* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 8
Network tap wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer security wikipedia , lookup
Chapter: 01-Mobile Computing Introduction to Mobile Computing Security By: Mr. Abdul Haseeb Khan OUTLINE Introduction 1. GSM-UMTS security 2. IEEE 802.11 security a. Wired Equivalent Protocol (WEP) b. Wi-Fi Protected Access (WPA) 3. MANETs security Conclusions References INTRODUCTION Mobile computing is a generic term describing one's ability to use wireless computing technology whilst moving. The devices that utilize mobile computing give access to resources like the internet and range from laptops to handhelds. Mobile computing devices include; 1. Laptops 2. PDAs and handheld PC 3. Smart and mobile phones 4. Pagers Mobile Computing security; 1. Device security 2. Network security MOBILE COMPUTING SECURITY Secure communication within mobile computing network provides the following facilities to users: Confidentiality, Integrity, authentication and nonrepudiation Table 1 Mobile computing security requirements MOBILE COMPUTING SECURITY Confidentiality, integrity, and authentication are arguably the big three issues in network security. Table 2 Solutions to security requirements REQUIREMENTS SOLUTIONS Authentication 1. Challenge response 2. Digital signature Confidentiality Encryption Integrity Hash function (MAC) Nonrepudiation Time stamping MOBILE COMPUTING SECURITY Security attacks A useful means of classifying security attacks is in terms of passive attacks and active attacks. 1. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. 2. Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. 1. SECURITY IN GSM NETWORKS Security in GSM networks Figure 1 is the complete architecture of GSM (2G) networks. The security mechanisms of GSM are implemented in three different elements; 1. the Subscriber Identity Module (SIM) 2. the GSM handset or MS 3. the GSM network. Fig 1.1 GSM physical architecture Security in GSM networks Security features distribution for the three elements in 2G networks is shown in figure 1.2. The distribution of these security credentials provide an additional measure of security both in ensuring the privacy of cellular telephone conversations and prevention of cellular telephone fraud. Fig 1.2: Security features distribution in GSM Security in GSM networks Security in GSM consists of the following aspects: subscriber identity authentication, subscriber identity confidentiality, signaling data confidentiality, and user data confidentiality. The figure 1.3 gives the distribution of security algorithms and keys in the 2G network. The SIM contains the IMSI, the individual subscriber authentication key (Ki), the ciphering key generating algorithm (A8), the authentication algorithm (A3), as well as a Personal Identification Number (PIN). The GSM handset contains the ciphering algorithm (A5). Fig 1.3. Algorithm and Key distribution in GSM (a) (b) Fig 1.4. (a) Authentication components (b) General mechanism Fig 1.5a: SRES Generation Fig 1.5b: Kc generation Security in GSM networks The process of encryption occurs between the BTS and ME without involving the home network. For achieving seamless roaming between different networks all service providers use the same encryption algorithm which is A5 specified by the GSM standard. In a similar manner to the authentication process, the computation of the ciphering key (Kc) takes place internally within the SIM. Fig 1.6. Ciphering mode initiation mechanism April 14th , 2010 Security in GSM (2G) networks The TMSI is sent to the mobile station after the authentication and encryption procedures have taken place. The mobile station responds by confirming reception of the TMSI. The TMSI is valid in the location area in which it was issued. Fig 1.7 Subscriber confidentiality SECURITY IN 2.5G NETWORKS Security in 2.5G networks General Packet Radio Service (GPRS) was basically intended to provide the ME with data-connectivity to various web servers. GPRS transfers the responsibility of encryption and decryption on the network side from the BTS to the Server GPRS Service Node (SGSN). The SGSN is the equivalent of the VLR and MSC. This means that the GPRS architecture effectively prevents or protects against eavesdropping on the backbone between the BTS and the SGSN too. Fig 1.8 2.5G architecture Security in 2.5G networks Wireless Application Protocol (WAP) is an open specification that offers a standard method to access Internet-based content and services from wireless devices such as mobile phones and Personal Digital Assistants (PDAs). The information content meant for the ME is formatted suitably for the ME’s small screen. Fig 1.9 (a) WAP overview (b) WAP architecture Security in 2.5G networks In this new operating environment, securing just the last link is not enough. This