IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

629

A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation

Raquel Lacuesta, Jaime Lloret, Senior Member, IEEE, alver Miguel Garcia, Student Member, IEEE, and Lourdes Pen
AbstractThis paper presents a secure protocol for spontaneous wireless ad hoc networks which uses an hybrid symmetric/ asymmetric scheme and the trust between users in order to exchange the initial data and to exchange the secret keys that will be used to encrypt the data. Trust is based on the first visual contact between users. Our proposal is a complete self-configured secure protocol that is able to create the network and share secure services without any infrastructure. The network allows sharing resources and offering new services among users in a secure environment. The protocol includes all functions needed to operate without any external support. We have designed and developed it in devices with limited resources. Network creation stages are detailed and the communication, protocol messages, and network management are explained. Our proposal has been implemented in order to test the protocol procedure and performance. Finally, we compare the protocol with other spontaneous ad hoc network protocols in order to highlight its features and we provide a security analysis of the system. Index TermsDistributed protocol, secure protocol, spontaneous network, wireless ad hoc networks

1 INTRODUCTION
HE

exponential growth in the development and acceptance of mobile communications in recent years is especially observed in the fields of wireless local area networks, mobile systems, and ubiquitous computing. This growth is mainly due to the mobility offered to users, providing access to information anywhere, user friendliness, and easy deployment. Furthermore, the scalability and flexibility of mobile communications increase users productivity and efficiency. Spontaneous ad hoc networks are formed by a set of mobile terminals placed in a close location that communicate with each other, sharing resources, services or computing time during a limited period of time and in a limited space, following human interaction pattern [1], [2]. People are attached to a group of people for a while, and then leave. Network management should be transparent to the user. A spontaneous network is a special case of ad hoc networks. They usually have little or no dependence on a centralized administration. Spontaneous networks can be wired or wireless. We consider only wireless spontaneous networks in this paper. Their objective is the integration of
. R. Lacuesta is with the Departamento de Informatica e Ingenieria de Sistemas, Universidad de Zaragoza, Ciudad Escolar s/n, 44003, Teruel, Spain. E-mail: rlacuesta@unizar.es. cnica de Valencia, Camino Vera s/n, . J. Lloret is with the Universidad Polite 46022, Valencia, Spain. E-mail: jlloret@dcom.upv.es. . M. Garcia is with the Escuela Politecnica Superior de Gandia, C/Paranimf, n-1, 46730, Grao de Gandia, Gandia, Valencia, Spain. E-mail: migarpi@posgrado.upv.es. alver is with the Departamento de Informatica e Ingenieria de . L. Pen Sistemas, Universidad Politecnica de Valencia, Camino Vera s/n, 46022 Valencia, Spain. E-mail: lourdes@disca.upv.es. Manuscript received 27 Feb. 2012; revised 10 May 2012; accepted 16 May 2012; published online 30 May 2012. Recommended for acceptance by V. Misic. For information on obtaining reprints of this article, please send e-mail to: tpds@computer.org, and reference IEEECS Log Number TPDS-2012-02-0156. Digital Object Identifier no. 10.1109/TPDS.2012.168.
1045-9219/13/$31.00 2013 IEEE

services and devices in the same environment, enabling the user to have instant service without any external infrastructure. Because these networks are implemented in devices such as laptops, PDAs or mobile phones, with limited capacities, they must use a lightweight protocol, and new methods to control, manage, and integrate them. Configuration services in spontaneous networks depend significantly on network size, the nature of the participating nodes and running applications. Spontaneous networks imitate human relations while having adaptability to new conditions and fault tolerance (the failure of a device or service should not damage the functionality). Methods based on imitating the behavior of human relations facilitate secure integration of services in spontaneous networks [3]. Furthermore, cooperation among the nodes and quality of service for all shared network services should be provided [4]. Spontaneous ad hoc networks require well defined, efficient and user-friendly security mechanisms. Tasks to be performed include: user identification, their authorization, address assignment, name service, operation, and safety. Generally, wireless networks with infrastructure use Certificate Authority (CA) servers to manage node authentication and trust [5], [6]. Although these systems have been used in wireless ad hoc and sensor networks [7], they are not practical because a CA node has to be online (or is an external node) all the time. Moreover, CA node must have higher computing capacity. Security should be based on the required confidentiality, node cooperation, anonymity, and privacy. Exchanging photos between friends requires less security than exchanging confidential documents between enterprise managers. Moreover, all nodes may not be able to execute routing and/or security protocols. Energy constraints, node variability, error rate, and bandwidth limitations mandate the design and use of adaptive routing and security mechanisms, for any type of devices and scenarios.
Published by the IEEE Computer Society

630

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

Dynamic networks with flexible memberships, group signatures, and distributed signatures are difficult to manage [8]. To achieve a reliable communication and node authorization in mobile ad hoc networks, key exchange mechanisms for node authorization and user authentication are needed. The related literature shows several security methods such as predistribution key algorithms [9], symmetric and asymmetric algorithms, intermediate node-based methods [10], and hybrid methods [11]. But these methods are not enough for spontaneous networks because they need an initial configuration (i.e., network configuration) or external authorities (for example, central certification authorities). None of the existing papers propose a secure spontaneous network protocol based on user trust that provides node authenticity, integrity checking, and privacy. The network and protocol proposed in this paper can establish a secure self-configured environment for data distribution and resources and services sharing among users. Security is established based on the service required by the users, by building a trust network to obtain a distributed certification authority. A user is able to join the network because he/she knows someone that belongs to it. Thus, the certification authority is distributed between the users that trust the new user. The network management is also distributed, which allows the network to have a distributed name service. We apply asymmetric cryptography, where each device has a public-private key pair for device identification and symmetric cryptography to exchange session keys between nodes. There are no anonymous users, because confidentiality and validity are based on user identification. Preliminary versions of this paper appeared in [12], [13], [14]. In 2003, we presented the basis to setup a secure spontaneous network [12]. To solve mentioned security issues, we used an authentication phase and a trust phase [13]. Moreover, we presented a mechanism to allow nodes to check the authenticity of their IP addresses while not generating duplicated IP addresses. The mechanism helps nodes to authenticate by using their IP addresses. We have used this mechanism in the secure protocol presented in this paper, but it can be replaced by any other IP address assignment mechanism. The rest of the paper is organized as follows: Section 2 presents the related work on spontaneous networks and shows the most well-known security mechanisms that can be applied to them. The proposed secure spontaneous network is detailed in Section 3. Section 4 explains the stages for network creation, the protocol operation and the key revocation process. Section 5 analyzes the security of our proposal. The proposed system is compared with other spontaneous systems in Section 6. Section 7 shows the performance analysis in terms of cryptographic operations, delivery times and memory consumption. Finally, Section 8 gives the conclusion and future work.

