Advanced Security Methodologies for Spontaneous Networks

H. Kiwan, S. Seenappa Faculty of Engineering and Applied Science, University of Regina

Regina, SK, Canada kiwan20h@uregina.ca, seenapps@uregina.ca

Abstract—The challenge of securing inter-communications becomes recently of great importance. The research on these services is growing rapidly within the recent years. In this paper, we provide an overview on the recent security methodologies in the field of spontaneous networks. We describe the requirements, the aspects, the pros and cons of each one. We raise the flag on open issues in this field over different environments. This paper forms a solid base for future contributions in this research area.

Keywords—Collaboration; security; privacy; spontaneous networks; mobile;

I. INTRODUCTION Nowadays, the great evolution of technology affects

people’s life style. Over 420 million devices were sold on 2011 [1]. In particular, the development, the wide spread and the depending on portable devices and wireless technologies play an effective role in bringing these changes to our life. There are various methods like Bluetooth and Wifi to establish communications between devices in a wireless pervasive computing environment. But, there are many challenges to secure wireless communication between devices. As, the statistics on mobile OS Vulnerabilities show an increase from 115 in 2009 to 163 in 2010 [2].

In other words, in spite of mass development and increasing usage of wireless devices in most of our daily duties, there are many research approaches working on securing the wireless communication between devices. In general, there are two common steps followed to exchange information between two or more devices; 1) verifying the devices identity, 2) exchanging information among them. That is necessary in generating a shared secret key. This paper reviews some approaches to face a number of security challenges. On top of the challenges, security management, key sharing, privilege, access control levels and others.

II. WIRELESS PERVASIVE COMPUTING ENVIRONMENTS BASED ON VISUAL CODE SYSTEM

This research is based on a visual code system to provide secure spontaneous communications among wireless network devices in pervasive computing environments. It considers two models of spontaneous communications, and then the visual code system can be used for securing the models. Ubicode is a visual code system that identifies communicating devices in ad-hoc wireless networks [1]. In Figure 1, the visual code system includes two dimensional barcodes. In this way, the system can have the encoding capacity of a few thousand bits, which is greater than the RSA public key size. There are two

main components of the Ubicode system. The first part presents a code for wireless network information and address, in order to define wireless technology and configuration details, such as BSSID, and network address, such as IP or MAC address. The second part presents a code for a hash algorithm (MD5, SHA1 or other), and value of the public key.

Figure 1: Ubicode Visual Code System [3]

In the visual code system, the network address and public key are known or extracted from a picture, using image processing techniques. The picture is captured using a built-in camera on a mobile device. The system has three main characteristics:

1. Demonstrativeness (pre-authentication process): A picture of a visual code of another device is used to demonstrate identification of devices. Then, the public key is received over the network and can be verified.

2. Line-of-Sight: Mobile devices users can consider hundreds of surrounding wireless devices that are covered by secure communications within the line of sight.

3. Ease-of-Use: Establishing a secure association is easy just like to point-and-shooting a picture.

Figure 2: Communication Models [3]

Models: There are two models; 1) the two-party model, 2) the group model, as shown in Figure 2. The two-party model is based mainly on two parties with one-way or mutual authentication. Then, they use a session key to process the privacy of their communication. However, the group model includes an arbiter that has an ultimate authority and it is responsible for authentication and session (group) key distributing tasks.

978-1-4799-1451-7/13/$31.00 ©2013 IEEE

Protocols: The two-party model has two communication protocols; the One-directional Identification Protocol, and the Mutual Identification Protocol.

A. One-directional Identification Protocol Encoding Phase: A device (A) is associated with Ubicode.

It has a visual code which holds its network information and the hash value of its public key. The visual code is attached on it or is displayed on its screen.

Figure 3: Two Party Communication Protocols [3]

Decoding Phase: A device (B) is associated with Ubicode. It captures and decodes the device (A) visual code. It gets its network address and public key hash value from device (A).

