1
ARCHITECTURE FOR CENTRALIZED (SECURE)
KEY MANAGEMENT ON WIRELESS AD-HOC NETWORKS
M Khurram Shahzad1, Mr. Ejaz Ahmad1
{56khurram, ejaz}@niit.edu.pk
1
NIIT, H-166-A, Str. #9, Chaklala Scheme3, Rawalpindi
Abstract--The hard problem in Wireless Ad-hoc Networks is the
efficient key management, where centralized approach with tree
based data structure adds further to this efficiency. This paper
combines hierarchical access control with single key to encrypt
multiple data streams giving users different data access privileges
which may be based upon to have Quality of Service
implementation on Wireless Sensor Networks (WSN). Central
components for security like e.g. Key-distribution centers or
Central Authorities are the key challenges to realize. In fact, the
data gathering applications that utilize these networks eventually
have an inherent centralized architecture. In this paper, we will
present the literature survey for secure key management and
propose our solution.
Key terms: Secret key, Fresh Session Key, Central
authority, Symmetric & Asymmetric keys, Hierarchal
architecture, Bluetooth, Resource Group and Data Group.
I. INTRODUCTION
The work by Evaristo et lel. [4], reported that pendulum is again
shifting towards the centralized IT architecture. There has been
more than one reversal of trends, something not generally
acknowledged in the literature. While centralized methods are
often appropriate for key distribution in large multicast-style
groups, many collaborative group settings require distributed key
agreement techniques. However, experience shows that security
mechanisms for collaborative and dynamic peer groups tend to
be both expensive and unexpectedly complex. The centralized
architecture is inheritably more secure then the distributed one,
but here single point of failure is a challenge.
The author Datta et el in [14], reported that we must
secure entire internet-work system, not just an individual
component. Solutions must be robust/adapt to new threats as
much as possible. WSN have NO clear line of defense; each
node is a host as well as a “router”. Central components for
security such as Central Authorities (CA) are hard problem to
realize. It is therefore difficult to distribute encryption keys
necessary for the secure communication among sensors. Sensor
nodes have several constraints, involving battery power, re-
chargeability, sleep patterns, working memory, transmission
range, tamper protection and time synchronization operations.
Where as most of the work is based on the performance and
efficiency related issues. There are several other constraints
related to the network as well, such as ad-hoc networking,
limited pre-configuration, data rate and packet size, channel error
rate, intermittent connectivity, latency and isolated subgroups.
These constraints make it especially challenging to design
security protocols for such networks.
We review the introduced solutions and classify their
suitability for an implementation. We observe that in spite of
challenging centralized architecture realization, the current
demand dictates for some hybrid approach that gives secure key
management in centralized environment. We present our
architecture for centralized secure key management for Wireless
Ad-hoc Networks in general and WSN and Mobile Ad-hoc
Network in particular. We also consider the issues of secure data
access groups based on hierarchal privilege distribution which in
tern helps to implement a Quality of service on it.
II. RELATED WORK
The IEEE standard for wireless local area networks (WLAN)
IEEE 802.11 [9] was approved in 1997. The standard is proposed
to define the over-the-air interface between wireless clients and a
base station, or between two wireless clients. The approaches
introduced in [5, 6, 7] are all based on the distributed CA model.
The protocol requires a large number of nodes to work
efficiently. Khalili, et. El. [8], proposed a protocol for key
management and authentication in ad hoc networks that is based
on an ID-based scheme. In 1991, Marc Girault [10], introduced
the concept of self-certified public keys. In his approach the CA
issues self-certified public keys to all devices. The users need the
CA's public key to verify the authenticity of a public key. The
Bluetooth wireless protocol is introduced by the Bluetooth
Special Interest Group (SIG) [11]. The protocol is standardized
as IEEE 802.15 [12] for Wireless Personal Area Networks
 2
(WPAN). Bluetooth is already used in many applications despite
some serious security concerns by Jacobsson et. el. [13].
All solutions can be categorized into symmetric and
asymmetric models for secure key management for WSN;
furthermore they come in form of centralized or distributed
schemes. Both have their pros and cons, our objective is to study
centralized scheme but at the same time try to remove some draw
backs associated with it.