RELATED WORK

In [15], Latvakoski et al. explain a communication architecture concept for spontaneous systems, integrating application-level spontaneous group communication, and ad hoc networking together. A set of methods to enable

plug and play, addressing and mobility, peer to peer connectivity, and the use of services are also provided. Liu et al. [16] show how networked nodes can autonomously support and cooperate with each other in a peer-topeer (P2P) manner to quickly discover and self-configure any services available on the disaster area and deliver a real-time capability by self-organizing themselves in spontaneous groups to provide higher flexibility and adaptability for disaster monitoring and relief. Gallo et al. [17] pursued two targets in spontaneous networks: to maximize responsiveness given some constraints on the energy cost and to minimize the energy cost given certain requirements on the responsiveness. ckstro m and Nadjm-Tehrani [18] developed the first Ba real spontaneous network that offers services dynamically using the Jini technology. They explain the architectural design of the contact service and its implementation. The prototype demonstrates how major design criteria, flexibility, dependability, efficiency, and transparency, affect the design and services of a dynamic network of devices. In [19], Untz et al. propose a lightweight and efficient interconnection protocol suitable for spontaneous edge networks. They design and implement Lilith, a prototype of an interconnection node for spontaneous edge networks. It uses MPLS and allows different communication paths on a per flow basis, provides seamless switching between operational and back-up paths, and makes available information on destination reachability. Feeney et al. [20] presented Spontnet, a prototype implementation of a simple ad hoc network configuration utility based on the main ideas of spontaneous networks. Spontnet allows users (using face-to-face authentication and short-range link with easily identifiable endpoints) to distribute a group session key without previous shared context and to establish shared namespace. Two applications, a simple web server and a shared whiteboard, are provided as examples of collaborative applications. They use IPSec protocol (used for Virtual Private Networks), applied though internet. Spotnet therefore uses both wired and wireless links and corresponding protocols. Danzeisen et al. [21] apply WEP, the regular security mechanism used in Wireless LANs, available by default in the IEEE 802.11 wireless protocol. Other proposals that did not discuss security aspects could also apply this default solution. Although it was available to us, we did not use it because WEP is vulnerable to hacking attacks, and better solutions, e.g., WPA, WPA2 should be considered instead. Rekimoto introduced the concept of synchronous user operation in [22], and described a user interface SyncTap technique for spontaneously establishing network connections between digital devices. This method can deal with multiple overlapping connection requests by detecting collision situations, and can also ensure secure network communication by exchanging public key information upon establishing a connection. Shared session key for secure communication is created by piggybacking Diffie-Hellman public keys (generated by each device) on multicast packets. These public keys are used to calculate a shared secret session key for encrypted communication. In this case, the authors do not propose any secure protocol. They have just

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

631

added an existing security mechanism in their authentication phase. It is similar to the one used by us when a new node joins our network, but we have added other security mechanisms in order to create a complete secure protocol for spontaneous networks. Spontaneous networks are also special case of humancentric networks [23]. Cornelius et al. implemented and evaluated AnonySense, a general-purpose framework for anonymous opportunistic tasking and reporting, which allows applications to query and receive context through an expressive task language and by leveraging a broad range of sensor types on users mobile devices, and at the same time respects the privacy of the users. This paper does not tackle routing issues in spontaneous ad hoc wireless networks. A paper that presents a security protocol for routing purposes, based on trust, is shown in [24]. It presents two secure and energy-saving spontaneous ad hoc protocols for wireless mesh client networks where two different security levels (weak and strong) are taken into account in the path when information is transmitted between users.

SECURE SPONTANEOUS NETWORK

Fig. 1. Algorithm for joining a new node.

3.1 Network Overview Our protocol allows the creation and management of distributed and decentralized spontaneous networks with little intervention from the user, and the integration of different devices (PDAs, cell phones, laptops, etc.). Cooperation between devices allows provision and access to different services, such as group communication, collaboration in program delivery, security, etc. The network members and services may vary because devices are free to join or leave the network. Spontaneous network should complete the following steps in order to be created [1]. 3.1.1 Step 1: Joining Procedure This step enables devices to communicate, including the automatic configuration of logical and physical parameters. The system is based on the use of an IDentity Card (IDC) and a certificate. The IDC contains public and private components. The public component contains a Logical IDentity (LID), which is unique for each user and allows nodes to identify it. It may include information such as name, photograph or other type of user identification. This idea has been used in other systems such as in vehicular ad hoc networks [25]. It also contains the users public key (Ki ), the creation and expiration dates, an IP proposed by the user, and the user signature. The user signature is generated using the Secure Hash Algorithm (SHA-1) [26] on the previous data to obtain the data summary. Then, the data summary is signed with the users private key. The private component contains the private key (ki ). The user introduces its personal data (LID) the first time he/she uses the system because the security information is generated then. Security data are stored persistently in the device for future use. Certificate Cij of the user i consists of a validated IDC, signed by a user j that gives its validity. To obtain IDC signature of user i, the summary function obtained by SHA1 is signed with js private key. No central certification authority is used to validate IDC. Validation of integrity

and authentication is done automatically in each node. The certification authority for a node could be any of the trusted nodes. This system enables us to build a distributed certification authority between trusted nodes. When node A wants to communicate with another node B and it does not have the certificate for B, it requests it from its trusted nodes. After obtaining this certificate the system will validate the data; if correct then it will sign this node as a valid node. All nodes can be both clients and servers, can request or serve requests for information or authentication from other nodes. The first node creates the spontaneous network and generates a random session key, which will be exchanged with new nodes after the authentication phase. Fig. 1 shows phases of a node joining the network: node authentication and authorization, agreement on session key, transmission protocol and speed, and IP address and routing. When node B wants to join an existing network, it must choose a node within communication range to authenticate with (e.g., node A). A will send its public key. Then, B will send its IDC signed by As public key. Next, A validates the received data and verifies the hash of the message in order to check that the data has not been modified. In this step, A establishes the trust level of B by looking physically at B (they are physically close), depending on whether A knows B or not. Finally, A will send its IDC data to B (it may do so even if it decides not to trust B). This data will be signed by Bs public key (which has been received on Bs IDC). B will validate As IDC and will establish the trust and validity in A only by integrity verification and authentication. If A does not reply to the joining request, B must select another network node (if one exists). After the authentication, B can access data, services, and other nodes certificates by a route involving other nodes in network. Security management in the network is based on the Public Key Infrastructure and the symmetric key encryption