end-to-end security is achieved by the Wireless Transport Layer Security (WTLS) layer in the WAP stack. Fig 1.10 TLS in WAP SECURITY IN UMTS(3G) NETWORKS Security in UMTS (3G) UMTS architecture provides provisions for encrypting any signaling or subscriber data that might reveal the subscriber’s identity. Anonymity in UMTS 1. VLRo/VLRn 2. IMSI/TMSI 3. Sequence Number (SQN) 4. AK Security in UMTS (3G) Fig 1.11 UMTS physical architecture Security in UMTS The authentication procedure is mutual; that is, the network authenticates the subscriber (USIM) and the subscriber (USIM) authenticates the network. The UMTS authentication vector is actually a security quintet which consists of five numbers: RAND (a 128-bit random number), XRES (the 32-bit expected signed response to the RAND), CK (a 128-bit session cipher or encryption key), IK (a 128-bit integrity key) and AUTN (a 128-bit network authentication token). Fig 1.12 UMTS authentication Security in UMTS (3G) Fig 1.13a: Authentication vector generation Fig 1.13b: Response generation at USIM Security in UMTS (3G) The UMTS encryption algorithm is known as KASUMI and uses a 128-bit session key CK. The KASUMI algorithm is more secure than A5 and one of the reasons for this is simply the use of longer keys for encryption. Fig 1.14 UMTS encryption April 14th , 2010 Security in UMTS (3G) UMTS integrity key IK is derived using the authentication process. The receiver then compares the computed XMAC to the received MAC. Security in UMTS (3G) The UMTS designers have limited their scope to securing the mobile specific part of the network, which is known as the Mobile Application Part (MAP). UMTS specifies the MAPSEC protocol, which works at the application layer to protect MAP messages cryptographically. The Key Administration Center (KAC) is a new entity introduced by MAPSEC. To establish a SA, the KACs use the Internet Key Exchange (IKE) protocol. The designers provided a method not only for securing MAP in SS7 networks (MAPSEC) but also for using MAP over IP-based networks which may be protected by the already well-established IPSec protocol. Fig 1.16 (a) MAPSEC (b) MAP over IP-based Networks 2. SECURITY IN IEEE 802.11 NETWORKS Security in IEEE 802.11 I. II. IEEE 802.11 defines two classes of security algorithms for : algorithms for creating and using an Robust Security Network Association (RSNA) , called RSNA algorithms and pre-RSNA algorithms. Pre-RSNA security comprises Wired Equivalent Privacy (WEP) and IEEE 802.11 entity authentication. The RSNA security comprises Temporal Key Integrity Protocol (TKIP), CCMP, RSNA establishment and termination procedures, including use of IEEE 802.1X authentication, and Key management procedures. Security in WEP Key establishment IEEE 802.11 relies on preshared keys between the mobile nodes or stations (STAs) and the Access Points (APs). key establishment is outside the scope of WEP. The absence of any key management protocol led to multiple problem. Anonymity However, given the IP address, it is extremely difficult to determine the identity of the subscriber. 1. IP addresses are dynamically assigned using protocols like DHCP. 2. the widespread use of Network Address Translation (NAT) adds another layer of identity protection. Security in WEP Authentication 1. For a station to connect to a wireless local area network (WLAN), the station must find out which networks it currently has access to. 2. Only after this authentication is complete can the station be connect to. APs periodically broadcast beacons. 3. Each beacon contains a Service Set Identifier (SSID), also called the network name, which uniquely identifies an ESS. When an STA wants to access a network, it has two options: passive scan and active scan. In the former case, it can scan the channels trying to find beacon advertisements from APs in the area. Fig 2.1 System overview Security in WEP STA wants to access a network, it has two options: passive scan and active scan. In passive scan, it scans the channels trying to find beacon advertisements from APs in the area. In active scan, the station sends probe-requests over all the channels one-by-one. A particular SSID indicates that the station is looking for a particular network. If the concerned AP receives the probe, it responds with a probe response. All APs which receive this probe-request and which want this particular station to join their network, reply back with a proberesponse. Security in WEP Authentication: 1. Open System Authentication (OSA) 2. Shared Key Authentication (SKA). In other words, the AP does not do any checks on the identity of the station and allows any and all stations to join the network. OSA is exactly what its name suggests: open system authentication. SKA is based on the challenge-response system. SKA divides stations into two groups. Group One consists of stations that are allowed access to the network and Group Two consists of all other stations. Using SKA requires 1) that the station and the AP be capable of using WEP and 2) that the station and the AP have a preshared key. Fig 2.2a; IEEE 802.11 OSA Fig 2.2b; IEEE 802.11 SKA Security in WEP 1. If a station is mobile while accessing the network, it may leave the range of one AP and enter into the range of another AP. A STA may move inside a BSA (intra-BSA), between two BSAs (inter-BSA) or between two Extended Service Areas (ESAs) (inter-ESAs). 