06212470

8/12/2019 06212470

1/13

A Secure Protocol for SpontaneousWireless Ad Hoc Networks Creation

Raquel Lacuesta, Jaime Lloret, Senior Member , IEEE ,

Miguel Garcia, Student Member , IEEE , and Lourdes Pen alver

Abstract This paper presents a secure protocol for spontaneous wireless ad hoc networks which uses an hybrid symmetric/ asymmetric scheme and the trust between users in order to exchange the initial data and to exchange the secret keys that will be usedto encrypt the data. Trust is based on the first visual contact between users. Our proposal is a complete self-configured secure protocolthat is able to create the network and share secure services without any infrastructure. The network allows sharing resources andoffering new services among users in a secure environment. The protocol includes all functions needed to operate without any externalsupport. We have designed and developed it in devices with limited resources. Network creation stages are detailed and thecommunication, protocol messages, and network management are explained. Our proposal has been implemented in order to test theprotocol procedure and performance. Finally, we compare the protocol with other spontaneous ad hoc network protocols in order tohighlight its features and we provide a security analysis of the system.

Index Terms Distributed protocol, secure protocol, spontaneous network, wireless ad hoc networks

1 INTRODUCTION

THE exponential growth in the development and accep-tance of mobile communications in recent years isespecially observed in the fields of wireless local areanetworks, mobile systems, and ubiquitous computing. Thisgrowth is mainly due to the mobility offered to users,providing access to information anywhere, user friendli-ness, and easy deployment. Furthermore, the scalability andflexibility of mobile communications increase users pro-ductivity and efficiency.

Spontaneous ad hoc networks are formed by a set of mobile terminals placed in a close location that commu-nicate with each other, sharing resources, services orcomputing time during a limited period of time and in alimited space, following human interaction pattern [1], [2].People are attached to a group of people for a while, andthen leave. Network management should be transparent tothe user. A spontaneous network is a special case of ad hocnetworks. They usually have little or no dependence on acentralized administration. Spontaneous networks can bewired or wireless. We consider only wireless spontaneous

networks in this paper. Their objective is the integration of

services and devices in the same environment, enabling theuser to have instant service without any external infra-structure. Because these networks are implemented indevices such as laptops, PDAs or mobile phones, withlimited capacities, they must use a lightweight protocol, andnew methods to control, manage, and integrate them.

Configuration services in spontaneous networks dependsignificantly on network size, the nature of the participatingnodes and running applications. Spontaneous networksimitate human relations while having adaptability to newconditions and fault tolerance (the failure of a device orservice shouldnotdamage the functionality). Methods basedon imitating the behavior of human relations facilitate secureintegration of services in spontaneous networks [3]. Further-more, cooperation among the nodes and quality of servicefor all shared network services should be provided [4].

Spontaneous ad hoc networks require well defined,efficient and user-friendly security mechanisms. Tasks to beperformed include: user identification, their authorization,address assignment, name service, operation, and safety.Generally, wireless networks with infrastructure use Certi-ficate Authority (CA) servers to manage node authentica-tion and trust [5], [6]. Although these systems have beenused in wireless ad hoc and sensor networks [7], they arenot practical because a CA node has to be online (or is anexternal node) all the time. Moreover, CA node must havehigher computing capacity.

Security should be based on the required confidentiality,node cooperation, anonymity, and privacy. Exchangingphotos between friends requires less security than ex-changing confidential documents between enterprise man-agers. Moreover, all nodes may not be able to execute

routing and/or security protocols. Energy constraints, nodevariability, error rate, and bandwidth limitations mandatethe design and use of adaptive routing and securitymechanisms, for any type of devices and scenarios.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 24, NO. 4, APRIL 2013 629

. R. Lacuesta is with the Departamento de Informatica e Ingenieria deSistemas, Universidad de Zaragoza, Ciudad Escolar s/n, 44003, Teruel,Spain. E-mail: [email protected].

. J. Lloret is with the Universidad Polite cnica de Valencia, Camino Vera s/n,46022, Valencia, Spain. E-mail: [email protected].

. M. Garcia is with the Escuela Politecnica Superior de Gandia, C/Paranimf,n-1, 46730, Grao de Gandia, Gandia, Valencia, Spain.E-mail: [email protected].

. L. Pen alver is with the Departamento de Informatica e Ingenieria deSistemas, Universidad Politecnica de Valencia, Camino Vera s/n, 46022Valencia, Spain. E-mail: [email protected].

Manuscript received 27 Feb. 2012; revised 10 May 2012; accepted 16 May

2012; published online 30 May 2012.Recommended for acceptance by V. Misic.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference IEEECS Log Number TPDS-2012-02-0156.Digital Object Identifier no. 10.1109/TPDS.2012.168.

1045-9219/13/$31.00 2013 IEEE Published by the IEEE Computer Society

8/12/2019 06212470

2/13

Dynamic networks with flexible memberships, groupsignatures, and distributed signatures are difficult tomanage [8]. To achieve a reliable communication and nodeauthorization in mobile ad hoc networks, key exchangemechanisms for node authorization and user authenticationare needed.

The related literature shows several security methodssuch as predistribution key algorithms [9], symmetric andasymmetric algorithms, intermediate node-based methods[10], and hybrid methods [11]. But these methods are notenough for spontaneous networks because they need aninitial configuration (i.e., network configuration) or externalauthorities (for example, central certification authorities).

