELESSCOMMUNICATIONS AND NETWORKING, and INTERNA-TIONAL JOURNAL OF SENSOR NETWORKS. She is aFellow of the IEEE and an IEEE Communications SocietyDistinguished Lecturer.



Preventing Unauthorized Messages and Achieving End-to-End Security

Documents

Transcript of Preventing Unauthorized Messages and Achieving End-to-End Security