2. It is the inter-BSA roaming that 802.11 deals with. A STA keeps track of the received signal strength (RSS) of the beacon with which it is associated. 3. The process of authenticating to the new AP is the same as it is for a STA that has just powered on in this BSS. Fig 2.3; IEEE 802.11 handoffs and security Security in WEP Confidentiality in 802.11 WEP uses a preestablished set of keys. Figure 1.4 shows how WEP is used to encrypt an 802.11 MAC Protocol Data Unit (MPDU). 1. Calculate the Integrity Check Value (ICV) over the length of the MPDU and append this 4-byte value to the end of the MPDU. 2. Select a master key to be used from one of the four possible preshared secret keys. 3. Select an IV and concatenate it with the master key to obtain a key seed. 4. The key seed generated in Step 3 is then fed to an RC4 key-generator. 5. A 4-byte header is then appended to the encrypted packet. Fig 2.4 WEP Security in WEP Data Integrity IEEE 802.11 uses an Integrity Check Value (ICV) field in the packet. ICV is another name for message integrity check (MIC). In WEP, ICV is implemented as a Cyclic Redundancy Check-32 bits (CRC-32) checksum which breaks this assumption. The reason for this is that CRC-32 is linear and is not cryptographically computed, i.e., the calculation of the CRC-32 checksum does not use a key/shared secret. Fig 2.5; WEP Data Integrity Security in Wi-Fi Protected Access (WPA) When the loopholes in WEP was realized, the original I. 802.11 security standard, had been exposed, IEEE formed a Task Group: 802.11i with the aim of improving upon the security of 802.11 networks. This group came up with the proposal of a Robust Security Network (RSN). II. 802.11i allows for a Transitional Security Network (TSN) which allows for the existence of both RSN and WEP nodes in an 802.11 network. The security proposal specified by the Task Group-i uses the Advanced Encryption Standard (AES) in its default mode. One obstacle in using AES is that it is not backward compatible with existing WEP hardware. Wi-Fi alliance adopted Temporal Key Integrity Protocol (TKIP) as the security standard that needs to be deployed for Wi-Fi certification. WPA is basically a prestandard subset of 802.11i which includes the key management and the authentication architecture (802.1X) specified in 802.11i. The biggest difference between WPA and 802l.11i is that instead of using AES for providing confidentiality and integrity, WPA uses Temporarily Key Integrity Protocol(TKIP) and MICHAEL respectively. Security in Wi-Fi Protected Access (WPA) Key establishment 1. IEEE 802.11i task group used two distinct environments: the home network and the enterprise network hence two environments had distinct security requirements and different infrastructure capacities. 2. For the enterprise network, 802.11i specifies the use of IEEE 802.1X for key establishment and authentication. For home deployments of 802.11, 802.11i allows the use of the “out-of-band mechanism” (manual configuration) for key establishment. Security in Wi-Fi Protected Access (WPA) WPA extends the two-tier key-hierarchy of WEP to a multitier hierarchy. At the top level is still the master key, referred to as the Pair-wise Master Key (PMK) in WPA. The next level in the key hierarchy is the PTK which is derived from the PMK. The final level is the per-packet keys which are generated by feeding the PTK to a key-mixing function. As we saw, WPA is flexible about how the master key (PMK in WPA) is established. The PMK, therefore, may be a preshared16 secret key (WEP-design) or a key derived from an authentication process like 802.1X. Fig 2.6: Key Hierarchy in 802.11 Security in Wi-Fi Protected Access (WPA) Authentication 1. The controlled port is open only when the device connected to the authenticator has been authorized by 802.1x. On the other hand, the uncontrolled port provides a path for extensible authentication protocol over LAN (EAPoL) traffic ONLY. 2. EAP specifies three network elements: the supplicant, the authenticator and the authentication server. Fig 2.7: 802.1X/EAP Port Model Security in Wi-Fi Protected Access (WPA) Authentication 1. In the 802.1X architecture, the result of the authentication process is conveyed by the authentication server to the AP so that the AP may allow or disallow the STA access to the network. 