None of the existing papers propose a secure sponta-neous network protocol based on user trust that providesnode authenticity, integrity checking, and privacy. Thenetwork and protocol proposed in this paper can establish asecure self-configured environment for data distributionand resources and services sharing among users. Security isestablished based on the service required by the users, by building a trust network to obtain a distributed certificationauthority. A user is able to join the network because he/sheknows someone that belongs to it. Thus, the certificationauthority is distributed between the users that trust the newuser. The network management is also distributed, whichallows the network to have a distributed name service. Weapply asymmetric cryptography, where each device has apublic-private key pair for device identification and sym-metric cryptography to exchange session keys betweennodes. There are no anonymous users, because confidenti-ality and validity are based on user identification.

Preliminary versions of this paper appeared in [12], [13],

[14]. In 2003, we presented the basis to setup a securespontaneous network [12]. To solve mentioned securityissues, we used an authentication phase and a trust phase[13]. Moreover, we presented a mechanism to allow nodesto check the authenticity of their IP addresses while notgenerating duplicated IP addresses. The mechanism helpsnodes to authenticate by using their IP addresses. We haveused this mechanism in the secure protocol presented inthis paper, but it can be replaced by any other IP addressassignment mechanism.

The rest of the paper is organized as follows: Section 2presents the related work on spontaneous networks andshows the most well-known security mechanisms that can be applied to them. The proposed secure spontaneousnetwork is detailed in Section 3. Section 4 explains thestages for network creation, the protocol operation and thekey revocation process. Section 5 analyzes the security of our proposal. The proposed system is compared with otherspontaneous systems in Section 6. Section 7 shows theperformance analysis in terms of cryptographic operations,delivery times and memory consumption. Finally, Section 8gives the conclusion and future work.

2 RELATED WORK

In [15], Latvakoski et al. explain a communication archi-tecture concept for spontaneous systems, integratingapplication-level spontaneous group communication, andad hoc networking together. A set of methods to enable

plug and play, addressing and mobility, peer to peerconnectivity, and the use of services are also provided.

Liu et al. [16] show how networked nodes can autono-mously support and cooperate with each other in a peer-to-peer (P2P) manner to quickly discover and self-configureany services available on the disaster area and deliver areal-time capability by self-organizing themselves in spon-taneous groups to provide higher flexibility and adapt-ability for disaster monitoring and relief.

Gallo et al. [17] pursued two targets in spontaneousnetworks: to maximize responsiveness given some con-straints on the energy cost and to minimize the energy costgiven certain requirements on the responsiveness.

Backstro m and Nadjm-Tehrani [18] developed the firstreal spontaneous network that offers services dynamicallyusing the Jini technology. They explain the architecturaldesign of the contact service and its implementation. Theprototype demonstrates how major design criteria, flex-ibility, dependability, efficiency, and transparency, affectthe design and services of a dynamic network of devices.

In [19], Untz et al. propose a lightweight and efficientinterconnection protocol suitable for spontaneous edgenetworks. They design and implement Lilith, a prototypeof an interconnection node for spontaneous edge networks.It uses MPLS and allows different communication paths ona per flow basis, provides seamless switching betweenoperational and back-up paths, and makes availableinformation on destination reachability.

Feeney et al. [20] presented Spontnet, a prototypeimplementation of a simple ad hoc network configurationutility based on the main ideas of spontaneous networks.Spontnet allows users (using face-to-face authentication andshort-range link with easily identifiable endpoints) todistribute a group session key without previous sharedcontext and to establish shared namespace. Two applica-tions, a simple web server and a shared whiteboard, areprovided as examples of collaborative applications. Theyuse IPSec protocol (used for Virtual Private Networks),applied though internet. Spotnet therefore uses both wiredand wireless links and corresponding protocols.

Danzeisen et al. [21] apply WEP, the regular securitymechanism used in Wireless LANs, available by default inthe IEEE 802.11 wireless protocol. Other proposals that didnot discuss security aspects could also apply this default

solution. Although it was available to us, we did not use it because WEP is vulnerable to hacking attacks, and bettersolutions, e.g., WPA, WPA2 should be considered instead.

Rekimoto introduced the concept of synchronous useroperation in [22], and described a user interface SyncTaptechnique for spontaneously establishing network connec-tions between digital devices. This method can deal withmultiple overlapping connection requests by detectingcollision situations, and can also ensure secure networkcommunication by exchanging public key information uponestablishing a connection. Shared session key for securecommunication is created by piggybacking Diffie-Hellman

public keys (generated by each device) on multicast packets.These public keys are used to calculate a shared secretsession key for encrypted communication. In this case, theauthors do not propose any secure protocol. They have just

630 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 24, NO. 4, APRIL 2013

8/12/2019 06212470

3/13

added an existing security mechanism in their authentica-tion phase. It is similar to the one used by us when a newnode joins our network, but we have added other securitymechanisms in order to create a complete secure protocolfor spontaneous networks.

Spontaneous networks are also special case of human-centric networks [23]. Cornelius et al. implemented andevaluated AnonySense, a general-purpose framework foranonymous opportunistic tasking and reporting, whichallows applications to query and receive context through anexpressive task language and by leveraging a broad rangeof sensor types on users mobile devices, and at the sametime respects the privacy of the users.