Key Exchange Phase: Device (B) gets the public key through a wireless communication channel with device (A).

Key Verification Phase: Device (B) calculates the device (A) public key's hash value and compares it to the decoded value from the visual code of device (A) in the decoding phase. For a successful identification & verification of device (A) in device (B) the hash values must be equal. Otherwise, it fails.

Secret Key Generation Phase: Then, device (A) and device (B) generate a secret key and establish a trusted private channel in a wireless pervasive computing environment, as shown in Figure 3(A).

B. Mutual Identification Protocols In Figure 3(B), the first step is to run the one-directional

identification protocol from device (A) to device (B), and from device (B) to device (A) without repeating the secret key phase.

Then, both of device (A) and device (B) are verified by each other in an association. Moreover, both of them are in possession of the new secret key after their public key is exchanged. In Figure 3(C), UbiCode supports the communication system, which uses a single public key protocol, because only one device has the processing ability to deal with public key tasks and calculations. For instance, if device (B) has a secret SB, it can send it as a visual code after encoding the hash value of the secret within this code.

C. Group Communication Protocols

Figure 4: Group Communication Protocols [3]

It is based on the same basics of the two-party protocols. As presented in Figure 4(A), the group of devices (A) and (B) includes an arbiter device. It is the device which has the best processing capabilities with the group devices. In order to add device (C) to the group, it authenticates itself and establishes a secure channel with the arbiter device using the visual code system through the two-party communication protocol. The arbiter device generates a new group security key and shares it with the group devices through secure channels with them. The same steps are followed, in case, any device leaves the group. When the new device has no processing abilities to deal with the public key tasks and calculations, it follows the protocol shown in Figure 4(B).

III. ORIENTED APPROACH TO AD HOC NETWORKING Spontaneous networking focuses on developing techniques

for ad hoc networks that are evolved when a set of people uses wireless computing device for some computer-based collaborative activity. The network is spontaneous when users do not identify all the participants in advance [4]. Oriented Approach to Ad Hoc Networking implements a real-world scenario by illustrating the use of spontaneous network and tries to identify the key challenges involved, and some of the techniques that can be used to address them.

The main goal is to enable users to create computer networks as same ease, flexibility, adaptation, and quality as the human interactions, where they are intended to facilitate. Oriented Approach to Ad Hoc Networking provides 5 key challenges for spontaneous networking environment: 1) Network boundaries are poorly defined; this step leads the node into contact with all necessary services. Wireless ad hoc network results in merging and arbitrary partitions due to the absence of natural equivalent. 2) The network is not planned; conforming networks are not constructed on ad hoc basis. The replication and host of services is suggested by Logical and administrative boundaries. 3) Hosts are not preconfigured; so ad hoc network can be built anytime, anywhere and with any participants. The amount of administrative configuration information that can be preconfigured on a node is limited. 4) There are no central servers; server results show unsolved statements, because nodes that become partitioned from the server must agree to either promote a backup server or reinitialize the service. 5) Users are not experts; operations must be perceived to non-technical users. Users are not familiar with such configuration when environment provides complex security issues. Hence, unskilled user’s exposure to the administrative infrastructure is eliminated [4].

Automatic/Dynamic configuration: Spontaneous network handles dynamic network topologies as it cannot depend on any central servers. Dynamic Host Configuration Protocol address assignment does not work in Automatic/Dynamic configuration because the assignment of address needs to be automatic. The two existing technologies are IPV6 stateless address configuration and zero configuration networking. IPV6 helps a mechanism to acquire an unusual address with or without the help of a stateless auto configuration. Zeroconf working group studies the problem of enabling networks that do not require any configuration nor administration [4].

Security: The security association is prolonged to support larger and more complex situations. The authentication of the spontaneous network is required for the network which is created by people. The authentication inherently implements complex trust models while interaction process.