632

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

scheme. Symmetric key is used as a session key to cipher the confidential messages between trust nodes. It has less energy requirements [27], [28], [29] than the asymmetric key. We have used the Advanced Encryption Standard (AES) algorithm for the symmetric encryption scheme [30]. It offers high security because its design structure removes subkey symmetry. Moreover, execution times and energy consumption in cryptography processes are adequate for low-power devices. The asymmetric key encryption scheme is used for distribution of the session key and for the user authentication process. We used two types of asymmetric encryption schemes: Elliptic Curve Cryptosystem (ECC), because of its high performance [31], and the Rivest, Shamir & Adleman cryptographic algorithm (RSA) [32]. After the mutual authentication, A will encrypt the session key with Bs public key and will send it to B. Then, they will agree the transmission protocols and the wireless connection speed. Finally, B will configure IP address and routing information. Secure routing protocol is borrowed from [24]. B generates an IP address which has a fixed part in the first two bytes and the rest is formed by a random number which depends on the users data. Then, B will send the data to process the routing information to A. A will check whether the IP is duplicated in the network. When B sends data to other network nodes, e.g., node C , these data will be validated by C (using hashing and authentication methods). Afterwards, C will establish the trust level with B, by looking physically. If no trust level is established, it will be done afterwards by using trusted chains.

trusting if it discovers that previous trust chain does not exist anymore.

PROTOCOL AND NETWORK MANAGEMENT

3.1.2 Step 2: Services Discovery B asks for the available services. Services can be discovered using Web Services Description Language (WSDL). Our model is based on [33], but in our spontaneous network we dont use a central server. Moreover, other service discovery services can be implemented in our system [34]. A user can ask other devices in order to know the available services. It has an agreement to allow access to its services and to access the services offered by other nodes. Services have a large number of parameters which are not transparent to the user and require manual configuration. One issue is to manage the automatic integration tasks and use, for example, service agents. Other is to manage secure access to the services offered by the nodes in the network. The fault tolerance of the network is based on the routing protocol used to send information between users. Services provided by B are available only if there is a path to B, and disappear when B leaves the network. 3.1.3 Step 3: Establishing Trusted Chain and Changing Trust Level There are only two trust levels in the system. Node A either trusts or does not trust another node B. The software application installed in the device asks B to trust A when it receives the validated IDC from B. Trust relationship can be asymmetric. If node A did not establish trust level with node B directly, it can be established through trusted chains, e.g., if A trusts C and C trusts B, then A may trust B. Trust level can change over time depending on the nodes behavior. Thus, node A may decide not to trust node B although A still trusts C and C trusts B. It can also stop

In the network formation, nodes perform an initial exchange of configuration information and security using the mechanism of authentication or greeting based on the works shown in [35], [36]. This mechanism avoids the need for a central server, making the tasks of building the network and adding new members very easy. The network is created using the information provided by users, thus, each node is identified by an IP address. Services are shared using TCP connections. The network is built using IEEE 802.11b/g technology which has high data rates to share resources. We have reserved the short-range technology (Bluetooth) to allow authentication of nodes when they join the network. After the authentication process, each node learns the identity card of other known nodes, a public key and a LID. This information will be updated and completed throughout the network nodes. This structure provides an authenticated service that verifies the integrity of the data from each node because there is a distributed CA. Each node requests the services from all the nodes that it trusts, or from all known nodes in the network, depending on the type of service. A request to multiple nodes is made through diffusion processes. The protocol prioritizes access to information through trusted nodes. When the information cannot be obtained through these nodes, it can then ask other nodes. Nodes can also send requests to update network information. The reply will contain the identity cards of all nodes in the network. The node replying to this request must sign this data ensuring the authenticity of the shipment. If it is a trusted node, its validity is also ensured, since trusted nodes have been responsible for validating their previous certificates. Under this network, any type of service or application can be implemented. The services offered by our protocol will be secure.

4.1 Network Creation The first node in the network will be responsible for setting the global settings of the spontaneous network (SSID, session key, ...). However, each node must configure its own data (including the first node): IP, port, data security, and user data. This information will allow the node to become part of the network. After this data are set in the first node, it changes to standby mode. 4.1.1 Joining New Members The second node first configures its user data and network security. Then, the greeting process starts. It authenticates against the first node. Our protocol relies on a sublayer protocol (which can be Bluetooth [37] or Zigbee). The connection is created through a short-range link technology, to provide flexibility and ease of detection and selection of nodes, and visual contact with the user of the node. Furthermore, minimal involvement of the user is required to configure the device, mainly to establish trust. This technology also limits the scope and the consumption of

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

633

Fig. 3. Authentication procedure.