This paper does not tackle routing issues in spontaneousad hoc wireless networks. A paper that presents a securityprotocol for routing purposes, based on trust, is shown in[24]. It presents two secure and energy-saving spontaneousad hoc protocols for wireless mesh client networks wheretwo different security levels (weak and strong) are takeninto account in the path when information is transmitted between users.

3 S ECURE SPONTANEOUS NETWORK3.1 Network OverviewOur protocol allows the creation and management of distributed and decentralized spontaneous networks withlittle intervention from the user, and the integrationof different devices (PDAs, cell phones, laptops, etc.).Cooperation between devices allows provision and accessto different services, such as group communication, colla- boration in program delivery, security, etc. The network

members and services may vary because devices are free to join or leave the network. Spontaneous network shouldcomplete the following steps in order to be created [1].

3.1.1 Step 1: Joining Procedure This step enables devices to communicate, including theautomatic configuration of logical and physical parameters.The system is based on the use of an IDentity Card (IDC) anda certificate. The IDC contains public and private compo-nents. The public component contains a Logical IDentity(LID), which is unique for each user and allows nodes toidentify it. It may include information such as name,photograph or other type of user identification. This ideahas been used in other systems such as in vehicular ad hocnetworks [25]. It also contains the users public key ( K i ), thecreation and expiration dates, an IP proposed by the user,and the user signature. The user signature is generatedusing the Secure Hash Algorithm (SHA-1) [26] on theprevious data to obtain the data summary. Then, the datasummary is signed with the users private key. The privatecomponent contains the private key ( ki ). The user introducesits personal data (LID) the first time he/she uses the system because the security information is generated then. Securitydata are stored persistently in the device for future use.

Certificate C ij of the user i consists of a validated IDC,signed by a user j that gives its validity. To obtain IDCsignature of user i, the summary function obtained by SHA-1 is signed with js private key. No central certificationauthority is used to validate IDC. Validation of integrity

and authentication is done automatically in each node. Thecertification authority for a node could be any of the trustednodes. This system enables us to build a distributedcertification authority between trusted nodes. When nodeA wants to communicate with another node B and it doesnot have the certificate for B , it requests it from its trustednodes. After obtaining this certificate the system willvalidate the data; if correct then it will sign this node as avalid node. All nodes can be both clients and servers, canrequest or serve requests for information or authenticationfrom other nodes.

The first node creates the spontaneous network andgenerates a random session key, which will be exchangedwith new nodes after the authentication phase. Fig. 1 showsphases of a node joining the network: node authenticationand authorization, agreement on session key, transmissionprotocol and speed, and IP address and routing. When nodeB wants to join an existing network, it must choose a nodewithin communication range to authenticate with(e.g., node A ). A will send its public key. Then, B will send

its IDC signed by As public key. Next, A validates thereceived data and verifies the hash of the message in orderto check that the data has not been modified. In this step, Aestablishes the trust level of B by looking physically at B(they are physically close), depending on whether A knowsB or not. Finally, A will send its IDC data to B (it may do soeven if it decides not to trust B ). This data will be signed byB s public key (which has been received on B s IDC). B willvalidate A s IDC and will establish the trust and validity inA only by integrity verification and authentication. If Adoes not reply to the joining request, B must select anothernetwork node (if one exists). After the authentication, B can

access data, services, and other nodes certificates by a routeinvolving other nodes in network.Security management in the network is based on the

Public Key Infrastructure and the symmetric key encryption

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION 631

Fig. 1. Algorithm for joining a new node.

8/12/2019 06212470

4/13

scheme. Symmetric key is used as a session key to cipher theconfidential messages between trust nodes. It has lessenergy requirements [27], [28], [29] than the asymmetrickey. We have used the Advanced Encryption Standard(AES) algorithm for the symmetric encryption scheme [30].It offers high security because its design structure removessubkey symmetry. Moreover, execution times and energyconsumption in cryptography processes are adequate forlow-power devices. The asymmetric key encryption schemeis used for distribution of the session key and for the userauthentication process. We used two types of asymmetricencryption schemes: Elliptic Curve Cryptosystem (ECC), because of its high performance [31], and the Rivest, Shamir& Adleman cryptographic algorithm (RSA) [32]. After themutual authentication, A will encrypt the session key withB s public key and will send it to B . Then, they will agree thetransmission protocols and the wireless connection speed.

Finally, B will configure IP address and routinginformation. Secure routing protocol is borrowed from[24]. B generates an IP address which has a fixed part in thefirst two bytes and the rest is formed by a random numberwhich depends on the users data. Then, B will send thedata to process the routing information to A. A will checkwhether the IP is duplicated in the network. When B sendsdata to other network nodes, e.g., node C , these data will bevalidated by C (using hashing and authentication methods).Afterwards, C will establish the trust level with B , bylooking physically. If no trust level is established, it will bedone afterwards by using trusted chains.

3.1.2 Step 2: Services Discovery B asks for the available services. Services can be discovered

using Web Services Description Language (WSDL). Ourmodel is based on [33], but in our spontaneous network wedont use a central server. Moreover, other service dis-covery services can be implemented in our system [34]. Auser can ask other devices in order to know the availableservices. It has an agreement to allow access to its servicesand to access the services offered by other nodes. Serviceshave a large number of parameters which are nottransparent to the user and require manual configuration.One issue is to manage the automatic integration tasks anduse, for example, service agents. Other is to manage secureaccess to the services offered by the nodes in the network.The fault tolerance of the network is based on the routingprotocol used to send information between users. Servicesprovided by B are available only if there is a path to B, anddisappear when B leaves the network.