2. 802.1X is a framework for authentication. It does not specify the authentication protocol to be used. Therefore, it is up to the network administrator to choose the authentication protocol they want to plug in to the 802.1X architecture. Fig 2.8: IEEE 802.1X Network Architecture Way Handshake RSNA defines a protocol using IEEE 802.1X EAPOL-Key frames called the 4-Way Handshake. The handshake completes the IEEE 802.1X authentication process. The information flow of the 4-Way Handshake is as follows: Security in Wi-Fi Protected Access (WPA) Integrity 1. The problem is that most well known protocols used for calculating a message integrity check (MIC) have lots of multiplication operations and multiplication operations are computation intensive. Therefore, TKIP uses a new MIC protocol; MICHAEL which uses no multiplication operations and relies instead on shift and add operations. 2. However, it is in no way as cryptographically secure as the other standardized MIC protocols like MD5 or SHA-1. The TKIP designers knew this and hence built in countermeasures to handle cases where MICHAEL might be compromised. 3. TKIP explicitly requires that each STA start using an IV with a value of 0 and increment the value by one for each packet that it transmits during its session lifetime. WPA 2 (IEEE 802.11i) I. WPA was a stepping stone to the final solution which was being designed by the IEEE 802.11i task group. This security proposal was referred to as the Robust Security Network (RSN) and also came to be known as the 802.11i security solution. II. The Wi-Fi alliance integrated this solution in their proposal and called it WPA2. WPA 2 (IEEE 802.11i) Key establishment Since WPA2 and 802.11i standard are almost the same, the key-establishment process and the key hierarchy architecture in WPA and WPA2 are almost identical. In WPA2, the same key can be used for the encryption and integrity protection of data. Authentication WPA had also adopted the authentication architecture specified in 802.11i completely. Therefore, the authentication architecture in WPA and WPA2 is identical. WPA 2 (IEEE 802.11i) Confidentiality Task Group i specified the use of a block encryption algorithm for 802.11 security. Since AES is considered the most secure block cipher, it was an obvious choice. To provide confidentiality in 802.11i, AES is used in the counter mode. Counter mode actually uses a block cipher as a stream cipher, thus combining the security of a block cipher with the ease of use of a stream cipher. Fig 2.9: AES Counter Mode WPA 2 (IEEE 802.11i) Integrity To achieve message integrity, Task Group i extended the counter mode to include a Cipher Block Chaining (CBC)-MAC operation. Hence the name of the protocol: AES-CCMP where CCMP stands for Counter-mode CBC-MAC protocol. Fig 2.10: AES CBC-MAC 3. SECURITY IN MANETs MANETs security Introduction to MANETs algorithms MANETs security 1. Reputation and trust base system 2. Cryptographic base MANETs algorithms A Mobile Ad hoc Network (MANET) is a system of wireless mobile nodes that dynamically selforganize in arbitrary and temporary network topologies allowing people and devices to internetwork without any preexisting communication infrastructure Mobile ad hoc networks are realized in vehicular ad hoc network (VANET), wireless networks and wireless sensor network (WSN). An important challenge in the design of algorithms for a mobile ad hoc network is the fact that its topology is dynamic. Fig 3.1 MANET topology MANETs algorithms Topology formation 1. Neighbour discovery 2. Packets forwarding Topology control 1. Clustering Routing 1. Proactive protocols 2. Reactive Protocols 3. Hybrid protocol Multicasting and Broadcasting Routing protocols for a MANET can be unicast, geocast, multicast and broadcast. Fig 3.2 Packets forwarding algorithms MANETs algorithms Clustering in ad hoc networks can be defined as the grouping of nodes into manageable sets called clusters. Beacon-supported protocols are based on selecting a few beacon nodes and constructing a basic communication tree from them to every other node. As a result, every node is aware of its distance (in hops) to every beacon and the resulting vectors can serve as coordinates. Virtual coordinates can be constructed using only local connectivity information which is available since nodes always know their neighbors. Fig 3.3 Clustering of nodes MANETs algorithms MANETs, mesh networks and multihop sensor networks are instances of multihop wireless networks where nodes forward traffic among each other. Network-Wide Broadcast (NWB) algorithms provide a mechanism to deliver information to nodes in a multihop network without depending on routing state. NWB algorithms may be viewed as two components: (1) redundancy control, which is the component that attempts to reduce redundancy