Fig. 2. New network creation procedure.

their neighbors until the data reach all nodes in the network. This process allows verifying the validity and uniqueness of the new nodes data. The authentication process for new device B is shown in Fig. 3. The receiver node A validates the received data and sends a broadcast message to B to check if these data are not used in the network (even the IP address). This IP checking packet is sent randomly twice in order to avoid simultaneous checks and reach all devices [13], [14]. When the authentication device receives the IP checking reply, it sends the authentication reply to the new device. If any step is wrong, an error message is sent to the new device. When the node is authenticated, it is able to perform several tasks. Some of them are performed transparently for the user, but others are used by the user to perform some operations in the network. They are the user application options. Fig. 4 shows the structure of the programmed application in UML language. The authenticated node can perform the following tasks: . . . Display the nodes. Modify the trust of the nodes. Update the information: It allows a node to learn about other nodes in the network and also to send its data to the network. This update could be for only one user or for all users in the network through a controlled diffusion process. Other nodes certificate request: A node could be requested from other node, from all trusted nodes or from all known nodes. In case of all known nodes, the node that replies to the request will always sign the data. The data will be considered validated if a trusted node has signed them. Process an authentication request: The node authenticates a requesting node by validating the received information, user authentication, and verifying the nonduplication of the LID data and the proposed IP. Reply to an information request: the requested information will be sent directly to the requesting node or routed if the node is not on the communication range. Forward an information request: The request will be forwarded if it is a broadcast message. Send data to one node: It can be sent symmetrically or asymmetrically encrypted, or unencrypted. Send data to all nodes: This process is doing by a flooding system. Each node retransmits the data

involved nodes. Each additional node authenticates with any node in the network.

4.2 Protocol Operation In order to design the diagrams of the protocol, we have used the Unified Modeling Language (UML). The UML is a visual specification standardized language that is built to model object oriented systems. We use keys, activities, and use cases (diagrams offered by the standard) to define the processes, the structure of the classes in the system, and the behavior of objects or operations. Once the validation/registration process of the user in the device has been done, he/she must determine whether to create a new network or participate in an existing one. If he/she decides to create a new network, it begins the procedure shown in Fig. 2. First, a session key will be generated. Then, the node will start its services (including the network and authentication services). Finally, it will wait for requests from other devices that want to join the network. If the user wants to become part of an existing network, the node follows Step 1 algorithm from Section 3, to find a device that will give trust to it, save corresponding data and will able to begin communications. The node that belongs to the network, and is responsible for validating the new nodes data, will perform a diffusion process to the nodes that are within its communication range. These nodes will forward the received packets to

. . .

634

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

Fig. 4. Node options after the authentication procedure.

only the first it receives the data. It can be sent symmetrically encrypted or unencrypted. . Modify Data: User data can be modified and the password changed. . Leave the network. To request a certificate, the node sends a request certificate message to its trusted nodes. The application generates a packet to request the certificate to its trust nodes which are selected from the database. All the steps followed by this procedure are shown in Fig. 5. To process the received request, the node checks if it can reply to the request, if not, the node sends the search to other nodes (that it trusts or known nodes). Then, the node has to validate the certificate and sends it to the requesting

node. When the server process receives the packet, it processes the packet in order to take the certificate and checks its validity access to the certificate data. Fig. 6 shows the steps of this procedure. To send data encrypted with the public key to a node, the user has to select the remote node and write the data. Then, the message is encrypted using the remote nodes public key. Fig. 7 shows the encryption and packet sending procedure. The application encrypts the data with the public key, generates the packet and sends it to the selected node. Each node has to check every received data packet. If the received packet is not encrypted, it is shown directly to the user, but if it is encrypted, the packet will be deciphered using the encryption model used by the sender. The algorithm followed by the node is shown in Fig. 8. A node follows the procedure shown in Fig. 9 when it receives a data packet that is ciphered by a public key. When the server process received the packet, it is in charge of deciphering it with the private key of the user.

4.3 Protocol Implementation We have developed 16 packets for the proper running of the protocol. Table 1 shows these packets. Some of them have been shown in Fig. 3. When a device wants to join a spontaneous network it has to start the process by sending a Discovery request packet (01), which contains the Logical IDentity of the user in order to let the destinations know the sender device. The
Fig. 5. Procedure to request a certificate from trusted nodes.

Fig. 6. Procedure to process the request.

Fig. 7. Procedure to send data encrypted with the public key.

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

635

Fig. 8. Algorithm when data packets are received.

Fig. 9. Procedure to decrypt an encrypted data packet.

receivers will reply with the Discovery reply packet (02) with their Logical IDentity, their IP address, and network mask. This information is then used to learn the selected device to authenticate and to propose an IP inside that network IP range. The authentication request packet (03) is used for the new device authentication. The authentication reply packet (04) confirms that the proposed IP and the email are unique in the network, so the new device is officially authenticated. In case of duplication, an error packet is sent. The IP and e-mail checking packet (05) is used by the authenticator device to verify that no one in the network has the same email or IP address as the one proposed by the new device. The IP and e-mail checking reply packet (06) is sent to the authenticator device in order to verify that the IP and e-mail are unique. If the IP is duplicated, the device must restart the authentication process after the generation of a new IP. The update request to one node (07) is used to request information to a specific known node and the update reply from one node (08) is used to reply with the information requested by the update request packet to one node. Unknown information can be requested from all nodes in the network by sending the update request to all network nodes packet by flooding (09). The reply with the information requested is called update reply to all network nodes packet (10). The Certificate request to trusted nodes (11) and the Certificate request to known nodes (12) are used to request the certificate from all trusted and all known nodes, respectively. Both packets are replied to by the certificate reply packet (13). Data are sent using the Packet for sending data (14). This packet is sent when the user decides to communicate with one or more nodes. These data could be sent in plain or encrypted text. The error packet (15) can be sent to indicate that this operation is not possible, because the authentication has failed, or because the node does not have the required data. The acknowledge packet (16) is used to confirm to the sender that the packet has arrived at its destination correctly.

network will keep the session key until it expires. It will let the user return to the network if it has joined previously (the spontaneous network is usually set up for a limited period of time, which is usually not very long). However, if a node is disconnected from the network during the period of time when the session key has been renewed, it will not be able to access the network until it is authenticated again with someone from the network. The session key is formed by three fields: session key creation time/date (F c), session key initial expiration time/ date (Fe1), and the session key (Ks). The lifetime of the session key is T i1 F e1 F c. When a node receives the session key, it will regenerate the expiration time/date of the key by using the session key initial expiration time/ date. The expiration time/date F e2 is the session key initial expiration time/date plus a random value that ranges from 1 minute to the maximum expected duration time of the spontaneous network (this value depends on the type of spontaneous network: meeting, teaching, course,...). Fc, Fe1, Fe2, and Ks are stored in each node. Session keys do not expire simultaneously in all nodes. It avoids network flooding (to inform about the need for new session key) initiated simultaneously by many nodes, when the session key is to be revoked. Node that detects expiring session key lifetime will send a broadcast message (with its current time) to advise other nodes that a new session key will be generated, and to avoid duplications (in the event of a tie,
TABLE 1 Protocols Packets