Peer-to-peer operation: Peer-to-peer operation supports individual users who have low-bandwidth connectivity to their home infrastructure. Techniques are dependent on optimistic concurrency. For instance, JetFile-In JetFile nodes share data with each other without any central server process. They are largely dependent on peer to peer communications.

IV. HARDWARE SECURITY CONCEPT FOR SPONTANEOUS NETWORK INTEGRATION OF MOBILE DEVICES

This research puts some specifications to achieve the goal of maximum supporting hardware. It considers a new hardware module that has the size of PCMCIA. It can be attached to the mobile devices. It includes all the following features: 1) A wireless network interface for spontaneous networking in a pervasive environment, 2) A cryptographic module for secure data transmission, 3) A processor module for device control and software applications, 4) A secure memory area for private keys, 5) A biometric sensor for user authorization, 6) An additional autonomous power supply module, 7) An optional hardware connection for a trusted user interface on the card.

The research calls this module a SmartBadge. Its architecture is shown in Figure 5 within a Bluetooth environment.

Figure 5: SmartBadge Concept [3]

Then, the following paragraphs investigate the best and the most suitable module per each assumed feature. The mobile device can be used in a personal area network (PAN).

A. Wireless Network Interfaces: The research selects IrDA and Bluetooth because they are

suitable for PAN.

B. Cryptographic Module: It is a ciphering module. It is used to overcome the problem

of eavesdropping of transmitted data of Bluetooth. Moreover, it supported symmetrical and asymmetrical algorithms. It is implemented by VHDL on FPGA in several projects for ciphering algorithms.

C. Biometric Sensor and Secure Memory: It is used to make a new non-forgettable password that is

related to the psychological or genetic attributes of the mobile device owner. This module is designed to avoid lost or stolen mobile misuse. The best biometric sensor is fingerprint authentication of the mobile device owner.

D. Security Manager: It presents the main feature of the Smartbage. That holds

the communications with secured firmware components. Its functions include: key management, definition of security levels for all devices and services, distinguishing device trust level, storage identifications information about devices, and setting up encryption with a necessary key length.

E. Concept Realization: The research suggests a PDA that has two PCMCIA cards.

The first is PCMCIA Bluetooth card for the wireless network interface. The second holds the crypto-processor, biometric sensor and secure memory. It enables the mobile device using the PCMCIA to establish secure spontaneous communication, as shown in Figure 2.

V. COMMON RADIO ENVIRONMENT Mobile devices positioned in a closed state relation derives

a shared secret to secure their communication by monitoring fluctuations in the signal strength of existing ambient radio sources [5].The experiment postulates securely pair devices in close proximity by deriving a shared secret from characteristics of their common radio environment. The observations on derive a shared secret from common radio environment include: Firstly, mobile devices are equipped with radios, which intend to sense their immediate radio environment. Secondly, devices in close state, quality and order can simultaneously monitor a common set of ambient radio sources and perceive a similar radio channel. Thirdly, radio channels are not predictable due to environmental factors [5]. A feasible explanation of secured paring devices is mainly based on characteristics of their common radio environment.

A. How Does It Work? Secure Pairing of Co-Located Devices: The problem of

secured pairing devices in closed state is evaluated by defining the secure pairing of co-located devices. As, co-located devices (A and B) establish a secure communication channel with each other in the presence of other characterized devices located nearby that may try to credit either A or B. Devices A and B do not pre-identify each other a priori, but they know that they are co-located. It is assumed that devices A and B have compatible radios like GSM or Wifi. Compatible radios are used to establish communications among each other, and to derive a shared secret, based on monitoring their common radio environment. Location–based secrets can be used for pair devices securely. It is tedious to predict fluctuations in the radio environment at a specific location and at a specific time without being physically present at that location and at that time.

Location based authenticated token: Single-used location-based authentication tokens that are derived from the general wireless environment, are used to expand the traditional key exchange techniques, for instance; Diffie-Hellman as a location-based key authentication protocol [5]. It is a cryptographic protocol used by two devices to generate a secret key in an insecure communications channel. The public-key infrastructure (PKI) is accessed to validate the key, which can be removed by the authentication token. The authentication token proves that a key is obtained from the device that is physically allocated in the same location. The authentication token also is used to authenticate that the exchanged keys are not similar to the basis of encryption. Hence, the probability of predicating the token at communication establishing time is minimized. Location based encryption keys: The Diffie-Hellman exchange procedure is incapable for CPU

handicapped devices, due to performance limitations. Hence, a shared key can be derived over the shared radio environment directly. As a result, the expensive requirements of the Diffie-Hellman exchange are eliminated.

B. Requirements on Radio Environment Devices in close proximity derive a location specific secret

& share time by monitoring their radio environment. Secure pairing practically imposes three requirements based on the characteristics of the radio environment as recognized by the co-located devices. Firstly, the signal at any specific location fluctuates unpredictably over time. Secondly, the signal at two different locations, some distance apart, fluctuates in a different channel over the same period of time. Thirdly, the radio environment perceived by the two co-located devices provides similarities [5]. Sony Ericsson GM29 GSM modem is used in the implementation to obtain a series of GSM measurements at a single location. GSM modem is polled every 5 seconds until this interval is adequate for the GSM modems to update their information about the radio environment. The transformation GSM signal strength, on three different GSM channels at a single location over 10 minutes, is shown in Figure 6. GSM signals fluctuation cannot be identified on small scale overtime; hence an attacker cannot identify the system by fingerprinting its location.

Figure 6: Signal Strength of 3 GSM channel over 10 minutes [5]

An experiment is implemented on antennas of two standard GSM modems (m1, m2) in close proximity to each other and an antenna of a third GSM modem m3. m3, attacker, is located 2 meters away from both of them. The attacker collects a series of GSM measurements over a 5 minute period. m1, m2 and m3 observe signals from the same 14 GSM channels. The main aim of this experiment is to obtain the similarity of the signal strength fluctuations between the three possible pairs of GSM modems. The similarities can be understood by calculating Pearson correlation coefficients between readings of the three pairs of modems on each of the 14 GSM channels. The inclination of the two streams of readings to increase or decrease in value concurrently is captured by the Pearson correlation coefficient. The Pearson correlation coefficient value of 1 gives a perfect correlation, the value of 0 gives no correlation and the value of -1 obtains perfect negative correlation. Results of the implementation suggest that GSM modems, m1 and m2 display correlation, so it is hard to differentiate between fluctuations of the standard modem and an attacker who is located 2 meters away. This can be argued that repeatedly covering the antenna does not impose a burden on the user, as it does not require the user to physically move the antenna around. Hence, user needs not to determine any actions for secure pairing, which is an eventual aim [4].

VI. EVIDENTLY SECURE DEVICE ASSOCIATIONS Evidently secure device associations postulate the protocols

for validating the secured spontaneous associations. The protocols work over wireless technologies by complementing existing unauthenticated key-exchange protocols. The experiment provides procedure for eradicating specialized hardware. It also evaluates the spontaneous device association as it is considered an important feature of Ubiquitous computing.

A. Implementation The scenario describes two devices (A and B) in line of

sight with one another, so that any human involved in the association can see both devices. There are two cases. Firstly, both A or B are personal devices, each in the possession of a user, Alice and Bob. Secondly, one is Alice’s personal device and the other is an infrastructure device, such as a digital picture frame [6]. Both the devices interact via a wireless network. The aim is to form a secure association between the two devices spontaneously. These devices share a secret key in order for encryption. The secured association happens when each of the two devices possesses the other’s network address. This association is considered spontaneous when it is asserted on minimal a priori values. The formation of the secured association is divided into three steps:

1) Exchange network addresses. 2) Exchange a secret key without requiring authentication. 3) Physically validate the association verifies that the physical entities that exchange keys, are for the required devices [7].

Figure 7: Maliciously (A) and accidentally (B) incorrect associations [7]

Spoofing attacks are possible in the first two steps. Man in the middle, this attack is considered to be the strongest attack, as shown in Figure 7(A), in which a spiteful entity exchanges keys with each device and thus spoofs each device in relation to the other. A member of each pair has mistakenly associated with one of the other pair in the absence of the malicious party, as shown in Figure 7(B). The separate steps of physical validation is applied, secret key exchange needs not be authenticated. Key exchange steps are verified at the validation steps, as it allows taking up an advantage of the existing protocols in steps 1 and 2. Users can concurrently trigger two devices into an ‘association’ mode by pressing a button on each device. Device 1 and device 2 wait for an association message and maintain a reciprocal relation in time to deduce the address of the other device. Diffie-Hellman protocol can be used to exchange the fresh secret keys after swapping the network address of the devices. Physically validating an association requires correlating securely the key that the devices have

exchanged with the physical devices themselves. It requires some physical phenomena associated with the devices, where the implementation has some electronic control. Hence, it is assumed that devices have at least one integral physical indicator [7].

B. Protocols for Validating Associations The association is validated physically by using two

protocols. These protocols make assumptions and also provide different types of evidence for physical validation. 1) Comparing Keys: Diffie-Hellman key exchange method is used to compare keys. Diffie-Hellman key exchange eliminates man in the middle attack and assures that those two physical devices are associated. The implementation enables comparing keys manually in the following way:

Firstly, each device applies a secure hash code H such as SHA1 or MD5 to keep the keys secret and to form H (KA, KB) respectively.

Secondly, each device renders the first few bits through its physical indicators. The following types of indication are implemented.

Figure 8: Base-64 representation and Comparing [7]

2) Textual representation: Device displays a textual encoding (e.g. base-64) of the key in this technique. Explored technique is determined by implementation of a walk-up kiosk for downloading digital content. For instance; user’s PDA is connected to a kiosk via Bluetooth in order to download a short movie. The implementation operation requires a secure spontaneous association between the personal device and the kiosk. The kiosk puts up a base-64 encoding of an MD5 hash of the key, as it has a large display while PDA exchanges a key with kiosk, as shown in Figure 8. The user compares 8 characters of the hashes to verify that the personal device and the kiosk have the same key. The kiosk is provided with six display sections for hashes as it handles verification requests from multiple concurrent clients. Each encoded hash remains on the screen for 20 seconds then disappears [10].

3) Physical Interlock: Physical interlock protocol requires a few bits of out-of-band information in order to enable communication between parties, and to display same key for two devices. Physical Interlock protocol has a shorter running time; hence it requires a clearly differentiable set of physical indications. This protocol validates an association using the

unique-key property. This protocol helps to eliminate a man in the middle attack.

C. The Harmony Protocol Harmony protocol design compares multimedia streams at the two devices for users. The protocol is basically used in wireless technologies, as it is possible for any devices with the same set of pre-configured parameters to tune to a common channel and receive all packets sent on this channel without on-the-spot negotiation for instance; IEEE 802.11b, IEEE 802.11a and IEEE 802.11g [7].

VII. SECURING COMMUNICATIONS IN THE SMART HOME Everything is getting faster and turned to be much

changeable. Smart devices nature is also dynamic and open. It is so hard to depend on a predefined security association within those environments. For example, assume that you are living in a smart home which includes smart devices like a smart TV, a smart fridge and a smart phone. If you have a visitor at your home and he wants to watch a daily news show. This means that he needs to access your TV through his smart wristwatch. You will need to let him access the TV. You may like to put some limits for his access. What to do if he likes to use the phone!? In other word, you need to know how to establish a secure association and an access control between your visitor and the smart environment as a whole; so as to prevent any an attacker who is trying to access the smart TV. Figure 9 shows this scenario. In addition to the visitor, there is a child who also needs to watch the kids show. Thus, he will gain the authority to access only the kid's channels.

Figure 9: Typical scenario in a domestic smart environment [6]

The Networks and Telecommunications Research Group at the University of Dublin, made a project called ÆTHER, to solve the problem of the previous scenario through by defining security management architecture. It targets the dynamic smart environments. There is not any device that is totally unknown to each other or any trust level. The architecture is not explained in this paper; however, it explains how it solves the mentioned problem. The owner authenticates the visitor and defines the access limits for him and weather the visitor can authenticate a new user or not, and how far the visitor sets the access limits of the new user. The owners also can estimate the validation period of the access certificates [6].

VIII. USING A TWO DIMENSIONAL COLORIZED BARCODE SOLUTION FOR AUTHENTICATION IN PERVASIVE COMPUTING

The research team of New Mexico Institute of Mining and Technology extends the research on visual code. Refer to Section 2. They used colorized barcode. Thus, they extended

the amount of data that is defined by the visual system. Figure 10 shows the parts of the visual system [8]. The steps of establishing the secure communication are shown in Figure 11.

Figure 10: UbiColor Details [8]

Figure 113: Establishing Secure Communication [9]

IX. DISCUSSION Securing Spontaneous Communications in Wireless

Pervasive Computing Environments: The disadvantages of Ubicode include some main points. The visual code system is based on using images that must be captured from a very short distance, while using low cost camera that has low resolution. Less encoded data per image resulted in better accuracy & performance. The larger images resulted in better image recognition capability than the smaller ones. Running Image processing algorithm or application is not compatible with some devices in the real world. It needs a specific level of processing capability. The research tries to solve this problem through modified protocols. The group model is centrally managed and is based on the arbiter device. It is very similar to star network topology. This may cause a lot of troubles, such as: single point of failure and immediately isolating all device, and drop in performance is capped by its throughput.

Oriented Approach to Ad Hoc Networking: Spontaneous network supports collaborative applications, configures

services, and secures network by creating of administrative framework. The research discusses a set of practical real-world scenarios that illustrate the use of spontaneous networking and tries to identify the key generating and sharing challenges involved. It explains some of the techniques that can be implemented to address them. However, spontaneous network considered by this research is limited to small-scale ad hoc networks. Hence, it does not support unique challenges that need to be faced in building toolkits and prototype application.

Hardware Security Concept for Spontaneous Network Integration of Mobile Devices: It presents a good model for a compatible hardware module for the recent mobile devices. It defines all the possible hardware features to be added to the mobile devices, in order to establish secure spontaneous communications. However, it needs to go in more details and be more specific; especially about the use of each feature, as most of recent smart phones include Wifi module and Bluetooth module.

Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment: An open research problem of the secure pairing of co-located devices using the common radio environment is accomplished. Feasibility of deriving location-based secrets is explored and it describes two approaches for how such a secret can be used to secure spontaneous communications. On the other hand, secure pairing of co-located devices algorithms are not solved and examined in depth. Middle attack chances are more due to the elimination of Diffie-Hellman key exchange protocol.

Evidently secure device associations: Secure device associations help to solve the problem of secured spontaneous device association through the separable problem of validating an association and also contributed protocols for achieving validation. The protocols complement existing unauthenticated key-exchange protocols and work over used wireless technologies. It also provides procedures for eliminating specialized hardware. On the contrary, encoding method is not conducted in detail. Wireless technologies using frequency hopping, such as Bluetooth, HomeRF and IEEE 802.11-Frequency-Hopping do not meet secure device associations criteria. Protocols require consequent user attention, as degree of human involvement leads to desirable behavior and retain the spontaneous quality as required.

Securing Communications of Smart Home is a promising approach because of the commercial echo of the world "smart home". On the other hand, the system can't know if there is a stolen device or not. In order to come over this problem, the system can assign two masters or owners. If an entity is stolen the other can know and change the security key to avoid any miscellaneous attacks.