III. SYMMETRIC SOLUTIONS
When using symmetric encryption a secret must be shared
among all devices that wish to communicate. The secret sharing
can be achieved by transmitting a secret over a confidential and
authentic channel prior to the execution of the authentication
protocol. If we want to use the common secret directly to encrypt
the communication, the parties that wish to communicate need to
share a symmetric key of appropriate size, e.g. 128 bit. It is not
recommended to use the same encryption key for a long period
of time. To avoid this, a fresh session key can be derived from
common information and/or previous session keys in a pre-
defined fashion. The secret key can be used for the
authentication of the devices, for instance by executing a
challenge and response protocol.
A. IEEE 802.11 (B) MODEL
The IEEE standard for wireless local area networks (WLAN)
IEEE 802.11 [12] was approved in 1997. The standard is
proposed to define the over-the-air interface between wireless
clients and a base station, or between two wireless clients.
Usually this standard is not considered for an implementation in
ad hoc networks, the protocol is rather designed for networks
with a fixed infrastructure.
B. BLUETOOTH MODEL
The Bluetooth protocol is introduced by the Bluetooth Special
Interest Group (SIG) [11]. The protocol is standardized as IEEE
802.15 for Wireless Personal Area Networks (WPAN).
Bluetooth is already used in many applications despite some
serious security concerns, e.g. Jacobsson et el [12]. Many
manufacturers implemented Bluetooth poorly which sometimes
enables an adversary to access private data of somebody's
Bluetooth cell phone or PDA.
C. THE RESURRECTING DUCKLING MODEL
Another symmetric approach is introduced by Stajano and
Anderson in their resurrecting duckling model [19, 20]. The
symmetric keys need to be exchanged over a secure side-channel
prior to the execution of the authentication protocol. The authors
suggest exchanging the symmetric keys by physical contact
among the devices, for instance.
D. PAIR-WISE KEY PRE-DISTRIBUTION MODEL
Public key cryptography is not feasible in sensor networks and
therefore generally symmetric schemes are applicable. The
approach that all sensors share the same secret key for
authentication and encryption is not suited in sensor networks
because sensors provide only weak physical protection. In this
case, once an adversary gains physical access to a sensor in the
network, she/he could read out the secret key, and thus, the entire
network could be compromised. For this reason, sharing keys
pair-wise seems to be a more reasonable approach. Since sensors
have very constrained memory, they cannot store symmetric
keys of every other sensor in the network. To overcome this
constraint, key pre-distribution protocols, which assign each
sensor a subset of the total set of symmetric keys, are more
suitable.
IV. ASYMMETRIC SOLUTIONS
In the following section, we describe different authentication
models for ad hoc networks that are based on asymmetric
encryption schemes. The public keys are used for entity
authentication and for session key establishment. The session
key is then used in a symmetric encryption scheme to provide
confidential communication among the authenticated devices.
The lack of a central CA is the main problem when
implementing asymmetric protocols in networks without a fixed
infrastructure.
We distinguish four categories of asymmetric
authentication models:
1. With CA and with use of certificates
2. With CA and without the use of certificates
3. Without CA but with use of certificates, and
4. Without CA and without certificates.
The first category includes the distributed CA model;
the second one includes the identity-based model and the self-
certified public key; the third category contains the self-
organization and the trusted subgroup model; and the fourth
contains the certificate-less public key model.
In the following we will describe all these models with
examples of protocols that are proposed in them.
A. DISTRIBUTED CA MODEL
In the distributed CA model the power of the CA is distributed to
network nodes by implementing a (t; n)-threshold scheme. The
idea is based on the fact that a CA should not be represented by a
single node, because nodes provide only weak physical
protection and could be compromised relatively easily by an
adversary. The approaches introduced in [20-22] are all based on
the distributed CA model. The protocol requires a large number
of nodes to work efficiently.
In 2001, Zhou et. el. [22] introduced a protocol which
they claimed to be suited in networks without any infrastructure
and consists of mobile hosts. Their idea is to distribute the power
 3
of the CA to t+1 special node, the so-called server nodes, which
were present at the network initialization. The authors implement
their idea by a (t + 1; n) threshold scheme. Any t + 1 server
nodes in the network are able to jointly issue certificates. Each
member of the network is in possession of a private and public
key pair. Members can request authentic copies of the public key
of any communication partner from any group of the t + 1 server
nodes. A node A needs to perform a query to obtain an authentic
copy of B's public key. A initiates a query by broadcasting a
request to at least t+1 server nodes. Each of the server nodes
signs the requested public key with its share of the system's
secret key. The t+1 partial signatures are then sent to a combiner
node C, who combines all partial signatures and sends the full
signature to A. Node A verifies the signature on B's public key
and either accepts or rejects.