3.1.3 Step 3: Establishing Trusted Chain and Changing Trust Level

There are only two trust levels in the system. Node A eithertrusts or does not trust another node B . The softwareapplication installed in the device asks B to trust A when itreceives the validated IDC from B . Trust relationship can beasymmetric. If node A did not establish trust level withnode B directly, it can be established through trusted

chains, e.g., if A trusts C and C trusts B , then A may trust B .Trust level can change over time depending on the nodes behavior. Thus, node A may decide not to trust node B although A still trusts C and C trusts B . It can also stop

trusting if it discovers that previous trust chain does notexist anymore.

4 P ROTOCOL AND NETWORK MANAGEMENTIn the network formation, nodes perform an initialexchange of configuration information and security usingthe mechanism of authentication or greeting based on theworks shown in [35], [36]. This mechanism avoids the needfor a central server, making the tasks of building thenetwork and adding new members very easy.

The network is created using the information provided by users, thus, each node is identified by an IP address.Services are shared using TCP connections. The network is built using IEEE 802.11b/g technology which has high datarates to share resources. We have reserved the short-rangetechnology (Bluetooth) to allow authentication of nodeswhen they join the network.

After the authentication process, each node learns theidentity card of other known nodes, a public key and a LID.

This information will be updated and completed through-out the network nodes. This structure provides anauthenticated service that verifies the integrity of the datafrom each node because there is a distributed CA.

Each node requests the services from all the nodes that ittrusts, or from all known nodes in the network, dependingon the type of service. A request to multiple nodes is madethrough diffusion processes. The protocol prioritizes accessto information through trusted nodes. When the informa-tion cannot be obtained through these nodes, it can then askother nodes.

Nodes can also send requests to update network

information. The reply will contain the identity cards of all nodes in the network. The node replying to this requestmust sign this data ensuring the authenticity of theshipment. If it is a trusted node, its validity is also ensured,since trusted nodes have been responsible for validatingtheir previous certificates. Under this network, any type of service or application can be implemented. The servicesoffered by our protocol will be secure.

4.1 Network CreationThe first node in the network will be responsible for settingthe global settings of the spontaneous network (SSID,session key, ...). However, each node must configure itsown data (including the first node): IP, port, data security,and user data. This information will allow the node to become part of the network. After this data are set in thefirst node, it changes to standby mode.

4.1.1 Joining New Members The second node first configures its user data and networksecurity. Then, the greeting process starts. It authenticatesagainst the first node. Our protocol relies on a sublayerprotocol (which can be Bluetooth [37] or Zigbee). Theconnection is created through a short-range link technology,to provide flexibility and ease of detection and selection of

nodes, and visual contact with the user of the node.Furthermore, minimal involvement of the user is requiredto configure the device, mainly to establish trust. Thistechnology also limits the scope and the consumption of


8/12/2019 06212470

5/13

involved nodes. Each additional node authenticates withany node in the network.

4.2 Protocol OperationIn order to design the diagrams of the protocol, we haveused the Unified Modeling Language (UML). The UML is avisual specification standardized language that is built tomodel object oriented systems. We use keys, activities, anduse cases (diagrams offered by the standard) to define theprocesses, the structure of the classes in the system, and the behavior of objects or operations.

Once the validation/registration process of the user inthe device has been done, he/she must determine whetherto create a new network or participate in an existing one. If he/she decides to create a new network, it begins theprocedure shown in Fig. 2. First, a session key will begenerated. Then, the node will start its services (includingthe network and authentication services). Finally, it willwait for requests from other devices that want to join thenetwork. If the user wants to become part of an existingnetwork, the node follows Step 1 algorithm from Section 3,to find a device that will give trust to it, save correspondingdata and will able to begin communications.

The node that belongs to the network, and is responsiblefor validating the new nodes data, will perform a diffusionprocess to the nodes that are within its communicationrange. These nodes will forward the received packets to

their neighbors until the data reach all nodes in thenetwork. This process allows verifying the validity anduniqueness of the new nodes data.

The authentication process for new device B is shown inFig. 3. The receiver node A validates the received data andsends a broadcast message to B to check if these data arenot used in the network (even the IP address). This IPchecking packet is sent randomly twice in order to avoidsimultaneous checks and reach all devices [13], [14]. Whenthe authentication device receives the IP checking reply, itsends the authentication reply to the new device. If any stepis wrong, an error message is sent to the new device.

When the node is authenticated, it is able to performseveral tasks. Some of them are performed transparently forthe user, but others are used by the user to perform someoperations in the network. They are the user applicationoptions. Fig. 4 shows the structure of the programmedapplication in UML language.

The authenticated node can perform the following tasks:. Display the nodes.. Modify the trust of the nodes.. Update the information: It allows a node to learn

about other nodes in the network and also to send itsdata to the network. This update could be for onlyone user or for all users in the network through acontrolled diffusion process.

. Other nodes certificate request: A node could berequested from other node, from all trusted nodes orfrom all known nodes. In case of all known nodes,the node that replies to the request will always signthe data. The data will be considered validated if atrusted node has signed them.

. Process an authentication request: The node authen-ticates a requesting node by validating the receivedinformation, user authentication, and verifying thenonduplication of the LID data and the proposed IP.

. Reply to an information request: the requestedinformation will be sent directly to the requestingnode or routed if the node is not on the commu-nication range.

