Transaction Privacy in Wireless Networks

Similar documents
IP Mobility vs. Session Mobility

11:1 Anonymous Internet Access Method for Wireless Systems

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Virtual private networks

Service Managed Gateway TM. Configuring IPSec VPN

Experimenting with early opportunistic key agreement

CPSC 467: Cryptography and Computer Security

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. 5 March,

Network Working Group Request for Comments: 1984 Category: Informational August 1996

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

(2½ hours) Total Marks: 75

Anonymity. Assumption: If we know IP address, we know identity

ANET: An Anonymous Networking Protocol

0x1A Great Papers in Computer Security

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

Bluetooth. Quote of the Day. "I don't have to be careful, I've got a gun. -Homer Simpson. Stephen Carter March 19, 2002

Chapter 13 Location Privacy

ARM Security Solutions and Numonyx Authenticated Flash

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

A Review Paper on Network Security Attacks and Defences

THE TRANSPORT LAYER UNIT IV

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

MIX Network for Location Privacy First Draft

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Network Security Issues and Cryptography

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Cryptography and Network Security

Lecture 1 Applied Cryptography (Part 1)

Protocols for Anonymous Communication

Military grade wireless ad hoc networks

Robust EC-PAKA Protocol for Wireless Mobile Networks

SECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS

VPN Overview. VPN Types

Secure Multiparty Computation

Strongly Anonymous Communications in Mobile Ad Hoc Networks

Firewalls, Tunnels, and Network Intrusion Detection

Sample excerpt. Virtual Private Networks. Contents

On the Diculty of Software Key Escrow. Abstract. At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt

Secure VPNs for Enterprise Networks

Public-key Cryptography: Theory and Practice

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

ATOMIC COMMITMENT Or: How to Implement Distributed Transactions in Sharded Databases

Introduction to Computer Security

HA b. HA a. FW b. FW a. MN b GW 22 GW 12

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Networking Basics. Crystal Printer Network Installation Guidelines

Mobile IP and IPSec in Enterprise use

Subject: Adhoc Networks

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Virtual Private Networks

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

Using Commutative Encryption to Share a Secret

Wireless Network Security Spring 2013

Trust4All: a Trustworthy Middleware Platform for Component Software

Internet security and privacy

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Working Group. Category: Standards Track September The SRP Authentication and Key Exchange System

Distributed Systems. Characteristics of Distributed Systems. Lecture Notes 1 Basic Concepts. Operating Systems. Anand Tripathi

Distributed Systems. Characteristics of Distributed Systems. Characteristics of Distributed Systems. Goals in Distributed System Designs

How to Break and Repair Leighton and Micali s Key Agreement Protocol

System Models. 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models. Nicola Dragoni Embedded Systems Engineering DTU Informatics

TRANSEC BASIC VT idirect, Inc.

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Security. Communication security. System Security

Reliable Broadcast Message Authentication in Wireless Sensor Networks

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Network Security and Cryptography. 2 September Marking Scheme

High Availability Options

CIS 4360 Secure Computer Systems Applied Cryptography

KALASALINGAM UNIVERSITY

Problems in Reputation based Methods in P2P Networks

Computers and Security

ENEE 459-C Computer Security. Security protocols

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

CSCE 715: Network Systems Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Abstract. 1. Introduction

New Approach towards Covert Communication using TCP-SQN Reference Model

Network Encryption 3 4/20/17

Design of Secure End-to-End Protocols for Mobile Systems

Defining Anonymity in Networked Communication, version 1

Introduction and Statement of the Problem

CH : 15 LOCAL AREA NETWORK OVERVIEW

Firepower Threat Defense Site-to-site VPNs

Anonymous communications: Crowds and Tor

ENEE 459-C Computer Security. Security protocols (continued)

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Man in the Middle Attacks and Secured Communications

Conventional Protection Mechanisms in File Systems

CSCE 813 Internet Security Symmetric Cryptography

Nigori: Storing Secrets in the Cloud. Ben Laurie

EEC-682/782 Computer Networks I

Transcription:

Transaction Privacy in Wireless Networks Catharina Candolin Telecommunications and Software Engineering Institute Helsinki University of Technology Catharina.Candolin@hut.fi Abstract An electronic transaction involves the exchange or transfer of information, services, or funds between two or more parties by digital means. We consider privacy protection of such transactions in wireless untrusted networks and propose a solution for integrating existing schemes of data, source and destination, location, and time privacy. The solution is based on strong encryption, the Non-Disclosure Method, and threshold cryptography and meets the requirements of transaction atomicity, consistency, and robustness. Keywords: Electronic transaction, wireless network, ad hoc network, Non-Disclosure Method, threshold cryptography 1 Introduction An electronic transaction involves the exchange or transfer of information, services, or funds between two or more parties by digital means. Such transactions often require that the contents of the transaction remain secret and intact, and that the parties involved in the transaction cannot deny having participated. Electronic transactions are normally performed over untrusted, possibly wireless, networks, but whereas nodes operating in fixed networks can make certain assumptions regarding the security of the network, wireless nodes cannot. For example, wireless nodes tend to be mobile, and are thus no longer protected by their own network boundary, such as a firewall, when roaming in foreign networks. Such nodes are likely to change their location on frequent basis and the transactions they are making are easier to observe. Also, the wireless medium is extremely vulnerable to attacks, and the nodes are thus likely to become subject to surveillance, where their location and transactions are tracked and disclosed. Privacy protection traditionally includes keeping personal information or unique identifiers secret from unauthorized parties in order to prevent tracking of users or collection of personal information. A unique identifier is, for example, a network address of a node, or a public key. We focus on protecting the privacy of the electronic transactions rather than on the privacy of the nodes themselves since the transactions are likely to reveal more valuable information to an adversary than the mere existence of the node. Information involved in an electronic transaction consists of the contents of the transaction, the parties involved, the location of the parties, and the exact time of the occurrence of the transaction. 1

The main objective of this paper is to discuss the concept of transaction privacy in untrusted wireless networks and to propose a solution for integrating existing data, source and destination, location, and time privacy solutions. 2 Background 2.1 Wireless networking Several technologies and protocols for wireless networking have been developed in order to meet the growing interest in mobile communications. The various area of application for such networks include, among other things, personal communication systems consisting of wearable devices, wireless e-home solutions, where any home appliances can easily be connected to a network, and wireless local area networks. For example, the IEEE 802.11 WLAN standard offers a solution that is applicable for most wireless networking purposes, such as local area networking and ad hoc networking. Another wireless technology is Bluetooth, which has been developed for the purpose of replacing cables. Whichever the specific area of application the wireless technology is aimed at, they all consist of nodes that are communicating with each other and making electronic transactions of various kinds. An ad hoc network is a collection of nodes that do not need to rely on a predefined infrastructure to keep the network connected. The nodes may be mobile, thus implying a wireless communications medium, and they may form, enter and leave networks in an ad hoc fashion as they move along. The main characteristics of such networks are the lack of predefined trust relationships, the unreliable nature of the network due to node movements and link quality, the lack of centralized or global authorities or entities, and weak physical security of the nodes. Public mobile telecommunication systems, such as GSM, are out of scope of this paper. Privacy protection in such networks is discussed in and [12] and [8]. 2.2 Privacy in electronic transactions Transactions are traditionally considered to be monetary transactions. We expand this view and consider any exchange or transfer of funds, information, or services to be electronic transactions. In [2], the concept of transaction privacy is defined as a service for preventing unauthorized disclosure of the contents of the transaction, the parties involved in the transaction, the location of the parties involved in the transaction, and the exact time of occurrence of the transaction. Transaction privacy thus includes the following: 1. Data privacy: the contents of the transaction should be protected from disclosure to an unauthorized party. 2. Source and destination privacy: the parties involved in the transaction should not be revealed to an unauthorized party. 2

3. Location privacy: the location of the parties making the transaction, be it the physical (geographical) or logical (with respect to the network), should not be disclosed to an unauthorized party. 4. Time privacy: the exact time when a transaction occurs should not be disclosed to an unauthorized party. 2.2.1 Data privacy Although the character of a transaction may be easily guessable, for example, a transaction between a node and a bank is likely to involve a transfer of funds, the exact details of the transaction must still be kept secret. For example, an adversary may be able to deduce that a transfer of funds is taking place, but not the exact amount of money transferred. 2.2.2 Source, destination, and location privacy Source and destination information present a wide area of potential misuse. In military networks, the source and destination of a communication flow may reveal details of certain nodes, which in turn may give an enemy information about the structure of the network. For example, some nodes may be more important than others, and they are likely to participate in a larger number of communications than less important nodes. The same problems arise also in public networks, where an unusually high traffic load between two companies may reveal that the two parties are somehow involved, or that a mobile user is frequently contacting certain types of services. Location information may be used to track user movements or deduce information about the structure of the network. For example, if a node is roaming in a foreign network, then anyone communicating with that node may be able to determine where the node is located at each time. This information may be collected in order to determine movement patterns. The main concern in ad hoc networks is usually not the location of one node, but rather the location of several nodes, since this information can be used to determine the structure of the network. Protecting the location information from disclosure is especially important in military networks. 2.2.3 Time privacy Time privacy [2] of an electronic transaction is a service for preventing unauthorized disclosure of the exact time of occurence of the transaction. The main objective of protecting the time of occurence of a transaction is not to completely hide the existence of the transaction, but rather to make it difficult or impossible for an adversary to determine when exactly the transaction has occurred. This might be important in time-critical systems where an adversary wishes to perform an attack only after having received knowledge of the completion of a given transaction. Information about the exact occurence of a transaction should be protected in order to prevent attacks that are triggered to the completion of a given transaction. For example, a 3