Kong, Zerfos ET. Al. [20] proposed a similar approach
where authors presented a protocol that combines the RSA
protocol with a threshold scheme. They extended the tasks of the
CA, which is presented by k nodes here, to issuing, renewing,
and revoking certificates. Note that there are no special (server)
nodes in this implementation as required in the previously
discussed solution.
In the extended version of the protocol Zerfos et. el
[21], shares can be updated in case compromised nodes are
detected. Nodes are notified about compromised nodes by
Flooding a list of the revoked certificates. Another novelty is that
the parameter k can be changed in the running system. Thus k
can be adjusted according to the present network state, e.g. the
number of present nodes which makes the solution more
Flexible. In the extended protocol new certificate can only be
issued and distributed by a centralized CA.
B. IDENTITY (ID)-BASED MODELS
However, all these solutions discussed earlier do not take into
account that ad hoc network devices are constrained in
computational and communication power. We can observe that
protocols in the distributed CA model require some heavy
computations and a large computational and communication
overhead. In addition, the discussed solutions all require a fairly
large number of network nodes to be present, which is not
necessarily given in all ad hoc network applications at all times.
To solve this problem a solution proposed a scheme
based on the Identity (ID)-based models, introduced by Shamir
in 1984; do not require any key exchange prior to the actual
authentication. As common information is used as the public key
and the certificate at the same time. ID-based cryptography
schemes are based on the idea to use human readable (unique)
identities, such as names, email addresses, etc., as public key.
There are two main advantages of using ID-based
systems. First, no public key certificates are required, and
second, no exchange of the public keys is required. ID-based
schemes require a CA at the initial stage of the network in order
to generate and distribute the personal secret keys of all users.
After that phase the CA becomes redundant.
Khalili, ET. Al proposed a protocol for key
management and authentication in ad hoc networks that is based
on an ID-based scheme in [23]. They suggest combining an ID-
based scheme with a (t; n)-threshold scheme to overcome the
requirement of a centralized CA. This implementation also
reduces the power of the CA by distributing the power to t
network nodes. Note that if the master key of the system is
compromised the entire system is compromised. These
limitations can be overcome by using Self-Certified Public Key
Model which is given in detail in the section IV.C.
C. SELF-CERTIFIED PUBLIC KEY MODEL
A CA is required to issue the self-certified public keys. The CA
generates the self-certified public keys using the device's public
key, identifier, and the CA's secret key as input. Note that the CA
does not know the secret keys of the devices. The network
devices use their self-certified public keys for all authentications
in the network. Encryption and signing in self-certified schemes
are different from regular asymmetric schemes because the secret
and the self-certified public key do not directly correspond with
each other.
In 1991, Marc Girault introduced the concept of self-
certified public keys [24]. In his approach the CA issues self-
certified public keys to all devices. The users need the CA's
public key to verify the authenticity of a public key.
V. KEY MANAGEMENT
There are different approaches to group key management in peer
groups. One approach relies on a single entity (called a key
server) to generate keys and distribute them to the group. The
paper [1] refers to it as centralized group key distribution.
This approach has two problems: 1). KDC must be
constantly available, and 2). KDC must exist in every possible
subset of a group in order to support continued operation in the
event of network partitions. The first problem can be addressed
with fault-tolerance and replication techniques. The second,
however, is very challenging to solve in a scalable and efficient
manner.
We note, however, that the centralized approach works
well in one-to-many multicast scenarios since a KDC (or a set
thereof) placed at, or very near, the source of communication can
support continued operation within an arbitrary partition as long
as it includes the source. Typically, one-to-many settings only
aim to offer continued operation within a single partition that
includes the source. Whereas, many-to-many environments must
offer continued operation in an arbitrary number of partitions.
The second approach involves dynamically selecting a
group member to generate and distribute keys to other group
members. It is more robust and, thus, more applicable to many-
to-many groups since any partition can continue operation by
 4
electing a key server. The drawback is that, as in the KDC case,
a key server must establish long-term pair-wise secure channels
with all current group members in order to distribute group keys.