. Forward an information request: The request will beforwarded if it is a broadcast message.

. Send data to one node: It can be sent symmetricallyor asymmetrically encrypted, or unencrypted.

. Send data to all nodes: This process is doing by aflooding system. Each node retransmits the data


Fig. 2. New network creation procedure.

Fig. 3. Authentication procedure.

8/12/2019 06212470

6/13

only the first it receives the data. It can be sentsymmetrically encrypted or unencrypted.

. Modify Data: User data can be modified and thepassword changed.

. Leave the network.To request a certificate, the node sends a request

certificate message to its trusted nodes. The applicationgenerates a packet to request the certificate to its trust nodeswhich are selected from the database. All the steps followed by this procedure are shown in Fig. 5.

To process the received request, the node checks if it canreply to the request, if not, the node sends the search toother nodes (that it trusts or known nodes). Then, the nodehas to validate the certificate and sends it to the requesting

node. When the server process receives the packet, itprocesses the packet in order to take the certificate andchecks its validity access to the certificate data. Fig. 6 showsthe steps of this procedure.

To send data encrypted with the public key to a node, theuser has to select the remote node and write the data. Then,the message is encrypted using the remote nodes publickey. Fig. 7 shows the encryption and packet sendingprocedure. The application encrypts the data with the publickey, generates the packet and sends it to the selected node.

Each node has to check every received data packet. If thereceived packet is not encrypted, it is shown directly to theuser, but if it is encrypted, the packet will be decipheredusing the encryption model used by the sender. Thealgorithm followed by the node is shown in Fig. 8. A nodefollows the procedure shown in Fig. 9 when it receives a

data packet that is ciphered by a public key. When theserver process received the packet, it is in charge of deciphering it with the private key of the user.

4.3 Protocol ImplementationWe have developed 16 packets for the proper running of theprotocol. Table 1 shows these packets. Some of them have been shown in Fig. 3.

When a device wants to join a spontaneous network ithas to start the process by sending a Discovery requestpacket (01), which contains the Logical IDentity of the userin order to let the destinations know the sender device. The


Fig. 5. Procedure to request a certificate from trusted nodes.

Fig. 6. Procedure to process the request. Fig. 7. Procedure to send data encrypted with the public key.

Fig. 4. Node options after the authentication procedure.

8/12/2019 06212470

7/13

receivers will reply with the Discovery reply packet (02)with their Logical IDentity, their IP address, and networkmask. This information is then used to learn the selected

device to authenticate and to propose an IP inside thatnetwork IP range. The authentication request packet (03) isused for the new device authentication. The authenticationreply packet (04) confirms that the proposed IP and the e-mail are unique in the network, so the new device isofficially authenticated. In case of duplication, an errorpacket is sent. The IP and e-mail checking packet (05) isused by the authenticator device to verify that no one in thenetwork has the same email or IP address as the oneproposed by the new device. The IP and e-mail checkingreply packet (06) is sent to the authenticator device in orderto verify that the IP and e-mail are unique. If the IP is

duplicated, the device must restart the authenticationprocess after the generation of a new IP. The update requestto one node (07) is used to request information to a specificknown node and the update reply from one node (08) isused to reply with the information requested by the updaterequest packet to one node. Unknown information can berequested from all nodes in the network by sending theupdate request to all network nodes packet by flooding (09).

The reply with the information requested is calledupdate reply to all network nodes packet (10). TheCertificate request to trusted nodes (11) and the Certificaterequest to known nodes (12) are used to request thecertificate from all trusted and all known nodes, respec-tively. Both packets are replied to by the certificate replypacket (13). Data are sent using the Packet for sending data(14). This packet is sent when the user decides tocommunicate with one or more nodes. These data could be sent in plain or encrypted text. The error packet (15) can be sent to indicate that this operation is not possible, because the authentication has failed, or because the nodedoes not have the required data. The acknowledge packet(16) is used to confirm to the sender that the packet hasarrived at its destination correctly.

4.4 Session Key Revocation

The user certificate has an expiration time. After this time,the user must authenticate with the device. Otherwise, thedevice is blocked. Session key has an expiration time, so it isrevoked periodically. A node that leaves the spontaneous

network will keep the session key until it expires. It will letthe user return to the network if it has joined previously(the spontaneous network is usually set up for a limited

period of time, which is usually not very long). However, if a node is disconnected from the network during the periodof time when the session key has been renewed, it will not be able to access the network until it is authenticated againwith someone from the network.

The session key is formed by three fields: session keycreation time/date ( Fc ), session key initial expiration time/date ( Fe1), and the session key ( Ks). The lifetime of thesession key is T i1 Fe 1 Fc . When a node receives thesession key, it will regenerate the expiration time/date of the key by using the session key initial expiration time/date. The expiration time/date F e2 is the session key initialexpiration time/date plus a random value that ranges from1 minute to the maximum expected duration time of thespontaneous network (this value depends on the type of spontaneous network: meeting, teaching, course,...). Fc, Fe1,Fe2, and Ks are stored in each node. Session keys do notexpire simultaneously in all nodes. It avoids networkflooding (to inform about the need for new session key)initiated simultaneously by many nodes, when the sessionkey is to be revoked. Node that detects expiring session keylifetime will send a broadcast message (with its currenttime) to advise other nodes that a new session key will begenerated, and to avoid duplications (in the event of a tie,


Fig. 9. Procedure to decrypt an encrypted data packet.