while maintaining coverage, and (2) robustness control, which is the component that attempts to recover from lost rebroadcasts and maintain coverage in the face of losses. Criteria for rebroadcasting includes Probability-Based, Counter-Based, Distance-Based and Location-Based Fig 3.4a: Flooding Fig 3.4b: Optimized flooding Introduction to MANETs algorithms Adaptive Dynamic Backbone Multicast (ADBM) incorporates a backbone construction algorithm that autonomously extracts a subset of nodes to serve as backbone nodes and provide mobilityadaptive connectivity for multicast operations. The core connection process is responsible for connecting these cores together by designating some nodes to take the role of intermediate nodes; the cores and intermediate nodes jointly comprise a virtual backbone. A node is said to be a border node if and only if it is able to hear Hello packets from nodes that are associated with different cores. Fig 3.5a: Core connection process Fig 3.5b: backbone construction Introduction to MANETs algorithms Route discovery contains both route request message and route reply messages; each node maintains a route cache, it first checks its cache for a route that matches the requested destination. A source node seeking to send a data packet to a destination node checks its route table to see if it has a valid route to the destination node. if there is no route in the table, the source node begins a route discovery process. It broadcasts a route request (RREQ) packet to its immediate neighbors, and those nodes broadcast further to their neighbors until the request reaches either an intermediate node with a route to the destination or the destination node itself. Fig 3.6. (a) Reverse path formation (b) Forward path formation Table 3.1 MANETs routing protocols Reputation and trust base security The capture and distribution of feedback about current interactions. cryptography can provides integrity, • Use of feedback to guide trust confidentiality, and authentication but decisions. fails in the face of insider attacks. Classification Malicious misbehavior is divided into two types: forwarding and routing. Common 1. Observation; first hand and Second forwarding misbehavior are packet 2. Information Symmetry dropping, modification, fabrication, 3. Centralization timing attacks, and silent route change. System goals • To cope with any kind of observable misbehavior. • To minimize the damage caused by insider attacks. • Reputation and trust base system • Information gathering is the process by which a node collects information about the nodes it cares about. First-hand information can be further classified into personal experience and direct observation; Watchdog. • This vulnerability can be mitigated by adopting a strategy of limited information sharing; sharing either only positive information or negative information. • The decisions made by this component are based on the information provided by the information modeling component. Fig 3.7 Architecture design for reputation based framework Cryptographic based • In ad hoc networks since there is no single CA which is always accessible, what is needed is a virtual CA. This virtual CA is formed by distributing the CA’s functionality to each local neighborhood. • Digital signatures can be used to authenticate a message and prevent attackers from injecting erroneous routing information and data traffic inside the network. CONCLUSIONS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. GPRS has extended encryption and decryption to the SGSN There is TMSI in GSM to keep the ISMI secrete There are three security element per GSM/UMTS security; SIM, MS and the Network There is use of WTLS which is at WAP stack The security component should be suitable for mobile equipment as at WAP A secure network security should encompasses of these, mutual authentication, confidentiality, integrity and non repudition RSNA security is more powerful than WEP which has more vulnerabilities Authentication in IEEE 802.11i is port base access control In UMTS, there is mutual authentication while GSM is unilateral authentication There is challenge response authentication algorithm instead of digital signature in GSM UMTS uses KASUMI 128 bit which more secure than A5 There are quintet authentication vector in UMTS while triplets in GSM There is problem of handoff in WLAN UMTS architecture provides integrity of the message while GSM does not CONCLUSIONS 15. GPRS transfers the responsibility of encryption and decryption on the network side from the BTS to the Server GPRS Service Node (SGSN). 16. GSM allows the service provider to choose an algorithm for A3 and A8 but A5 is the same for all service providers. 17. There is limited encryption scope in GSM; securing is between the ME-BTS interface. 