4.4 Session Key Revocation The user certificate has an expiration time. After this time, the user must authenticate with the device. Otherwise, the device is blocked. Session key has an expiration time, so it is revoked periodically. A node that leaves the spontaneous

636

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

the node with oldest time wins). Then, node sending the broadcast message will generate the new session key and will broadcast it encrypted with the old session key to all their neighbors, to be eavesdropped). Then, the receiver will store the new session key with the new session key initial expiration time and will replace the old session key with the new one, thus it will only be able to receive information from updated nodes, not from ones not yet updated (thereby avoiding updating loops). When the system detects that a node is compromised, trust is removed and the session key is regenerated following the aforementioned procedure. If a neighbor is compromised, a new session key is sent using asymmetric encryption. Moreover, authenticity can be guaranteed if the node that generated the new session key signs it.

TABLE 2 Times for Each Cryptographic Operation

SECURITY ANALYSIS/EVALUATION OF THE PROPOSED SCHEME

In this section, we analyze and evaluate the proposed security scheme. The proposed security protocol is adaptable because new security cryptographic algorithms can be easily added. In order to perform an analysis and evaluation from the practical perspective, we provide Table 6, which shows the most common attacks in spontaneous wireless ad hoc networks and how our proposal refuses them. We can observe that the secure mechanisms included in our spontaneous ad hoc network make it to accomplish high level of security.

COMPARING SPONTANEOUS NETWORK FEATURES

We have not found another secure protocol for spontaneous wireless ad hoc network deployed, so we have searched other spontaneous network proposals published in the literature in order to compare their features with our proposal. Some of them have not included any security system, but others have included some systems that exist by default in the used technology, such as Wired Equivalent Privacy (WEP), IPSec, and Diffie-Hellman. But no one propose a complete security protocol, which is the main purpose of this paper. Moreover, the security explanations in these papers are few and they do not tackle security issues in detail. They only describe how new nodes join the network securely; neither explain how the information is secured nor show its security performance. In this comparison, we have included the main features of a spontaneous network: need for user intervention, selfconfiguration, and security. We have also included network purpose (what is it created for), the programming language used to create it and if there is a real prototype in existence. Table 5 shows the comparison of other networks with our proposal. As we have detailed in the related work section, in [20], [21], and [22] only include a security mechanism for accessing new nodes is only included, not a complete security protocol to perform secure communications in spontaneous networks.

Java programming, whose mobility, interoperability, and multiplatform features are very useful to deploy the protocol. Given that the protocol may work on devices with limited resources, we have used a Java variant called Java 2 Platform, Micro Edition (J2ME). It also has a small and fast virtual machine (KVM) that allows us to run the software without overloading the device. This platform is especially designed for personal use and embedded devices. The configuration package selected was the connected limited device configuration (CLDC). It is a set of classes for a family of mobile devices, defining the type and amount of memory or processor type. Devices running CLDC must have a minimum of 160 KB memory to store the Java technology stack. It can run when there are computing and process limitations, and for low-power devices. It allows the implementation of communication protocols over both WiFi and Bluetooth technologies. We used Mobile Information Devi Profile (MIDP), suitable for portable devices with limited screen, required for persistent storage, and network communications capabilities. We used a thirdparty manufacturer to introduce security in the protocol. We selected Crypto, a Bouncy Castle Lightweight API [38] solution, since it provides a lightweight cryptographic open source API, which can be used in any environment, including J2ME.

PERFORMANCE ANALYSIS

We ran a set of tests to validate the protocol operation and test its performance. The protocol has been developed using

7.1 Test Bench To evaluate our protocol, we performed a series of tests throughout the entire life cycle of the device. The tests were carried out with different mobile phones and PDAs, and we

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

637

TABLE 3 Data Size Tests

Fig. 10. Runtimes comparison (cryptographic operations).

Fig. 12. Maximum number of stored nodes versus available memory. Fig. 11. Communication performance tests.

TABLE 4 Test of Memory Utilization (in KB)

also used an emulator running in a personal computer in order to compare the results. The analysis has focused on functional testing, performance, security, capacity, operation, installation, and availability against failures, as well as communication with other devices. First, we measured the response times given by the cryptographic operations, which usually tend to overload devices with limited resources and, then, we measured the time taken by a device to reply when it is sending data (these operations involve too much processing time in the devices). Communications were performed over Bluetooth technology because it gave lower response times.

7.2 Response Times in Cryptographic Operations In this test, we measured the time needed to perform each cryptographic operation using emulator software (Sun Java J2ME Wireless Toolkit 2.5.1) and a real deployment in a mobile device. Asymmetric cryptography measurements used RSA algorithms (512-bit key and 1,024 bit) and ECC algorithms (192-bit keys). Symmetric cryptography measurements used the 128-bit AES algorithm. Finally, summary function measurements were taken with the 160-bit SHA-1 algorithm. We performed this test three times to obtain more accurate values. The real test was performed in a spontaneous network with eight devices. Table 2 shows the average measurements from these three tests. In the second column, Key means key size, and text means text size. In the third column, E means the value obtained using a simulator in a personal computer (measures were taken using the memory monitor provided

by Netbeans [39]), and M is the value obtained using a Nokia E65 mobile device. Large differences can be seen in some cases. Fig. 10 shows a comparative graph. It includes the measurements from Table 2 plus others that are considered interesting to perform such comparison. We have used the following nomenclature: operation, algorithm used, key size, device, size of text. For Fig. 10, we have grouped data according to the type of operations: key creation (crea.clav), cif.asym (asymmetric encryption), cif.sym (symmetric encryption), des.asym (asymmetric decryption), des.sym (symmetric decryption), firm.clav (key signature), and ver.clav (key verification). The operations to create asymmetric (public and private) keys are the ones that need more time (especially with 1,024-bit RSA keys). But, they are performed only once per user/device and performance does not depend directly on the efficiency of the algorithm

638

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

Fig. 13. Memory used by both nodes from the certificate creation to the data transfer between them.

selected for this operation. Avoiding these operations, the ones that use the ECC algorithm (encryption, signing, decryption, and verification) are the ones that need more time. All ECC operations have a delay around 8 seconds. The lower time cost is given by the symmetrical operations, which are the most used security operations in the protocol. We have verified the encryption/decryption processes among nodes, the process when they receive data and we measured the time needed to perform these operations.