TABLE 1Protocols Packets

Fig. 8. Algorithm when data packets are received.

8/12/2019 06212470

8/13

the node with oldest time wins). Then, node sending the broadcast message will generate the new session key andwill broadcast it encrypted with the old session key to alltheir neighbors, to be eavesdropped). Then, the receiver willstore the new session key with the new session key initialexpiration time and will replace the old session key with thenew one, thus it will only be able to receive informationfrom updated nodes, not from ones not yet updated(thereby avoiding updating loops).

When the system detects that a node is compromised,trust is removed and the session key is regeneratedfollowing the aforementioned procedure. If a neighbor iscompromised, a new session key is sent using asymmetricencryption. Moreover, authenticity can be guaranteed if thenode that generated the new session key signs it.

5 S ECURITY ANALYSIS /EVALUATION OF THEP ROPOSED SCHEME

In this section, we analyze and evaluate the proposedsecurity scheme. The proposed security protocol is adap-table because new security cryptographic algorithms can beeasily added. In order to perform an analysis andevaluation from the practical perspective, we provideTable 6, which shows the most common attacks inspontaneous wireless ad hoc networks and how ourproposal refuses them. We can observe that the securemechanisms included in our spontaneous ad hoc networkmake it to accomplish high level of security.

6 COMPARING SPONTANEOUS NETWORKFEATURES

We have not found another secure protocol for spontaneouswireless ad hoc network deployed, so we have searchedother spontaneous network proposals published in theliterature in order to compare their features with ourproposal. Some of them have not included any securitysystem, but others have included some systems that exist bydefault in the used technology, such as Wired EquivalentPrivacy (WEP), IPSec, and Diffie-Hellman. But no onepropose a complete security protocol, which is the mainpurpose of this paper. Moreover, the security explanationsin these papers are few and they do not tackle securityissues in detail. They only describe how new nodes join thenetwork securely; neither explain how the information is

secured nor show its security performance.In this comparison, we have included the main featuresof a spontaneous network: need for user intervention, self-configuration, and security. We have also included networkpurpose (what is it created for), the programming languageused to create it and if there is a real prototype in existence.Table 5 shows the comparison of other networks with ourproposal. As we have detailed in the related work section,in [20], [21], and [22] only include a security mechanism foraccessing new nodes is only included, not a completesecurity protocol to perform secure communications inspontaneous networks.

7 P ERFORMANCE ANALYSISWe ran a set of tests to validate the protocol operation andtest its performance. The protocol has been developed using

Java programming, whose mobility, interoperability, and

multiplatform features are very useful to deploy theprotocol. Given that the protocol may work on deviceswith limited resources, we have used a Java variant called Java 2 Platform, Micro Edition (J2ME). It also has a smalland fast virtual machine (KVM) that allows us to run thesoftware without overloading the device. This platform isespecially designed for personal use and embeddeddevices. The configuration package selected was theconnected limited device configuration (CLDC). It is a setof classes for a family of mobile devices, defining the typeand amount of memory or processor type. Devices runningCLDC must have a minimum of 160 KB memory to store the Java technology stack. It can run when there are computingand process limitations, and for low-power devices. Itallows the implementation of communication protocolsover both WiFi and Bluetooth technologies. We used MobileInformation Devi Profile (MIDP), suitable for portabledevices with limited screen, required for persistent storage,and network communications capabilities. We used a third-party manufacturer to introduce security in the protocol.We selected Crypto, a Bouncy Castle Lightweight API [38]solution, since it provides a lightweight cryptographic opensource API, which can be used in any environment,including J2ME.

7.1 Test BenchTo evaluate our protocol, we performed a series of teststhroughout the entire life cycle of the device. The tests werecarried out with different mobile phones and PDAs, and we


TABLE 2Times for Each Cryptographic Operation

8/12/2019 06212470

9/13

8/12/2019 06212470

10/13

selected for this operation. Avoiding these operations, theones that use the ECC algorithm (encryption, signing,decryption, and verification) are the ones that need more

time. All ECC operations have a delay around 8 seconds.The lower time cost is given by the symmetrical operations,which are the most used security operations in the protocol.We have verified the encryption/decryption processesamong nodes, the process when they receive data and wemeasured the time needed to perform these operations.

7.3 Response Times Sending DataIn order to test whether delivery times are adequate, wetestedtheresponsetimesofaregularpacketinbothBluetoothandWiFi. Fig. 11 shows theaverage value,obtained from fivetests, and the maximum and minimum values. The real test

always gave higher values than the simulator. The real testmeasurements have been performed in a spontaneousnetwork with eight devices. The highest value was given bythe Nokia E65 using Bluetooth (354.82milliseconds), whileWiFi gave 277.6 milliseconds. When we used the simulatorsoftware, themean value forBluetoothwas74.4 milliseconds,for WiFi it was 84.4 milliseconds.

7.4 Data Size and Memory TestsWe carried out two types of tests. The first one to obtain thestorage memory size needed for the configuration data(user and data network configuration). The second one to

find out how much memory is needed to implement theprotocol. The memory needed depends on the number of nodes in the spontaneous network. More nodes imply the

need of more memory to store their data.User data and network configuration and informationdata obtained or generated during the set up process aresaved in a storage memory. This information can beremoved when the user leaves the application or it may be stored if the user wants to use it later. Table 3 shows datasize tests with the number of bytes needed for each process.For example, a device of a user with regular data, whichknows eight nodes in the same spontaneous network, willuse approximately 6 KB of memory. This is completelyaffordable for a mobile device.