X. CONCLUSION The secure spontaneous communication techniques are

designed to support collaborative applications like creation of management framework, which is needed to secure networks & configure services. In this paper, we present several recent methods and the extensions on securing spontaneous

communication. We explain securing approaches for wireless pervasive computing environments. We illustrate the required hardware security concepts. We clarify the challenges facing securing wireless devices in common radio environments. More approaches on securing device associations and ad hoc networks are also described. We expect a new evolution in using the mentioned techniques in many applications and for unlimited fields of human activities.

REFERENCES [1] Qiang Yan, Yingjiu Li, Tieyan Li, Robert Deng , “Insights into Malware

Detection and Prevention on Mobile Phones,” Security Technology, Springer Berlin, Heidelberg, vol. 58, ch. 30, pp. 242–249, 2009

[2] IMS Research, “Global Smartphones Sales Will Top 420 Million Devices in 2011, Taking 28 percent of the entire global handset market, according to IMS Research,” [online] Available: http://imsresearch.com/press-release/Global_Smartphones_Sales_Will_Top_420_Million_Devices_in_2011_Taking_28_Percent_of_all_Handsets_According_to_IMS_Research July, 2011.

[3] D. Shin. "Securing Spontaneous Communications in Wireless Pervasive Computing Environments," in Proceedings of IEEE Workshop on Security and Privacy Multimedia Environments (MultiSec 05 - in conjunction with IEEE ISM 05), Irvine, CA, December 2005.

[4] Laura Marie Feeney,Bengt Ahlgren,Assar, “Spontaneous Networking: An Application Oriented Approach to Ad Hoc Networking”, IEEE Communications Magazine, 2001.

[5] Alex Varshavsky, Anthony LaMarca, Eyal de Lara, ”Enabling Secure and Spontaneous Communication between Mobile Devices using Common Radio Environment”, HOTMOBILE '07 Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications pp. 9-13, 2007.

[6] Patroklos G. Argyroudis and Donal O’Mahony Securing Communications in the Smart Home, 2004

[7] Tim Kindberg, Kan Zhang, Seung Hyun Im, “Evidently secure device associations”, Consumer Applications and Systems Laboratory, HP Laboratories Bristol

[8] William Claycomb and Dongwan Shin. "Using A Two Dimensional Colorized Barcode Solution for Authentication in Pervasive Computing," In Proceedings of the IEEE International Conference of Pervasive Services (ICPS 06), Lyon, France, June 26-29, 2006

[9] William Claycomb and Dongwan Shin. “Secure Real World Interaction using Mobile Devices”, In Proceedings of Pervasive Mobile Interaction Devices (Permid 06 - in conjunction with Pervasive 06), LNCS, Dublin, Ireland, May 7, 2006.

[10] La Polla, M., Martinelli, F.; Sgandurra, D., ” A Survey on Security for Mobile Devices”, IEEE Communications Surveys & Tutorials, Volume: 15, Issue: 1, pp. 446 – 471, First Quarter 2013.

[11] D. Shin and S. Im, “Visual device identification for security services in ad-hoc wireless networks,” In Proceedings of 20th International Symposium on Computer and Information Sciences (ISCIS’05), Istanbul, Turkey, October 2005.

[12] Igor Sedov, Marc Haase, Clemens Cap, Dirk Timmermann. "Hardware Security Concept for Spontaneous Network Integration of Mobile Devices", In Proceedings of the International Workshop Innovative Internet Computing Systems. Ilmenau. Shyong, 2001.

[13] Dave Suvak “IrDa and Bluetooth: A Complementary Comparison”, Available: http://www.palowireless.com/infotooth/download.asp, 2000.

[14] Bluetooth Consortium. Specification of the Bluetooth System Version 1.0B - Core. Available: http://www.bluetooth.com, Online, 2000.

[15] Smart Metering Meets the Smart Home, [Online], Available: http://www.ti.com/corp/docs/landing/smartmetering/index.html?DCMP=Metering&HQS=Other+OT+metering, accessed March 2009