7.3 Response Times Sending Data In order to test whether delivery times are adequate, we tested the response times of a regular packet in both Bluetooth and WiFi. Fig. 11 shows the average value, obtained from five tests, and the maximum and minimum values. The real test always gave higher values than the simulator. The real test measurements have been performed in a spontaneous network with eight devices. The highest value was given by the Nokia E65 using Bluetooth (354.82milliseconds), while WiFi gave 277.6 milliseconds. When we used the simulator software, the mean value for Bluetooth was 74.4 milliseconds, for WiFi it was 84.4 milliseconds. 7.4 Data Size and Memory Tests We carried out two types of tests. The first one to obtain the storage memory size needed for the configuration data (user and data network configuration). The second one to

find out how much memory is needed to implement the protocol. The memory needed depends on the number of nodes in the spontaneous network. More nodes imply the need of more memory to store their data. User data and network configuration and information data obtained or generated during the set up process are saved in a storage memory. This information can be removed when the user leaves the application or it may be stored if the user wants to use it later. Table 3 shows data size tests with the number of bytes needed for each process. For example, a device of a user with regular data, which knows eight nodes in the same spontaneous network, will use approximately 6 KB of memory. This is completely affordable for a mobile device. Fig. 12 shows the maximum number of nodes that can be stored depending on the available memory capacity of the mobile device when the percentage of memory availability for data storage is 30 percent (which will entail no storage problem if the devices have limited resources). The network is expected to be a small or medium-sized network, so it would require a small storage memory to work within the network. Also today almost all new mobile devices can increase their capacity with external memory cards, thus increasing storage capacity. The devices running this protocol must have a minimum of volatile memory. Table 4 shows the protocol and the amount of memory used by each step at any time. Once a

Fig. 14. Memory used by the authenticated node and by the node that carried out the authentication when a new node becomes part of the network.

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

639

TABLE 5 Comparative of Spontaneous Networks

TABLE 6 Security Evaluation of Our Proposal

node creates the spontaneous ad hoc network, after the authentication process, it is responsible for sending the messages. The measures have been taken using the memory monitor provided by Netbeans.

7.5

Memory Consumed in Each Operation during Spontaneous Network Creation Fig. 13 shows the memory used, when a new node joins the spontaneous network, by both nodes for all the processes (from certificate creation to data transfer). The node that generates the network uses more memory because it is in charge of sending two messages for the authentication process, one with the symmetric encryption and another with asymmetric encryption. Fig. 14 shows the memory used by a node that is in the spontaneous network and a new node when the last one becomes part of the network. The processes carried out include the authentication phase, sending and receiving messages, and encrypting and decrypting processes. We can see that the process that needs more memory is the key creation process. The other processes are not so demanding on memory, so they can run on devices with limited resources.

CONCLUSION

In this paper, we show the design of a protocol that allows the creation and management of a spontaneous wireless ad hoc network. It is based on a social network imitating the behavior of human relationships. Thus, each user will work to maintain the network, improve the services offered, and provide information to other network users. We have provided some procedures for self-configuration: a unique IP address is assigned to each device, the DNS can be managed efficiently and the services can be discovered automatically. We have also created a user-friendly application that has minimal interaction with the user. A user without advanced technical knowledge can set up and participate in a spontaneous network. The security schemes included in the protocol allow secure communication between end users (bearing in mind the resource, processing, and energy limitations of ad hoc devices). We have performed several tests to validate the protocol operation. They showed us the benefits of using

this self-configuring ad hoc spontaneous network. The response times obtained are suitable for use in real environments, even when devices have limited resources. Storage and volatile memory needs are quite low and the protocol can be used in regular resource-constrained devices (cell phones, PDAs...). We intend to add some new features to the user application (such as sharing other types of resources, etc.) and to the protocol, such as an intrusion detection mechanism and a distributed Domain Name Service by using the LID and IP of the nodes. Now, we are working on adding other types of nodes that are able to share their services in the spontaneous network. The new nodes will not depend on a user, but on an entity such as a shop, a restaurant, or other types of services.

REFERENCES
[1] L.M. Feeney, B. Ahlgren, and A. Westerlund, Spontaneous Networking: An Application-Oriented Approach to Ad-hoc Networking, IEEE Comm. Magazine, vol. 39, no. 6, pp. 176-181, June 2001. J. Lloret, L. Shu, R. Lacuesta, and M. Chen, User-Oriented and Service-Oriented Spontaneous Ad Hoc and Sensor Wireless Networks, Ad Hoc and Sensor Wireless Networks, vol. 14, nos. 1/ 2, pp. 1-8, 2012. S. Preu and C.H. Cap, Overview of Spontaneous Networking Evolving Concepts and Technologies, Rostocker InformatikBerichte, vol. 24, pp. 113-123, 2000.