Fig. 12 shows the maximum number of nodes that can be

stored depending on the available memory capacity of themobile device when the percentage of memory availabilityfor data storage is 30 percent (which will entail no storageproblem if the devices have limited resources).

The network is expected to be a small or medium-sizednetwork, so it would require a small storage memory towork within the network. Also today almost all new mobiledevices can increase their capacity with external memorycards, thus increasing storage capacity.

The devices running this protocol must have a minimumof volatile memory. Table 4 shows the protocol and theamount of memory used by each step at any time. Once a


Fig. 13. Memory used by both nodes from the certificate creation to the data transfer between them.

Fig. 14. Memory used by the authenticated node and by the node that carried out the authentication when a new node becomes part of the network.

8/12/2019 06212470

11/13

8/12/2019 06212470

12/13

[4] R. Lacuesta, J. Lloret, M. Garcia, and L. Penalver, A SpontaneousAd-Hoc Network to Share WWW Access, EURASIP J. WirelessComm. and Networking, vol. 2010, article 18, 2010.

[5] Y. Xiao, V.K. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, ASurvey of Key Management Schemes in Wireless Sensor Net-works, Computer Comm., vol. 30, nos. 11/12, pp. 2314-2341, Sept.2007.

[6] V. Kumar and M.L. Das, Securing Wireless Sensor Networkswith Public Key Techniques, Ad Hoc and Sensor Wireless Networks,vol. 5, nos. 3/4, pp. 189-201, 2008.

[7] S. Zhu, S. Xu, S. Setia, and S. Jajodia, LHAP: A Lightweight Hop- by-Hop Authentication Protocol For Ad-Hoc Networks, Ad HocNetworks J., vol. 4, no. 5, pp. 567-585, Sept. 2006.

[8] A. Noack and S. Spitz, Dynamic Threshold Cryptosystemwithout Group Manager, Network Protocols and Algorithms,vol. 1, no. 1, Oct. 2009.

[9] J. Yan, J. Ma, F. Li, and S.J. Moon, Key Pre-distribution Schemewith Node Revocation for Wireless Sensor Networks, Ad Hoc andSensor Wireless Networks, vol. 10, nos. 2/3, pp. 235-251, 2010.

[10] M. Mukesh and K.R. Rishi, Security Aspects in Mobile Ad HocNetwork (MANETs): Technical Review, Intl J. Computer Applica-tions, vol. 12, no. 2, pp. 37-43, Dec. 2010.

[11] K. Sahadevaiah and P.V.G.D. Prasad Reddy, Impact of SecurityAttacks on a New Security Protocol for Mobile Ad Hoc Networks,Network Protocols and Algorithms, vol 3, no. 4, pp. 122-140, 2011.

[12] L. Herrero and R. Lacuesta, A Security Architecture Proposal forSpontaneous Networks, Proc. Intl Conf. Advances in the InternetProcessing System and Interdisciplinary Research, Oct. 2003.

[13] R. Lacuesta and L. Penaver, IP Addresses Configuration inSpontaneous Networks, Proc. Ninth WSEAS Intl Conf. Computers(ICCOMP 05), July 2005.

[14] R. Lacuesta and L. Pen alver, Automatic Configuration of Ad-HocNetworks: Establishing Unique IP Link-Local Addresses, Proc.Intl Conf. Emerging Security Information, Systems and Technologies(SECURWARE 07), 2007.

[15] J. Latvakoski, D. Pakkala, and P. Paakkonen, A CommunicationArchitecture for Spontaneous Systems, IEEE Wireless Comm.,vol. 11, no. 3, pp. 36-42, June 2004.

[16] L. Liu, J. Xu, N. Antonopoulos, J. Li, and K. Wu, AdaptiveService Discovery on Service-Oriented and Spontaneous SensorSystems, Ad Hoc and Sensor Wireless Networks, vol. 14, nos. 1/2,pp. 107-132, 2012.

[17] S. Gallo, L. Galluccio, G. Morabito, and S. Palazzo, Rapid andEnergy Efficient Neighbor Discovery for Spontaneous Networks,Proc. Seventh ACM Intl Symp. Modeling, Analysis and Simulation of Wireless and Mobile Systems, Oct. 2004.

[18] J. Backstro m and S. Nadjm-Tehrani, Design of a Contact Servicein a Jini-Based Spontaneous Network, Proc. Intl Conf. and Exhibitson the Convergence of IT and Comm., Aug. 2001.

[19] V. Untz, M. Heusse, F. Rousseau, and A. Duda, Lilith: anInterconnection Architecture Based on Label Switching forSpontaneous Edge Networks, Proc. First Ann. Intl Conf. Mobileand Ubiquitous Systems: Networking and Services (Mobiquitous 04),Aug. 2004.

[20] L.M. Feeney, B. Ahlgren, A. Westerlund, and A. Dunkels,Spontnet: Experiences in Configuring and Securing SmallAd Hoc Networks, Proc. Fifth Intl Workshop Network Appliances,Oct. 2002.

[21] M. Danzeisen, T. Braun, S. Winiker, D. Rodellar, Implementationof a Cellular Framework for Spontaneous Network Establish-ment, Proc. IEEE Wireless Comm. and Networking Conf. (WCNC 05),Mar. 2005.

