Hubaux, Jean-PierreCapkun, Srdan2005-03-162005-03-16200410.5075/epfl-thesis-3065https://infoscience.epfl.ch/handle/20.500.14299/212362urn:nbn:ch:bel-epfl-thesis3065-6This thesis is primarily concerned with two security mechanisms for wireless networks: location verification and key management. These mechanisms are potential building blocks in the security architectures of a range of applications. Under location verification, we consider mechanisms for secure encounter, distance and position verification. Possible applications of location verification mechanisms include node tracking, secure topology discovery, secure positioning and the detection of node removal and stealing. Key management protocols are used to ensure that correct public keys of entities are known and used with the entities to which they correspond, and that correct shared secret keys are used with the entities with which they are established. Key management protocols thus provide a good basis for achieving various security objectives, such as securing routing, or the protection of users' personal communications. In the first part of this thesis, we propose several location verification mechanisms and we show their applicability to wireless networks. First, we analyze the resistance of the distance and position measurement techniques to attacks. We then propose mechanisms for secure position verification. We further demonstrate the applicability of these mechanisms to secure positioning and node removal detection in wireless multi-hop networks. We then present a set of mechanisms for the verification of node encounters in wireless multi-hop networks. Finally, we show how encounter verification can be used to prevent wormhole attacks, to secure lastencounter routing, and to secure topology discovery. Our location verification mechanisms are based on distance-bounding and distance estimation techniques, and rely on conventional cryptographic primitives. In the second part of the thesis, we propose a straightforward, mobility-assisted technique that can be used to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols are run. We illustrate the operation of the solution in fully self-organized ad hoc networks, and in ad hoc networks that are controlled by an off-line central authority. We then explore routing in ad hoc networks in which security associations are not established between all pairs of nodes. We show that in that case, secure routing is still possible, and we propose related protocols. We then propose a set of protocols for public-key management in self-organized ad hoc networks. We base our approach on public-key certificates and certificate chaining. We show that this approach is efficient in scenarios in which users issue mutual certificates in a random manner, and in those in which users create PGP-like certificate graphs. We further present a detailed analysis of the PGP certificate graph and we show that this graph exhibits some small world properties. We also present a model for the construction of PGP-like small world certificate graphs.enthesis::doctoral thesis