thief may be observing that a person is making monetary transactions in exchange of some valuable jewellery. The thief may furthermore be able to guess which person out of many is the one that performed the transaction. For example, if a transaction is made in a store with 10 people, and one of them comes out two minutes after the completion of the transaction, then it is quite likely that the person coming out is the one that just made the transaction and is now carrying an expensive piece of jewellery in his pocket. In order to protect the person from being attacked by the thief, a method for hiding the exact occurence of the transaction is required. 3 Criteria The electronic transaction must be properly executed, that is, the so called ACID properties must be fulfilled. These properties include atomicity, consistency, isolation, and durability. The transaction is also required to be robust. The transaction atomicity property means that either all of the transaction is executed or none of it. Consistency requires that all parties involved in the transactions agree on the conditions set. These requirements are important if, for example, the node to which the transaction is made suddenly becomes compromised, or if there is a conflict between the parties involved. Nodes in ad hoc networks are especially vulnerable to such problems due to low physical security. The node that initiated the transaction should be able to put the transaction on hold or interrupt it if necessary; the other party should have no means of completing the transaction on its own. Isolation of transactions basically implies that separate transactions should not interfere with each other. For example, two nodes may simultaneously try to execute the same transaction where both are trying to buy the same seat on a flight, but only one of them is allowed to succeed. The node to which the transaction is made must have some means of coping with such situations. Durability of a transaction implies that the effect of a completed transaction should not be lost if the system fails, even if the failure occurs immediately after the completion of the transaction. This is especially important in ad hoc networks, where the quality of the wireless link is bad and the nodes may be limited in battery power. The wireless medium is extremely vulnerable to disturbances, which may cause information to be delayed or destroyed. However, the completion of a transaction may be crucial for the network. The solution where traffic is assigned priorities is not feasible in most cases, since the disturbance may be caused by an attacker or the network may be an ad hoc network that lacks entities or rules for prioritizing traffic. The parties involved in the transaction cannot make any assumptions regarding the operation of the network. Therefore, the transaction must be robust in the sense that it should be able to complete also when the transmission medium is unreliable, that is, when a large amount of messages are likely to be dropped, and when an adversary is trying to interfere with the transaction. 4

4 Previous work 4.1 Data privacy The classical approach to protecting the data from disclosure is by encryption. Depending on the security requirements of the transaction, different encryption schemes may be applied. When the transaction is performed over a network, encryption can be enforced on the link layer, the network layer, or the application layer. Many transactions require end-to-end security to be enforced, which often means that encryption at the link or network layer is not always sufficient. However, as pointed out in [1], encryption at multiple protocol layers is not necessarily considered harmful Link layer encryption in wireless networks is mostly used to substitute the physical security provided by the wires in a fixed network, but is seldom adequate for most transactions. Network layer security may be enforced by, for example, IPSec [11], which defines a security architecture for IP based networking. Two traffic security protocols are defined; the Authentication Header (AH) [9] and the Encapsulating Security Payload (ESP) [10]. The ESP protocol provides data privacy of the contents of the IP packet. IPSec enables end-to-end encryption between two hosts, but many transactions still require end-to-end encryption at the application layer. 4.2 Source, destination, and location privacy A method that allows anonymous sending of messages through a so called mix node is presented in [3]. A sender Ë first encrypts the message Å using the public key of the receiver Ê. Then Ë encrypts the message and the address of the recipient with the public key of the mix node. The message is now sent to the mix node, which decrypts the received message and forwards it to Ê. A cascade of mix nodes is proposed in order to ensure untraceable traffic flow. In [6], the Non-Disclosure Method (NDM) for protecting source and destination privacy as well as the location privacy is introduced. The solution relies on independent security agents distributed over the network, where each agent possesses a public and private key pair. When a sender Ë wishes to transmit a message to receiver Ê it first selects Ò security agents Ë ½ Ë Ò through which the message shall be forwarded. Each security agent will only know the addresses of the previous and the next security agent in the chain. The message Å is then encapsulated using the public keys of the security agents in the following way: Å ¼ à ½ Ë ¾ à ¾ Ë ÃÒ Ê Åµ µµ. Message Å ¼ is sent to Ë ½, which decrypts it using its private key, thus finding the next hop address Ë ¾ and the message content à ¾ Ë ÃÒ Ê Åµ µµ. The message is now forwarded to Ë ¾, and so on. Ë Ò finally receives ÃÒ Ê Åµ, which it deciphers using its private key before forwarding the original message Å to Ê. The NDM method is further discussed in [7]. 5