[22] J. Rekimoto, SyncTap: Synchronous User Operation for Sponta-neous Network Connection, Personal and Ubiquitous Computing,vol. 8, no. 2, pp. 126-134, May 2004.

[23] C. Cornelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, andN. Triandopoulos, Anonysense: Privacy-Aware People-CentricSensing, Proc. Sixth Intl Conf. Mobile Systems, Applications, andServices (MobiSys 08), pp. 17-20, June 2008.

[24] R. Lacuesta, J. Lloret, M. Garcia, and L. Penalver, Two Secure andEnergy-Saving Spontaneous Ad-Hoc Protocol for Wireless MeshClient Networks, J. Network and Computer Applications, vol. 34,

no. 2, pp. 492-505, Mar. 2011.[25] J. Sun, C. Zhang, Y. Zhang, and Y. (Michael) Fang, An Identity-Based Security System for User Privacy in Vehicular Ad HocNetworks, IEEE Trans. Parallel and Distributed Systems, vol. 21,no. 9, pp. 1227-1239, Sept. 2010.

[26] FIPS 180-1 - Secure Hash Standard, SHA-1, National Institute of Standards and Technology, http://www.itl.nist.gov/fipspubs/fip180-1.htm, Feb. 27, 2012.

[27] A. Wander, N. Gura, H. Eberle, V. Gupta, and S. Chang, EnergyAnalysis for Public-Key Cryptography for Wireless Sensor Net-works, Proc. IEEE Third Intl Conf. Pervasive Computing and Comm.(PerCom 05), pp. 8-12, Mar. 2005.

[28] N.R. Potlapally, S. Ravi, A. Raghunathan, and N.K. Jha, Analyz-ing the Energy Consumption of Security Protocols, Proc. IntlSymp. Low Power Electronics and Design (ISLPED 03), 2003.

[29] J. Goodman and A. Chandrakasan, An Energy EfficientReconfigurable Public-Key Cryptography Processor Architec-ture, Proc. Intl Workshop Cryptographic Hardware and EmbeddedSystems (CHES 00), pp. 175-190, 2000.

[30] S. Landau, Communications Security for the Twenty-FirstCentury: The Advanced Encryption Standard, Notices of the Am. Math. Soc., vol. 47, no. 4, pp 450-459, Apr. 2000.

[31] J. Lopez and R. Dahab, Performance of Elliptic Curve Crypto-systems, Technical Report IC-00-08, May 2000.

[32] R. Mayrhofer, F. Ortner, A. Ferscha, and M. Hechinger, SecuringPassive Objects in Mobile Ad-Hoc Peer-to-Peer Networks,Electronic Notes in Theoretical Computer Science, vol. 85, no. 3,pp. 105-121, Aug. 2003.

[33] S.E. Czerwinski, B.Y. Zhao, T.D. Hodes, A.D. Joseph, and R.H.Katz, An Architecture for a Secure Service Discovery Service,Proc. ACM/IEEE MobiCom 99, Aug. 1999.

[34] L. Liu, J. Xu, N. Antonopoulos, J. Li, and K. Wu, AdaptiveService Discovery on Service-Oriented and Spontaneous SensorSystems, Adhoc and Sensor Wireless Networks, vol. 14, nos. 1/2,pp. 107-132, 2012.

[35] S. Capkun, L. Buttyan, and J.-P. Hubaux, Self-Organized Public-Key Management for Mobile Ad Hoc Networks, IEEE Trans. Mobile Computing, vol. 2, no. 1, pp. 52-64, Jan.-Mar. 2003.

[36] T. Czachorski and F. Pekergin, Diffusion Approximation as aModeling Tool in Congestion Control and Performance Evalua-tion, Proc. Second Intl Working Conf. Performance Modelling andEvaluation of Heterogeneous Networks (HET-NETs 04), July 26-28,2004.

[37] R. Lacuesta and L. Herrero, A Good Use of Bluetooth, A GoodUse of Bluetooth, Proc. Intl Workshop Advanced Web Eng. for e-Business (AWEEB 04), Mar. 21, 2004.

[38] The Legion of the Bouncy Castle Website, at http://www.bouncycastle.org, Feb. 2012.

[39] Netbeans website, at: http://netbeans.org/, Feb. 2012.[40] V.H. Zarate Silva, E.I. De la Cruz Salgado, and F. Ramos Quintana,

AWISPA: An Awareness Framework for Collaborative Sponta-neous Networks, Proc. ASEE/IEEE 36th Frontiers in EducationConf., Oct. 2006.

Raquel Lacuesta received the degree of com-puter science engineering in 1999 and the PhDdegree in computer science engineering (Dr.Ing)in 2008 both from the Polytechnic University ofValencia. Her main topics of research aresecurity and autoconfiguration on ad hoc andspontaneous networks and design and evalua-tion of routing algorithms. She is working mainly

with The Networking Research Group (GRC)that belongs to the Technical University ofValencia (UPV) which was founded in the last quarter of 2000. Shehas more than 30 scientific papers published in national and interna-tional conferences; she has also more than 15 papers about educationpublished in national and international conferences and several paperspublished in international journals. She is an associate editor andreviewer in the international journal Networks Protocols and Algorithms and member of different national and international researching project.She has been involved in several important program committees ofinternational conferences and in the organization of some of them. Also,she has been chairwoman on different international conferences.


8/12/2019 06212470

13/13

06212470

Documents