18. There is no support for a STA to authenticate the network in WEP 19. MANET security is divided into different directions like secure routing, key exchange, secure architecture and, intrusion detection and protection 20. Challenge response authentication algorithms will be difficult to implement in MANETs 21. Ad hoc networks pose security problem due to dynamic routing and highly insecure working environment algorithms for key management and routing. 22. The UMTS designers limited the security scope to securing the mobile specific part of the network, the Mobile Application Part (MAP). REFERENCES-GSM • • • • • • • [1] Chang, C.-C. Lee, J.-S. and Chang, Y.-F. (2005), 'Efficient authentication protocols of GSM', Computer Communications, vol. 28, pp. 921–928. [2] Peng, C. (2000), 'GSM and GPRS Security', http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.2671&rep=rep1&t ype=pdf, [26th February, 2010 at 15:03 GMT]. [3] Mehrotra, A. and Golding, L. S. (1998), 'Mobility and Security Management in the GSM System and Some Proposed Future Improvements', IEEE, New Jersey, pp. 1480-1497. [4] Menezes, A. Oorschot, P. V. and Vanstone, S. (1997), handbook of applied cryptography, CRC Press, Boca Raton, pp. 1-47. [5] Praphul, C., "Bulletproof Wireless Security," GSM, UMTS, 802.11 and Ad Hoc Security, Elsevier, 2005, pp. 121-127, 199-227. [6] Margrave, D. (2000), 'GSM Security and Encryption', http://www.netpa.net/tr/urunlerimiz/Iletisim/ASC/detay/Introduction/GSMSecurityAndEncryptio n.doc, [20th February 2010 at 10:31 GMT]. [7] Stallings, W. (2006), Cryptography and Network Security Principles and Practices, 4 ed., Prentice Hall, Upper Saddle River, pp. 317-433. REFERENCES- IEEE 802.11 • • • • • • • • [1] Zahur, Y. and Yang, T. A. (2003), 'WIRELESS LAN SECURITY AND LABORATORY DESIGNS', in CCSC: Southeastern Conference, 2003, pp. 44-60. [2] Ieee, C. S. (2004), IEEE Standard for information technology, telecommunications and information exchange between systems local and metropolitan area networks specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (IEEE Std 802.11i™-2004), IEEE, New York, pp. 1-175. [3] Sithirasenan, E. Zafar, S. and Muthukkumarasamy, V., 'Formal Verification of the IEEE 802.11i WLAN Security Protocol'. [4] Kassab, M. et al. (2005), 'Fast Pre-Authentication Based on Proactive Key Distribution for 802.11 Infrastructure Networks', WMuNeP’05, Montreal, Quebec, pp. 46-53. [5] Altunbasak, H. and Owen, H. (2004), 'Alternative Pair-wise Key Exchange Protocols for Robust Security Networks (IEEE 802.11i) in Wireless LANs'. [6] Borisov, N. Goldberg, I. and Wagner, D. (2001), 'Intercepting Mobile Communications: The Insecurity of 802.11', Seventh Annual International Conference on Mobile Computing And Networking. [7] Park, S. H. Ganz, A. and B, Z. G. (1998), 'Security protocol for IEEE 802.11 wireless local area network', Mobile Networks and Applications 3, pp. 237-246. [8] Bresson, E. Chevassut, O. and Pointcheval, D., 'A Security Solution for IEEE 802.11’s Ad-hoc Mode: PasswordAuthentication and Group-Diffie-Hellman Key Exchange'. REFERENCES-MANETs • • • • • • • • • [1] Singh, K. Yadav, R. S. and Ranvijay (2000), 'A REVIEW PAPER ON AD HOC NETWORK SECURITY', International Journal of Computer Science and Security,, vol. 1, no. 1, pp. 52-69. [2] Ertaul, L. and Chavan, N. (2005), 'Security of Ad Hoc Networks and Threshold Cryptography', http://www.mcs.csueastbay.edu/~lertaul/MA2-6.pdf, [14th February 2010 at 08:10 GMT]. [3] Praphul, C., "Bulletproof Wireless Security," GSM, UMTS, 802.11 and Ad Hoc Security, Elsevier, 2005, pp. 121-127, 199227. [4] Marti, S. et al. (2000), 'Mitigating Routing Misbehaviour in Mobile Ad Hoc Networks', http://www2.cs.cmu.edu/~srini/15-829A/readings/marti-giuli-lai-baker-mitigating-routing-misbehavior.pdf, [20th January, 2010 at 17:49 GMT]. [5] A, A. Feham, M. and Taleb-Ahmed, A. (2009), 'On Recent Security Enhancements to Autoconfiguration Protocols for MANETs Real Threats and Requirements', International Journal of Computer Science and Network Security, vol. 9, no. 401-407. [6] Albers, P. et al. (2002), 'Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches', http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.103.9855&rep=rep1&type=pdf, [20th February 2010 at 23:09 GMT]. [7] Baghaei, N. (2003), 'IEEE 802.11 Wireless LAN Security Performance Using Multiple Clients', University of Canterbury, Christchurch, New Zealand, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.8038&rep=rep1&type=pdf., [01//1/2010 at 10:19 GMT]. [8] Sun, B. (2004), 'Intrusion detection in mobile ad hocnetworks', PhD, Texas A&M University, Texas, 142 pp., http://txspace.tamu.edu/bitstream/handle/1969.1/2215/etd-tamu-2004A-CPSC-Sun-1.pdf?sequence=1, [13 February 2010, at 21:10 GMT]. [13] Boukerche, A. (2009), Algorithms and Protocols for Wireless and Mobile Ad Hoc Networks, John Wiley & Sons, New Jersey.