4.3 Time privacy Information regarding the completion of a transaction should be protected from disclosure. A convenient solution is to distribute the transaction over time in such a way that an unauthorized party is unable to determine anything about the state of the transaction merely by eavesdropping on the stream of encrypted bytes that is transferred between the parties involved in the transaction. In fact, the unauthorized party may only deduce that the other parties are involved in a negotiation and that the occurence of transactions is probable. In [2], a method based on threshold cryptography for distributing a transaction over time is introduced. A Ø Òµ threshold scheme, where Ø Ò, is a method by which a secret Ë is not revealed unless any Ø out of Ò shares are pooled [4, 5]. However, pooling Ø ½ shares does not reveal any information about Ë. Instead of distributing the shares to different participants as is done when the scheme is used for traditional secret sharing, the shares remain with the node wishing to make the transaction. In order to apply the ideas of threshold cryptography to distribute the transaction over time, it is assumed that node wishes to perform a transaction with node. First, and agree on a threshold value Ø, and then computes Ò shares. This agreement designates the beginning of the transaction. proceeds by sending the shares one by one to. The time limit between the shares need not be fixed, and is determined by. All shares will be sent in order to prevent an adversary from deducing that a transaction has completed by the fact that no more information is sent between and. The transaction, however, is considered completed once has received Ø shares and is able to successfully determine Ë. The threshold scheme must be perfect in order to maintain transaction atomicity and consistency, that is, given any knowledge of any Ø ½ shares, no information about Ë is disclosed. This allows to interrupt the transaction if necessary, for example, if detects that has become compromised. Also, the threshold scheme must be robust, that is, if an adversary tries to interfere with the transaction by sending garbage shares, then will be able to verify that the result is wrong and ignore the wrong shares. The main concern in a wireless network and especially in an ad hoc network is not that the other parties involved are untrusted to begin with, but rather that they are compromised during the cause of the transaction. Therefore a solution where the and exchange bits little by little in such a way that brute force attacks become easier as bits are exchanged is not feasible, since, if compromised, should have no means of completing the transaction without having all the required bits. 5 An integrated solution for wireless networks In order to enforce data privacy, the contents of the transaction should be encrypted. The solution should be based on strong encryption schemes with proper key lengths. However, the choice of such schemes is out of scope of this paper. Source, destination, and location privacy can be enforced using a set of security agents, which are distributed among the network. In an ad hoc network, all nodes should have the 6

possibility to function as security agents.. However, the solution introduced in [6] should be modified in such a way that different security agents should be chosen for each packet. This would be the normal case in a mobile ad hoc network, since the sender cannot rely on the same security agents being able to efficiently route the whole transaction anyway. Another modification is that the message Å that is sent by sender Ë to receiver Ê should be encrypted in order to not be disclosed to the last security agent. To enforce time privacy, the message Å can be encrypted with a key that is unknown to the receiver. The sender will then proceed with sending the different shares of the decryption key to the receiver in such a way that the receiver will be able to recover Å once a minimum amount of shares has arrived. For example, if wishes to perform a transaction to, it first encrypts the message Å with a key that is secret to and unique for the transaction to be performed. The encrypted message Å ¼ is also encrypted using the public key of and is further denoted as Å ¼¼. then selects a set of security agents, through which it sends Å ¼¼ to. In order to complete the transaction, divides the decryption key into Ò shares, and starts sending them to, each via a different set of security agents. starts by decrypting the message Å ¼¼ using its private key, and then awaits for the shares of the decryption key of Å ¼ to arrive. Once has received at least Ø shares, it is able to recover the original message Å, and the transaction is complete. 6 Analysis The criteria set for the solution were transaction atomicity, consistency, isolation, and durability as well as transaction robustness. The requirement for transaction atomicity and consistency is met in our solution due to the characteristics of the threshold scheme. A perfect threshold scheme requires that Ø ½ shares do not reveal any knowledge of the secret Ë in a scheme where Ø shares are needed. Thus, a compromised node would not be able to complete the transaction or fulfill the transaction partially by taking advantage of the shares it has received. On the other hand, if an adversary is able to collect the transmitted shares and manages to compromise, then nothing prevents the adversary from completing an interrupted transaction if it has a sufficient number of shares. Transaction isolation is only partially addressed by our solution. If two nodes simultaneously initiate a transaction, it is quite unlikely that both send their shares using the same time interval. On the other hand, the problem is only shifted to the time of completion of the transaction instead of the time of initiating the transaction. The node that gets its shares through first is obviously the one that is served first. In case of the nodes fighting over the same airline ticket, this node is the one that gets a successful transaction; the transaction of the other node is practically undefined until all its shares have arrived, and once the last share arrives, the seat has already been booked. If the last shares of both nodes arrive exactly at the same time, then it is up to the node to which the transaction is performed to decide how to handle the situation. The requirement for transaction robustness is also met. For the transaction to complete, Ø 7