[2]

[3]

640

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

VOL. 24,

NO. 4,

APRIL 2013

[4] [5]

[6] [7]

[8] [9]

[10] [11] [12]

[13] [14]

[15] [16]

[17]

[18] [19]

[20]

[21]

[22] [23]

[24]

[25]

alver, A Spontaneous R. Lacuesta, J. Lloret, M. Garcia, and L. Pen Ad-Hoc Network to Share WWW Access, EURASIP J. Wireless Comm. and Networking, vol. 2010, article 18, 2010. Y. Xiao, V.K. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, A Survey of Key Management Schemes in Wireless Sensor Networks, Computer Comm., vol. 30, nos. 11/12, pp. 2314-2341, Sept. 2007. V. Kumar and M.L. Das, Securing Wireless Sensor Networks with Public Key Techniques, Ad Hoc and Sensor Wireless Networks, vol. 5, nos. 3/4, pp. 189-201, 2008. S. Zhu, S. Xu, S. Setia, and S. Jajodia, LHAP: A Lightweight Hopby-Hop Authentication Protocol For Ad-Hoc Networks, Ad Hoc Networks J., vol. 4, no. 5, pp. 567-585, Sept. 2006. A. Noack and S. Spitz, Dynamic Threshold Cryptosystem without Group Manager, Network Protocols and Algorithms, vol. 1, no. 1, Oct. 2009. J. Yan, J. Ma, F. Li, and S.J. Moon, Key Pre-distribution Scheme with Node Revocation for Wireless Sensor Networks, Ad Hoc and Sensor Wireless Networks, vol. 10, nos. 2/3, pp. 235-251, 2010. M. Mukesh and K.R. Rishi, Security Aspects in Mobile Ad Hoc Network (MANETs): Technical Review, Intl J. Computer Applications, vol. 12, no. 2, pp. 37-43, Dec. 2010. K. Sahadevaiah and P.V.G.D. Prasad Reddy, Impact of Security Attacks on a New Security Protocol for Mobile Ad Hoc Networks, Network Protocols and Algorithms, vol 3, no. 4, pp. 122-140, 2011. L. Herrero and R. Lacuesta, A Security Architecture Proposal for Spontaneous Networks, Proc. Intl Conf. Advances in the Internet Processing System and Interdisciplinary Research, Oct. 2003. aver, IP Addresses Configuration in R. Lacuesta and L. Pen Spontaneous Networks, Proc. Ninth WSEAS Intl Conf. Computers (ICCOMP 05), July 2005. alver, Automatic Configuration of Ad-Hoc R. Lacuesta and L. Pen Networks: Establishing Unique IP Link-Local Addresses, Proc. Intl Conf. Emerging Security Information, Systems and Technologies (SECURWARE 07), 2007. J. Latvakoski, D. Pakkala, and P. Paakkonen, A Communication Architecture for Spontaneous Systems, IEEE Wireless Comm., vol. 11, no. 3, pp. 36-42, June 2004. L. Liu, J. Xu, N. Antonopoulos, J. Li, and K. Wu, Adaptive Service Discovery on Service-Oriented and Spontaneous Sensor Systems, Ad Hoc and Sensor Wireless Networks, vol. 14, nos. 1/2, pp. 107-132, 2012. S. Gallo, L. Galluccio, G. Morabito, and S. Palazzo, Rapid and Energy Efficient Neighbor Discovery for Spontaneous Networks, Proc. Seventh ACM Intl Symp. Modeling, Analysis and Simulation of Wireless and Mobile Systems, Oct. 2004. ckstro m and S. Nadjm-Tehrani, Design of a Contact Service J. Ba in a Jini-Based Spontaneous Network, Proc. Intl Conf. and Exhibits on the Convergence of IT and Comm., Aug. 2001. V. Untz, M. Heusse, F. Rousseau, and A. Duda, Lilith: an Interconnection Architecture Based on Label Switching for Spontaneous Edge Networks, Proc. First Ann. Intl Conf. Mobile and Ubiquitous Systems: Networking and Services (Mobiquitous 04), Aug. 2004. L.M. Feeney, B. Ahlgren, A. Westerlund, and A. Dunkels, Spontnet: Experiences in Configuring and Securing Small Ad Hoc Networks, Proc. Fifth Intl Workshop Network Appliances, Oct. 2002. M. Danzeisen, T. Braun, S. Winiker, D. Rodellar, Implementation of a Cellular Framework for Spontaneous Network Establishment, Proc. IEEE Wireless Comm. and Networking Conf. (WCNC 05), Mar. 2005. J. Rekimoto, SyncTap: Synchronous User Operation for Spontaneous Network Connection, Personal and Ubiquitous Computing, vol. 8, no. 2, pp. 126-134, May 2004. C. Cornelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, and N. Triandopoulos, Anonysense: Privacy-Aware People-Centric Sensing, Proc. Sixth Intl Conf. Mobile Systems, Applications, and Services (MobiSys 08), pp. 17-20, June 2008. alver, Two Secure and R. Lacuesta, J. Lloret, M. Garcia, and L. Pen Energy-Saving Spontaneous Ad-Hoc Protocol for Wireless Mesh Client Networks, J. Network and Computer Applications, vol. 34, no. 2, pp. 492-505, Mar. 2011. J. Sun, C. Zhang, Y. Zhang, and Y. (Michael) Fang, An IdentityBased Security System for User Privacy in Vehicular Ad Hoc Networks, IEEE Trans. Parallel and Distributed Systems, vol. 21, no. 9, pp. 1227-1239, Sept. 2010.