Consequently, each time a new key server comes into play;
significant costs must be incurred to set up these channels.
Another disadvantage, again as in the KDC case, is the reliance
on a single entity to generate good keys. The third and less used
approach is Contributory, where all group members jointly
contribute to generate a shared key.
VI. PROPOSED ARCHITECTURE: A TREE BASED APPROACH FOR
CENTRALIZED KEY MANAGEMENT
Our proposed architecture is based on simple tree protocol for
key distribution based on the different levels of authentication
access. The level of tree represents the security privilege that a
certain user have. Symmetric keys organized in a tree provide
both efficiency and scalability by reducing both group rekey
operation complexity and key storage requirement to O(logN)
for group size N.
The efficiency of the centralized key management is
commutatively measured by rekey overload at the server (the
average number of rekey messages transmitted by the key server
to users per key update), rekey overhead at the users (average
number of rekey messages received by the users per key update)
and the storage overhead (average number of keys stored at the
key server and the users).
The tree based logical graph is important data structure
to improve the efficiency of the key management. It is stored and
maintained at the key server and stores encryptions keys at the
nodes. When a user joins, the key server update the nodes along
with its key assigned to it. Similarly when a user leaves the key
server updates those nodes in the tree based graph and the status
of the key is empty. The access control to the users having
different access rights to multiple data streams exists in practice
but rarely implemented.
A. SERVER SECURITY
The one of the least explored aspect is the security of the Key
Server itself, as reported by Eric Cole et. el.[25]. The simple way
of securing the key server is the use of firewall at that machine.
We see in practice that Dynamic firewall problems can easily be
exploited by the hackers. One can install a malicious code
downloaded by the innocent user inside the firewall, on its
machine that can later easily open a hole in the firewall rule set.
The malicious code may instruct sever to open a connection with
the hacker machine. We see that once otherwise save user behind
the firewall is an easy victim of the hacker.
The simplicity and fewer overheads are the advantages
of the Dynamic firewall; however a system level approach for
Defense-in-Depth methodology is required for a good defense
against intruders. Endpoint security solutions protect desktops
and servers, 'distributed denial of service' (DDoS) attack
detection and mitigation, with integrated firewall solutions.
By nature many hackers are opportunistic and adopt the
path of least resistance. The Defense-in-Depth slows down the
hacker to pose minimum damage and get time to put the things
in order again. If the attacker meets the resistance they may
abandon and seek easier prey. In this way we can reduce the
number of successful attacks by more then 50%. The attacker has
to execute several attacks. These deny the largest class of
attacks, the Script or code attacks, (not in case firewall) which
are based on single security vulnerability, so they are often
thwart by the Defense-in-Depth. Thus for added security for Key
Server we provide a sort of hierarchal defense around firewall.
B. PROPOSED SECURITY ARCHITECTURE
One of the possible schemes for hieratical access control is that
we use single key to encrypt multiple data streams belonging to
the same owner. For each key centralize server construct a
logical key tree that is used to assign the data encryption key to
the users that can access the data stream. Since the key server
have to maintain multiple separate key trees leads to key
management inefficiency.
Based on the different key management schemes [5, 6]
access may be based on the data group (DG) or service group
(SG) and keys may be shared for common services, see figure1.
The users are in different access levels, higher level users have
more control to access multiple data stream than those on the
lower level users. On the other hand higher level users are placed
down the logical key tree. Furthermore higher level user is in
possession of all the keys at and below their security level. In
order to construct a single logical key graph first SG-subtree is
constructed for every service group. Secondly another DG-
subtree is to construct key hierarchy for data encryption keys and
SG-subtree. The redundancy in structure is removed to make is
more efficient.
For that purpose consider that in an organization there
may be different department like accounts, management,
marketing, engineering, training and RND. The account and
training may be accessed by all the member of other groups.
Hence we may group accounts and training in group1 while
other in group2 etc. This way the first groups may share single
data encryption key to access respective data streams of account
and RND and does the second group. The resource group as
shown in the figure1; are the groups of uses made on resource
allocation as discussed above to reduce redundancy.
Group1 Group2 Group3
Figure1: Resource groups
 5
The logical key graph is constructed based on the user and data
stream mapping for sharing keys. In past most work was done on
multi-group key management. The above scheme will perform
better than previous one.
LEGENDS
U- set of users {u1, u2, …..}
S- set of data streams {s1, s2, …..}
A- Access relation, related as A <=UxS
S(ui)- set of data streams user ui can access
U(si)- set of users that can access that data stream si
Ui- subset of users (membership group)
Ki- subset of data streams (resource group)
C- set of membership group covered by k-nodes in K
Vi- Vertex or node of tree
rki- representative k-node of Vi, ie; root of binary tree
dki- resource group key for selected resource groups, Ki
mki- set of k-nodes, for disjoint sets of membership group
The centralized key server constructs a logical key
graph in order to efficiently update and assign data encryption
keys for users dynamically joining /leaving. When a user joins
the group, the key server chooses a leaf position for the user,
increases the revision of all keys along the route from the new
leaf to the root, and sends the revision of those keys to the new
user. The keys with new revision number are updated from old
key using a one-way function. The key server needs to send only
one rekey messages for a user joining that is used to inform the
updated keys for the new user. When a user leaves from the
group, the key server updates the keys possessed by the leaving
user.
Users can decrypt the updated data encryption key with
the updated status possessed by the user groups and resource
groups. The algorithm encrypts all data streams in a resource
group with a single data encryption key, called resource-group
key, which results in fewer data encryption keys than the MG
key management scheme. In the algorithm, users in a
membership group are constructed into a binary tree, called
membership-group subtree. The root of a membership-group
subtree is called membership-group key.
The algorithm then constructs a resource-group
subgraph to connect membership-group subtree to the resource
groups in order to ensure that the data encryption keys are
assigned to the right membership groups.
The proposed algorithm explores the Data group (DG)
in a breadth-first search manner in order to obtain all
membership groups that are reachable or equivalent to a resource
group. Hence, for each resource group (see Figure2) Ki, the
resource-group key dki must cover all membership groups that
are reachable or equivalent to Ki in the unified DG. In the
process of exploring the unified algorithm constructs the
resource-group subgraph from bottom to the top. When a vertex
Vi is colored e.g., black, the algorithm takes a cover operation:
constructs a balanced binary tree for the membership groups that
are in Vi and in all vertices reachable to Vi. The root of the
balanced binary tree is called representative k-node of Vi,
notated as rki. Since all vertices that are adjacent to Vi have
already been colored black and covered by their representative k-
nodes, those representative k-nodes are reused in the
construction of the balanced binary tree, so that rki covers
membership groups in all vertices that are reachable to Vi. The
k-node rki will also be reused to construct key hierarchy for the
future-visited vertices.
Group2
Group1 Group3
dk4
dk1 dk2 dk3
sk1 sk2 sk3
k1 k2 k4 k5 k6
u1 u2 u3 u4 u5 u6 u7 u8 u9 u10 u11 u12
Figure2: Architecture of Key management
Let if Vi contains a resource group Ri, rki is replaced
by the resource-group key dki, so that dki covers all membership
groups that are in Vi and in all vertices reachable to Vi. Since
Vertices V1, V2, and V3 are reachable to Vertex V4, the cover
operation for V4 constructs a balanced binary tree in which the
root covers the membership groups in V1, V2, V3, and V4. Since
the representative k-node of Vertex V2 that is adjacent to V4 has
already covered V1 and V2, the cover operation reuses dk1 in the
construction of the binary tree, as shown in Figure2. The root of
the binary tree is the resource-group key for R3, dk3.
See that reusing (Figure2) the representative k-nodes in
the cover operation may result in redundancy of rekey and key
storage, multiple reused representative k-nodes cover the same
membership group. A simple greedy algorithm can be used to
find the set of k-nodes for Vertex Vi. Let the set of the
membership groups that are in Vi and in all vertices reachable to
Vi be M, a set of k-nodes that cover disjoint sets of membership
groups be K, a set of membership groups that has been covered
by the k-nodes in K be C, and the set of the uncovered
membership groups in M be U. Initially, K = mki, C = Ui, and the
U = M - C. The proposed algorithm keeps track of a
 6
representative k-node here say rki, to cover most uncovered
member shp groups in U.
The algorithm also maintains several additional data
structures with each vertex V : a list incoming[V ] that contains
all vertices connecting V by incoming edges, an array color [V ]
that stores the color of Vertex V , and a first-in, first-out queue Q
to manage the set of vertices that will be visited by the algorithm.