shares out of Ò are required. Any Ø shares will do; hence, some shares may be dropped in the network without affecting the transaction as such. Furthermore, is able to compute more shares if necessary. Since the threshold scheme is required to be robust, the transaction will not be affected by an adversary trying to interfere by sending garbage shares. The main problem with our solution seems to be inefficiency, since encryption is enforced several times. For example, node has to encrypt the message Å twice to enforce data and time privacy, and Ò times, where Ò is the number of security agents, to enforce source, destination, and location privacy. The solution therefore seems to be quite heavy to be used in practice, especially in ad hoc networks where the nodes are limited in CPU, memory, and battery power. Also, the criteria for transaction durability has not been addressed. The problem is left to network fault management. 7 Conclusion In this paper we have discussed the concept of transaction privacy and proposed a solution for integrating data privacy, source and destination privacy, location privacy, and time privacy. Our solution is based on strong encryption schemes to protect the contents of the transaction from disclosure, the NDM method for protecting the source, destination, and location of the parties involved in the transaction, and threshold cryptography to protect the exact time of occurence of the transaction. In order to meet the requirements set by wireless networks, we have focused on issues such as fault tolerance in order to ensure that the transactions are able to complete successfully unless explicitly interrupted by a party involved in the transaction. Our solution still have several problems, of which the two most apparent are inefficiency and routing complexity in ad hoc networks. Due to the vast number of encryptions caused mainly by the NDM method, the whole solution might end up being too inefficient to be used in practice. Also, choosing security agents in ad hoc networks may be difficult if the nodes are mobile. First of all, the message may have to be routed via nodes that are not in the set of chosen security agents. This might become a vulnerability, since an adversary could track the message as it is passed between normal nodes. Second, if one security agent is compromised or dies, then the message cannot get through. The threshold scheme provides a partial solution because it enables the transaction to complete even though all shares are not received by the target node. However, this requires that a different set of security agents are chosen for each share to be sent, which in turn adds to complexity and performance. Acknowledgements We thank Professor Hannu H. Kari for several discussions on privacy protection of electronic transactions and Professor Arto Karila for commenting some of the ideas. 8

References [1] A. Aziz and W. Diffie. Privacy and Authentication for Wireless Local Area Networks. In IEEE Personal Communications, First Quarter, 1994. [2] C. Candolin and H. Kari. Time Privacy of Electronic Transactions. submitted, 2000. [3] D. Chaum. Untraceable Electronic Mail. Communications of the ACM, 24(2):84 88, 1981. [4] Y. Desmedt. Threshold Cryptography. In European Transactions on Telecommunications, 1994. [5] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In Advances in Cryptology Crypto 89 (Lecture Notes in Computer Science 435), 1989. [6] A. Fasbender, D. Kesdogan, and O. Kubitz. Analysis of Security and Privacy in Mobile IP. In 4th International Conference on Telecommunication Systems, Modeling and Analysis, 1996. [7] A. Fasbender, D. Kesdogan, and O. Kubitz. Variable and Scalable Security: Protection of Location Information in Mobile IP. In IEEE VTS, 46th Vehicular Technology Conference, 1996. [8] H. Federrath, A. Jerichow, D. Kesdogan, and Pfitzmann A. Security in Public Mobile Communication Networks. In Proceedings of the IFIP TC 6 International Workshop on Personal Wireless Communications, 1995. [9] S. Kent and R. Atkinson. IP Authentication Header. RFC 2402, November 1998. [10] S. Kent and R. Atkinson. IP Encapsulating Security Protocol (ESP). RFC 2406, November 1998. [11] S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401, November 1998. [12] U. G. Wilhelm and X. Defago. Objets protégés cryptographiquement. In Actes Ren- Par 9, Lausanne, CH, May 1997. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback