@inproceedings{panos:cnds:02,
abstract = {The emergence of the Mobile Ad Hoc Networking (MANET) technology advocates self-organized wireless interconnection of communication devices that would either extend or operate in concert with the wired networking infrastructure or, possibly, evolve to autonomous networks. In either case, the proliferation of MANET-based applications depends on a multitude of factors, with trustworthiness being one of the primary challenges to be met. Despite the existence of well-known security mechanisms, additional vulnerabilities and features pertinent to this new networking paradigm might render such traditional solutions inapplicable. In particular, the absence of a central authorization facility in an open and distributed communication environment is a major challenge, especially due to the need for cooperative network operation. In particular, in MANET, any node may compromise the routing protocol functionality by disrupting the route discovery process. In this paper, we present a route discovery protocol that mitigates the detrimental effects of such malicious behavior, as to provide correct connectivity information. Our protocol guarantees that fabricated, compromised, or replayed route replies would either be rejected or never reach back the querying node. Furthermore, the protocol responsiveness is safeguarded under different types of attacks that exploit the routing protocol itself. The sole requirement of the proposed scheme is the existence of a security association between the node initiating the query and the sought destination. Specifically, no assumption is made regarding the intermediate nodes, which may exhibit arbitrary and malicious behavior. The scheme is robust in the presence of a number of non-colluding nodes, and provides accurate routing information in a timely manner.},
author = {Panagiotis Papadimitratos and Zygmunt J. Haas},
booktitle = {Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS)},
pages = {193--204},
title = {Secure Routing for Mobile Ad hoc Networks},
year = {2002}
}

@inproceedings{Clavel:03,
author = {Manuel Clavel and Francisco Dur{\'a}n and Steven Eker and Patrick Lincoln and Narciso Mart\'{\i}-Oliet and Jos{\'e} Meseguer and Carolyn L. Talcott},
booktitle = {Proceedings of the 13th International Conference on Rewriting Techniques and Applications (RTA)},
editor = {Robert Nieuwenhuis},
pages = {76--87},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science},
title = {The {Maude} 2.0 System},
volume = {2706},
year = {2003}
}

@inproceedings{HeMitchell05,
author = {Changhua He and John C.~Mitchell},
booktitle = {Proceedings of the 12th Annual Network and Distributed System Security Symposium},
month = {Feb},
title = {Security Analysis and Improvements for IEEE 802.11i},
year = {2005}
}

@article{meadows03formal,
author = {Catherine Meadows},
journal = {IEEE Journal on Selected Areas in Communications},
month = {January},
number = {1},
pages = {44--54},
title = {Formal methods for cryptographic protocol analysis: emerging issues and trends},
volume = {21},
year = {2003}
}

@inproceedings{dill96murphi,
author = {D.~L.~Dill},
booktitle = {Proceedings of the Eighth International Conference on Computer Aided Verification {CAV}},
month = {July},
pages = {390--393},
publisher = {Springer Verlag},
title = {The Mur$\varphi$ Verification System},
url = {citeseer.ist.psu.edu/dill96murphi.html},
volume = {1102},
year = {1996}
}

@misc{clavel-etal-03maudeman,
author = {Clavel, M. and Dur\'an, F. and Eker, S. and Lincoln, P. and Marti-Oliet, N. and Meseguer, J. and Talcott, C.},
note = {http://maude.csl.sri.com/},
title = {Maude 2.0 Manual},
year = {2003}
}

@misc{AusCert04-02,
author = {AusCert AA-2004.02},
month = {May 13},
title = {Denial of Service Vulnerability in {IEEE 802.11} Wireless Devices},
url = {http://www.auscert.org.au/render.html?it=4091},
year = {2003}
}

@inproceedings{HeMitchell04,
author = {Changhua He and John C. Mitchell},
booktitle = {Proceedings of the 2004 ACM workshop on Wireless Security},
doi = {http://doi.acm.org/10.1145/1023646.1023655},
isbn = {1-58113-925-X},
location = {Philadelphia, PA, USA},
pages = {43--50},
publisher = {ACM Press},
title = {Analysis of the 802.11i 4-way handshake},
year = {2004}
}

@article{ButtyanHubaux02,
author = {Levente Butty{\'a}n and Jean-Pierre Hubaux},
journal = {Mobile Computing and Communications Review},
month = {November},
note = {\url{http://lcawww.epfl.ch/Publications/Buttyan/ButtyanH02mc2r.pdf}},
number = {4},
title = {Report on a Working Session on Security in Wireless Ad Hoc Networks},
url = {http://lcawww.epfl.ch/Publications/Buttyan/ButtyanH02mc2r.pdf},
volume = {6},
year = {2002}
}

@url{FortressURL,
note = {\url{http://www.fortresstech.com}},
title = {{Fortress Technologies, Inc.}}
}

@article{CapkunButtyanHubaux05,
abstract = { We propose a straightforward technique to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols are run. We illustrate the operation of the solution in two scenarios, both in the framework of mobile ad hoc networks. In the first scenario, we consider fully self-organized security: users authenticate each other by visual contact and by the activation of an appropriate secure side channel of their personal device; we show that the process can be fuelled by taking advantage of trusted acquaintances (the friends'' mechanism). In the second scenario, we assume the presence of an off-line certification authority and we show how mobility helps to solve the security-routing interdependency cycle; in this case, the security protocol runs over one-hop radio links. We then show that the proposed solution is generic: it can be deployed on any mobile network and it can be implemented either with symmetric or with asymmetric cryptography. We provide a detailed performance analysis by studying the behavior of the solution on various mobility models.},
author = {Srdjan Capkun and Levente Butty{\'a}n and Jean-Pierre Hubaux},
journal = {To appear in IEEE Transactions on Mobile Computing},
note = {\url{http://icwww.epfl.ch/publications/documents/IC_TECH_REPORT_200381.pdf}},
title = {Mobility Helps Peer-to-Peer Security},
url = {http://icwww.epfl.ch/publications/documents/IC_TECH_REPORT_200381.pdf},
year = {2005}
}

@url{AirTightURL,
note = {\url{http://www.airtightnetworks.net}},
title = {{AirTight Networks, Inc.}}
}

@url{TrapezeURL,
note = {\url{http://www.trapezenetworks.com}},
title = {{Trapeze Networks, Inc.}}
}

@url{MeshDynURL,
note = {\url{http://www.meshdynamics.com}},
title = {{MeshDynamics, Inc.}}
}

@url{NovaURL,
note = {\url{http://www.novaroam.com}},
title = {{Nova Engineering, Inc.}}
}

@techreport{trapeze:whitepaper1,
author = {Trapeze},
institution = {Trapeze Networks, Inc., White Paper},
note = {\url{http://www.trapezenetworks.com/technology/whitepapers/illusionofsecurity/illusionofsecurity.pdf}},
title = {The Illusion of Security: Using {IPsec VPNs} to Secure the Air},
url = {http://www.trapezenetworks.com/technology/whitepapers/illusionofsecurity/illusionofsecurity.pdf}
}

@techreport{mesh:whitepaper1,
address = {Maitland, Florida},
author = {MeshNetworks},
institution = {MeshNetworks, Inc., White Paper},
note = {\url{http://meshnetworks.com/pdf/wp_security_issues.pdf}},
title = {Security Issues \& Solutions In Mobile Ad Hoc Networks},
url = {http://meshnetworks.com/pdf/wp_security_issues.pdf},
year = {2003}
}

@techreport{fortress:whitepaper1,
author = {Fortress},
institution = {Fortress Technologies, Inc., White Paper},
note = {\url{http://www.fortresstech.com/pdf/Public_Safety_Syracuse_Police.pdf}},
title = {Public Safety: Wireless-enabled Patrol Cars},
url = {http://www.fortresstech.com/pdf/Public_Safety_Syracuse_Police.pdf},
year = {2004}
}

@url{BelAirURL,
note = {\url{http://belairnetworks.com}},
title = {{BelAir Networks, Inc.}}
}

@techreport{tropos:whitepaper1,
author = {Tropos},
institution = {Tropos Networks, Inc., White Paper},
note = {\url{http://www.tropos.com/pdf/Tropos_Security_WP.pdf}},
title = {Multi-Layered Security Framework for Metro-Scale {Wi-Fi} Networks},
url = {http://www.tropos.com/pdf/Tropos_Security_WP.pdf},
year = {2004}
}

@url{TroposURL,
note = {\url{http://www.tropos.com/}},
title = {{Tropos Networks, Inc.}}
}

@url{MeshURL,
note = {\url{http://meshnetworks.com/}},
title = {{MeshNetworks, Inc.}}
}

@url{CraniteURL,
note = {\url{http://cranite.com/}},
title = {{Cranite Systems, Inc.}}
}

@techreport{cranite:whitepaper1,
address = {West Point, New York},
author = {Colonel Donald J.~Welch and Major Scott D.~Lathrop},
institution = {Department of Electrical Engineering and Computer Science, United States Military Academy at West Point},
note = {\url{http://www.itoc.usma.edu/Documents/ITOC_TR-2003-101_(G6).pdf}},
number = {ITOC-TR-2003-101},
title = {A Survey of 802.11a Wireless Security Threats and Security Mechanisms},
url = {http://www.itoc.usma.edu/Documents/ITOC_TR-2003-101_(G6).pdf},
year = {2003}
}

@techreport{mishra-arbaugh02,
abstract = {The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes.},
author = {Arunesh Mishra and William A. Arbaugh},
institution = {University of Maryland},
number = {CS-TR-4328},
title = {An Initial Security Analysis of the {IEEE 802.1X} Standard},
year = {2002}
}

@url{cranite:whitepaper2,
annote = {White Paper},
author = {Cranite},
month = {Sep},
note = {\url{http://www.cranite.com/pdf/whitepapers/cranite-best-practices.pdf}},
title = {Best Practices: Wireless {LAN} Design, Implementation and Management},
url = {http://www.cranite.com/pdf/whitepapers/cranite-best-practices.pdf},
year = {2003}
}

@inproceedings{buchegger:nodes:2002,
abstract = {Nodes in mobile ad hoc networks do not rely on a central infrastructure but relay packets originated by other nodes. Mobile ad hoc networks can work properly only if the participating nodes cooperate in routing and forwarding. For individual nodes it might be advantageous not to collaborate, though. The new routing protocol extensions presented in this paper make it possible to detect and isolate misbehaving nodes, thus making it unattractive to deny cooperation. In the presented scheme, trust relationships and routing decisions are made based on experienced, observed, or reported routing and forwarding behavior of other nodes. A hybrid scheme of selective altruism and utilitarianism is presented to strengthen mobile ad hoc network protocols in their resistance to security attacks, while aiming at keeping network throughput, or goodput, high. This paper focuses particularly on the network layer, using the Dynamic Source Routing (DSR) protocol as an example.},
author = {Sonja Buchegger and Jean-Yves Le Boudec},
booktitle = {{Proceedings of the Tenth Euromicro Workshop on Parallel, Distributed and Network-based Processing}},
linux = {file:///home/linda/Papers/security/buchegger_leboudec02.pdf},
month = {January},
pages = {403--410},
publisher = {{IEEE} Computer Society},
title = {{Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks}},
url = {http://citeseer.nj.nec.com/buchegger02nodes.html},
windows = {file:///Z:/Papers/security/buchegger_leboudec02.pdf},
year = {2002}
}

@inproceedings{Buchegger2002mOctober,
abstract = {In mobile ad-hoc networks, nodes do not rely on any routing infrastructure but relay packets for each other. Thus communication in mobile ad-hoc networks functions properly only if the participating nodes cooperate in routing and forwarding. However, it may be advantageous for individual nodes not to cooperate, for example to save power or to launch security attacks such as denial-of-service. In this paper, we give an overview of potential vulnerabilities and requirements of mobile ad-hoc networks, and of proposed prevention, detection and reaction mechanisms to thwart attacks. },
author = {Buchegger, S. and Le Boudec, J. Y.},
booktitle = {Proceedings of Mobile Internet Workshop. Informatik 2002.},
linux = {file:///home/linda/Papers/security/buchegger_leboudec02b.pdf},
month = {October},
title = {Cooperative Routing in Mobile Ad-hoc Networks: Current Efforts Against Malice and Selfishness},
url = {http://lcawww.epfl.ch/},
windows = {file:///Z:/Papers/security/buchegger_leboudec02b.pdf},
year = {2002}
}

@inproceedings{Hubaux2001mOctober,
abstract = {So far, research on mobile ad hoc networks has been focused primarily on routing issues. Security, on the other hand, has been given a lower priority. This paper provides an overview of security problems for mobile ad hoc networks, distinguishing the threats on basic mechanisms and on security mechanisms. It then describes our solution to protect the security mechanisms. The original features of this solution include that (i) it is fully decentralized and (ii) all nodes are assigned equivalent roles.},
author = {Hubaux, J. P. and Buttyan, L. and Capkun, S.},
booktitle = {Proceedings of ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC)},
linux = {file:///home/linda/Papers/security/hubaux+01.pdf},
month = {October},
title = {The Quest for Security in Mobile Ad Hoc Networks},
url = {http://lcawww.epfl.ch/},
windows = {file://Z:/Papers/security/hubaux+01.pdf},
year = {2001}
}

@article{zhou99securing,
author = {Lidong Zhou and Zygmunt J. Haas},
journal = {{IEEE} Network},
linux = {file:///home/linda/Papers/security/zhou_haas99.pdf},
number = {6},
pages = {24--30},
title = {Securing Ad Hoc Networks},
url = {http://citeseer.nj.nec.com/zhou99securing.html},
volume = {13},
windows = {file:///Z:/Papers/security/zhou_haas99.pdf},
year = {1999}
}

@inproceedings{luo02selfsecuring,
abstract = {Mobile ad hoc networking offers convenient infrastructure-free communication over the shared wire-less channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Exam-ples of such attacks include passive eavesdropping over the wireless channel, denial of service attacks by malicious nodes as well as attacks from compromised nodes or stolen devices. Unlike their wired counterpart, infrastructureless ad hoc networks do not have a clear line of defense, and every node must be prepared for encounters with an adversary. Therefore, a centralized or hierarchical network security solution does not work well. \par This work provides scalable, distributed authentication services in ad hoc networks. Our design takes a self-securing approach, in which multiple nodes (say, k) collaboratively provide authentication services for any node in the network. This paper follows the design guidelines of [7] and makes several new contributions. We first formalize a localized trust model that lays the foundation for the design, and then expand the adversary model that the system should handle. We further propose refined localized certification services, and develop a new scalable solution of share updates to resist more powerful adversaries. Finally, the new solution is evaluated through simulations.},
author = {Haiyun Luo and Petros Zefros and Jiejun Kong and Songwu Lu and Lixia Zhang},
booktitle = {Seventh IEEE Symposium on Computers and Communications (ISCC '02)},
linux = {file:///home/linda/Papers/security/luo+02.pdf},
title = {Self-securing Ad Hoc Wireless Networks},
url = {http://citeseer.nj.nec.com/507663.html},
windows = {file:///Z:/Papers/security/luo+02.pdf},
year = {2002}
}

@misc{lamsal01,
abstract = {This article is a literature survey on trust theory, the relationship between trust and security and distribution of trust in networks, especially in distributed and open networks. The article is divided into three sections: trust theory, security principles and trust distribution. The trust theory section looks at the theoretical aspects of trust and shows some of the methods researchers use to quantify trust. The security theory section explains the fundamentals of security and tries to establish a relationship between security and trust. This section also attempts to highlight the significance of trust in distributed network security. The final section considers ad hoc networks as one of the latest paradigms in wireless networking and looks at some proposals and initiatives aimed at establishing trust distribution in ad hoc networks.},
author = {Pradip Lamsal},
linux = {file:///home/linda/Papers/security/lamsal01.pdf},
pdf = {http://www.cs.helsinki.fi/u/lamsal/papers/UnderstandingTrustAndSecurity.pdf},
title = {Understanding Trust and Security},
url = {http://citeseer.nj.nec.com/520130.html},
windows = {file:///Z:/Papers/security/lamsal01.pdf},
year = {2001}
}

@misc{lamsal01ietf-rfc,
abstract = {This document is a survey of the security related standards or specifications published by IETF. The RFCs presented here belong to different working groups of the security area of IETF. Only half of the working groups have published RFCs and work is in progress in the remaining working groups. The main RFCs belonging to each of the working groups are described.},
author = {Pradip Lamsal},
linux = {file:///home/linda/Papers/security/lamsal01b.pdf},
pdf = {http://www.cs.helsinki.fi/u/lamsal/papers/IetfRfcSurveyFinal.pdf},
title = {Survey of {IETF} Security {RFCs}},
windows = {file:///Z:/Papers/security/lamsal01b.pdf},
year = {2001}
}

@misc{lamsal01ietf-draft,
abstract = {This document is a survey of the security related Internet drafts published by IETF. The Internet drafts presented here belong to different working groups of the security area of IETF. Important drafts from most of the working groups are described here.},
author = {Pradip Lamsal},
linux = {file:///home/linda/Papers/security/lamsal01c.pdf},
pdf = {http://www.cs.helsinki.fi/u/lamsal/papers/IetfInternetDraftSurveyFinal.pdf},
title = {Survey of {IETF} Security Internet Drafts},
windows = {file:///Z:/Papers/security/lamsal01c.pdf},
year = {2001}
}

@inproceedings{schneider00disseminating,
abstract = {This paper describes a framework for managing and distributing trust information in a community of mobile and wearable computer users. Trust information in the form of reputations are used to aid users during their social interactions with the rest of the community.},
author = {Jay Schneider and Gerd Kortuem and Joe Jager and Steve Fickas and Zary Segall},
booktitle = {2nd International Symposium on Handheld and Ubitquitous Computing (HUC2K)},
linux = {file:///home/linda/Papers/wearable/schneider+00.pdf},
title = {Disseminating Trust Information in Wearable Communities},
url = {http://citeseer.nj.nec.com/schneider00disseminating.html},
windows = {file:///Z:/Papers/wearable/schneider+00.pdf},
year = {2000}
}

@inproceedings{balfanz02,
abstract = {In this paper we address the problem of secure communication and authentication in ad-hoc wireless networks. This is a difficult problem, as it involves bootstrapping trust between strangers. We present a user-friendly solution, which provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives. In our approach, devices exchange a limited amount of public information over a privileged side channel, which will then allow them to complete an authenticated key exchange protocol over the wireless link. Our solution does not require a public key infrastructure, is secure against passive attacks on the privileged side channel and all attacks on the wireless link, and directly captures users' intuitions that they want to talk to a particular previously unknown device in their physical proximity. We have implemented our system in Java for a variety of different devices, communication media, and key exchange protocols.},
author = {Dirk Balfanz and D.~K.~Smetters and Paul Stewart and H.~Chi Wong},
booktitle = {Network and Distributed System Security Symposium},
linux = {file:///home/linda/Papers/security/balfanz+02.pdf},
title = {Talking To Strangers: Authentication in Ad-Hoc Wireless Networks},
url = {http://citeseer.nj.nec.com/502579.html},
windows = {file:///Z:/Papers/security/balfanz+02.pdf},
year = {2002}
}

@misc{vanhala00,
abstract = {A short-range wireless channel has security problems that differ from those of more conventional networks. This paper presents first the general features of ad-hoc networks. Characteristic security issues in ad-hoc networks will be enlightened next. Finally, an example of a short-range wireless network will be presented. The Bluetooth standard is described shortly as well as the found weaknesses in its security. },
author = {Anne Vanhala},
howpublished = {Research seminar on Security in Distributed Systems. Department of Computing Science, University of Helsinki.},
linux = {file:///home/linda/Papers/security/vanhala00.pdf},
title = {Security in Ad-hoc Networks},
url = {http://citeseer.nj.nec.com/vanhala00security.html},
windows = {file:///Z:/Papers/security/vanhala00.pdf},
year = {2000}
}

@inproceedings{jallad02,
abstract = {We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an unwitting decryption oracle.'' We argued further that such attacks are quite feasible and therefore represent a serious concern. Here, we investigate these claims in more detail by attempting to implement the suggested attacks. On one hand, we are able to successfully implement the described attacks against PGP and GnuPG (two widely-used software packages) in a number of different settings. On the other hand, we show that the attacks largely fail when data is compressed before encryption.\par Interestingly,the attacks are unsuccessful for largely fortuitous reasons; resistance to these attacks does not seem due to any conscious effort made to prevent them. Based on our work, we discuss those instances in which chosen-ciphertext attacks do indeed represent an important threat and hence must be taken into account in order to maintain confidentiality. We also recommend changes in the OpenPGP standard to reduce the effectiveness of our attacks in these settings. },
author = {Kahil Jallad and Jonathan Katz and Bruce Schneier},
booktitle = {Proceedings of Information Security Conference},