[26] FIPS 180-1 - Secure Hash Standard, SHA-1, National Institute of Standards and Technology, http://www.itl.nist.gov/fipspubs/ fip180-1.htm, Feb. 27, 2012. [27] A. Wander, N. Gura, H. Eberle, V. Gupta, and S. Chang, Energy Analysis for Public-Key Cryptography for Wireless Sensor Networks, Proc. IEEE Third Intl Conf. Pervasive Computing and Comm. (PerCom 05), pp. 8-12, Mar. 2005. [28] N.R. Potlapally, S. Ravi, A. Raghunathan, and N.K. Jha, Analyzing the Energy Consumption of Security Protocols, Proc. Intl Symp. Low Power Electronics and Design (ISLPED 03), 2003. [29] J. Goodman and A. Chandrakasan, An Energy Efficient Reconfigurable Public-Key Cryptography Processor Architecture, Proc. Intl Workshop Cryptographic Hardware and Embedded Systems (CHES 00), pp. 175-190, 2000. [30] S. Landau, Communications Security for the Twenty-First Century: The Advanced Encryption Standard, Notices of the Am. Math. Soc., vol. 47, no. 4, pp 450-459, Apr. 2000. pez and R. Dahab, Performance of Elliptic Curve Crypto[31] J. Lo systems, Technical Report IC-00-08, May 2000. [32] R. Mayrhofer, F. Ortner, A. Ferscha, and M. Hechinger, Securing Passive Objects in Mobile Ad-Hoc Peer-to-Peer Networks, Electronic Notes in Theoretical Computer Science, vol. 85, no. 3, pp. 105-121, Aug. 2003. [33] S.E. Czerwinski, B.Y. Zhao, T.D. Hodes, A.D. Joseph, and R.H. Katz, An Architecture for a Secure Service Discovery Service, Proc. ACM/IEEE MobiCom 99, Aug. 1999. [34] L. Liu, J. Xu, N. Antonopoulos, J. Li, and K. Wu, Adaptive Service Discovery on Service-Oriented and Spontaneous Sensor Systems, Adhoc and Sensor Wireless Networks, vol. 14, nos. 1/2, pp. 107-132, 2012. [35] S. Capkun, L. Buttyan, and J.-P. Hubaux, Self-Organized PublicKey Management for Mobile Ad Hoc Networks, IEEE Trans. Mobile Computing, vol. 2, no. 1, pp. 52-64, Jan.-Mar. 2003. [36] T. Czachorski and F. Pekergin, Diffusion Approximation as a Modeling Tool in Congestion Control and Performance Evaluation, Proc. Second Intl Working Conf. Performance Modelling and Evaluation of Heterogeneous Networks (HET-NETs 04), July 26-28, 2004. [37] R. Lacuesta and L. Herrero, A Good Use of Bluetooth, A Good Use of Bluetooth, Proc. Intl Workshop Advanced Web Eng. for eBusiness (AWEEB 04), Mar. 21, 2004. [38] The Legion of the Bouncy Castle Website, at http:// www.bouncycastle.org, Feb. 2012. [39] Netbeans website, at: http://netbeans.org/, Feb. 2012. [40] V.H. Zarate Silva, E.I. De la Cruz Salgado, and F. Ramos Quintana, AWISPA: An Awareness Framework for Collaborative Spontaneous Networks, Proc. ASEE/IEEE 36th Frontiers in Education Conf., Oct. 2006. Raquel Lacuesta received the degree of computer science engineering in 1999 and the PhD degree in computer science engineering (Dr.Ing) in 2008 both from the Polytechnic University of Valencia. Her main topics of research are security and autoconfiguration on ad hoc and spontaneous networks and design and evaluation of routing algorithms. She is working mainly with The Networking Research Group (GRC) that belongs to the Technical University of Valencia (UPV) which was founded in the last quarter of 2000. She has more than 30 scientific papers published in national and international conferences; she has also more than 15 papers about education published in national and international conferences and several papers published in international journals. She is an associate editor and reviewer in the international journal Networks Protocols and Algorithms and member of different national and international researching project. She has been involved in several important program committees of international conferences and in the organization of some of them. Also, she has been chairwoman on different international conferences.

LACUESTA ET AL.: A SECURE PROTOCOL FOR SPONTANEOUS WIRELESS AD HOC NETWORKS CREATION

641

Jaime Lloret received the MSc degree in physics in 1997, the MSc degree in electronic engineering in 2003, and the PhD degre in telecommunication engineering (Dr.Ing) in 2006. He is a Cisco Certified Network professional instructor. He worked as a network designer and administrator in several enterprises. He is currently an associate professor in the Polytechnic University of Valencia. He is the head of the research group communications and remote sensing of the Integrated Management Coastal Research Institute and he is the head of the Active and collaborative techniques and use of technologic resources in the education (EITACURTE) Innovation Group. He is the director of the University Expert Certificate Redes y Comunicaciones de Ordenadores. He is currently vice-chair of the Internet Technical Committee (IEEE Communications Society and Internet society) and the vice-chair for the Europe/Africa Region of Cognitive Networks Technical Committee (IEEE Communications Society). He is a IARIA New Research Initiatives Board chair. He has one research book, and more than 165 research papers published in national and international conferences, international journals (most of them with Impact Factor), and books. He has 11 educational books, and more than 55 papers published in international conferences, journals and books of education. He has been the coeditor of 15 conference proceedings and guest editor of several international books and journals. He is an editor-in-chief of the international journal Networks Protocols and Algorithms, IARIA Journals Board chair (eight Journals) and he is an associate editor of several international journals. He has been involved in more than 160 Program committees of international conferences and in many organization and steering committees. He led many national and international projects. He has been the general chair of SENSORCOMM 2007, UBICOMM 2008, ICNS 2009, ICWMC 2010, and eKNOW 2012, and cochairman of ICAS 2009, INTERNET 2010, MARSS 2011, IEEE MASS 2011, SCPA 2011, and ICDS 2012. He is the co-chairman of IEEE SCPA 2012 and GreeNets 2012, and chair of MIC-WCMC 2013. He is a senior member of the IEEE and an IARIA fellow.

Miguel Garcia received the MSc degree in telecommunications engineering in 2007 and the masters degree called Master en Tecnoas, Sistemas y Redes de Comunicaciones log ` cnica de in 2008 both from the Universitat Polite Valencia, Valencia, Spain. He is currently working toward the PhD degree in the Department of ` cnica Communications of the Universitat Polite de Valencia. He has been a Cisco Certified Network associate instructor since 2007. He is currently a researcher in Research Institute for Integrated Management of Coastal Areas (IGIC) in the Higher Polytechnic School of Gandia, Spain. Until 2011, he had more than 45 scientific papers published in international conferences. He had several educational papers. He had more than 30 papers published in international journals (most of them with Journal Citation Report). He has been technical committee member in several conferences and journals, also he has been in the organization committee of several conferences. He is an associate editor of International Journal Networks, Protocols & Algorithms. He is a graduate student member of the IEEE. alver received the PhD degree in Lourdes Pen 1998 in computer engineering. She is an associate professor in the Department of Ingenieria de Computadores y Arquitectura in the area of Computer Engineering at Universidad cnica de Valencia. She has been involved Polite in several research projects about automatic control and robotics. For the last 10 years, she is researching and carrying out projects about trusted and collaborative models for wireless networks. She has more than 30 papers in international conferences and journals (some of them with impact factor). She has been co-editor of several conference proceedings. She was the general chair of SECUREWARE 2007 and ICAS 2009 and co-chair of ADVCOMP 2008.

. For more information on this or any other computing topic, please visit our Digital Library at www.computer.org/publications/dlib.