We have not conducted any simulation results but the
scheme is expected to reduce the overhead reduced by using this
hierarchical scheme, compared to the Multi-group scheme, plus
the storage overhead is also reduced marginally.
VIII. CONCLUSION
By our proposed architecture we can get two main benefits; first,
no public key certificates are required, and second, no exchange
of the public keys is required. We discussed centralized key
distribution scheme to construct a key graph based on unified
relations of membership groups and resource groups. In the key
graph constructed by the hierarchical access control key
management scheme, the data streams in a resource group are
encrypted by a single data encryption key, which leads to fewer
data encryption keys than the multi-group key management
scheme. The different user groups may subscribe different
resource which may be implemented as differentiated QoS in
WSN or Ad-hoc network. In future work we will simulate our
architecture to see efficacy of our scheme. Further how the
scheme deal with key revocation if they are compromised and
check how secure this approach is for distributed networks.
IX. REFERENCE
[1]. YONGDAE KIM, ADRIAN PERRIG, AND GENE TSUDIK,
TREE-BASED GROUP KEY AGREEMENT, ACM
TRANSACTIONS ON INFORMATION AND SYSTEM
SECURITY, VOL. 7, NO. 1, FEBRUARY 2004, PAGES 60–
96.
[2]. AMITABH SAXENA AND BEN SOH, CONTRIBUTORY
APPROACHES TO CENTRALIZED KEY AGREEMENT IN
DYNAMIC PEER GROUPS, IEEE @2003.
[3]. QIONG ZHANG AND YUKE WANG, A CENTRALIZED
KEY MANAGEMENT SCHEME FOR HIERARCHICAL
ACCESS CONTROL, IEEE COMMUNICATIONS SOCIETY,
GLOBECOM @2004
[4]. J. ROBERTO EVARISTO, KEVIN C. DESOUZA, KEVIN
HOLLISTER, CENTRALIZATION MOMENTUM: THE
PENDULUM SWINGS BACK AGAIN,
COMMUNICATIONS OF THE ACM FEBRUARY
2005/VOL. 48, NO. 2
[5]. F. STAJANO. THE RESURRECTING DUCKLING - WHAT
NEXT?, PROCEEDINGS OF THE 8TH INTERNATIONAL
WORKSHOP ON SECURITY PROTOCOLS, B.
CHRISTIANSON, B. CRISPO, AND M. ROE (EDS.), LNCS
2133, SPRINGER-VERLAG, PP. 204-214, 2000.
[6]. J. KONG, P. ZERFOS, H. LUO, S. LU, AND L. ZHANG.
PROVIDING ROBUST AND UBIQUITOUS SECURITY
SUPPORT FOR MOBILE AD-HOC NETWORKS,
INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS
(ICNP) 2001, 2001.
[7]. L. ZHOU AND Z.J. HAAS. SECURING AD HOC
NETWORKS, IEEE NETWORK JOURNAL, VOL. 13, NO. 6,
1999, PP. 24-30.
[8]. KHALILI, J. KATZ, AND W. ARBAUGH. TOWARD
SECURE KEY DISTRIBUTION IN TRULY AD-HOC
NETWORKS, 2003 SYMPOSIUM ON A PPLICATIONS AND
THE INTERNET WORKSHOPS (SAINT 2003), IEEE
COMPUTER SOCIETY, ISBN 0-7695-1873-7, 2003, PP.
342-346.
[9]. IEEE 802.11, STANDARD SPECIFICATIONS FOR
WIRELESS LOCAL AREA NETWORKS,
HTTP://STANDARDS. IEEE.ORG/ WIRELESS/
[10]. M. GIRAULT. SELF-CERTIFIED PUBLIC KEYS, ADVANCES
IN CRYPTOLOGY- EUROCRYPT '91, D.W. DAVIES
(ED.), LNCS 547, SPRINGER-VERLAG, 1991, PP. 490-
497.
[11]. IEEE 802.11, STANDARD SPECIFICATIONS FOR
WIRELESS LOCAL AREA NETWORKS,
HTTP://STANDARDS. IEEE.ORG/ WIRELESS/
[12]. M. JACOBSSON AND S. WETZEL. SECURITY
WEAKNESSES IN BLUETOOTH, CRYPTOGRAPHER'S
TRACK AT RSA CONFERENCE 2001, D. NACCACHE
(ED.), LNCS 2020, SPRINGER-VERLAG, 2001, PP. 176-
191.
[13]. M. JACOBSSON AND S. WETZEL. SECURITY
WEAKNESSES IN BLUETOOTH, CRYPTOGRAPHER'S
TRACK AT RSA CONFERENCE 2001, D. NACCACHE
(ED.), LNCS 2020, SPRINGER-VERLAG, 2001, PP. 176-
191.
[14]. NARASIMHA DATTA N, A SECURITY, ARCHITECTURE
FOR WIRELESS SENSOR, NETWORKS, JUNE 2002.
[15]. ERIKOLIVER, MICHAEL CONRAD, MARTINA
ZITTERBART, A TREE BASED APPROACH FOR SECURE
KEY DISTRIBUTION IN WIRELESS SENSOR NETWORKS
(BLASS)
[16]. LAURENT ESCHENAUER AND VIRGIL D. GLIGOR, A
KEY- MANAGEMENT SCHEME FOR DISTRIBUTED SENSOR
NETWORKS, IN PROCEEDINGS OF THE 9TH COMPUTER
COMMUNICATION SECURITY (CCS 2002), NOVEMBER
2002, WASHINGTON, MA
 7
[17]. ADRIAN PERRIG, JOHN STANKOVIC, DAVID, WAGNER, SUPPORT FOR MOBILE AD-HOC NETWORKS,
"SECURITY IN WIRELESS SENSOR NETWORKS", IN INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS
COMMUNICATIONS OF THE ACM, JUNE 2004 VOLUME (ICNP) 2001, 2001.
47 ISSUE 6
[22]. L. ZHOU AND Z.J. HAAS, SECURING AD HOC
[18]. K. JONES, A. WADAA, S. OLARIU, L. WILSON, M. NETWORKS, IEEE NETWORK JOURNAL, VOL. 13, NO. 6,
ELTOWEISSY, "TOWARDS A NEW PARADIGM FOR 1999, PP. 24-30.
SECURING WIRELESS SENSOR NETWORKS", IN
[23]. KHALILI, J. KATZ, AND W. ARBAUGH. TOWARD
PROCEEDINGS OF THE 2003 WORKSHOP ON NEW
SECURE KEY DISTRIBUTION IN TRULY AD-HOC
SECURITY PARADIGMS, AUGUST 2003
NETWORKS, 2003 SYMPOSIUM ON A PPLICATIONS AND
[19]. F. STAJANO AND R. ANDERSON, THE RESURRECTING THE INTERNET WORKSHOPS (SAINT 2003), IEEE
DUCKLING: SECURITY ISSUES FOR AD-HOC WIRELESS COMPUTER SOCIETY, ISBN 0-7695-1873-7, 2003, PP.
NETWORKS, IN PROCEEDINGS OF THE 7TH 342-346.
INTERNATIONAL WORKSHOP ON SECURITY PROTOCOLS,
[24]. M. GIRAULT, SELF-CERTIFIED PUBLIC KEYS, ADVANCES
B. CHRISTIANSON, B. CRISPO, J.A. MALCOLM, AND M.
IN CRYPTOLOGY- EUROCRYPT '91, D.W. DAVIES
ROE (EDS.), LNCS 1796, SPRINGER-VERLAG, PP. 172-
(ED.), LNCS 547, SPRINGER-VERLAG, 1991, PP. 490-
194, 1999.
497
[20]. F. STAJANO. THE RESURRECTING DUCKLING WHAT
[25]. ERIC COLE, RONALD CRUTZ AND JAMES W. CONLEY,
NEXT?, PROCEEDINGS OF THE 8TH INTERNATIONAL
NETWORK SECURITY BIBLE, PAGE NO. 99-100, 114,
WORKSHOP ON SECURITY PROTOCOLS, B.
118,121-122, 2005
CHRISTIANSON, B. CRISPO, AND M. ROE (EDS.), LNCS
2133, SPRINGER-VERLAG, PP. 204-214, 2000.
[21]. J. KONG, P. ZERFOS, H. LUO, S. LU, AND L. ZHANG,
PROVIDING ROBUST AND UBIQUITOUS SECURITY