1

CHAPTER 1

INTRODUCTION
1.1 GENERAL

An ad-hoc network is a local area network or other small network,

especially one with wireless or temporary plug-in connections, in which some of the
network devices are part of the network only for the duration of a communications
session or, in the case of mobile or portable devices, while in some close proximity to
the rest of the network.
Ad Hoc network, by its nature, provides mutual connectivity between
cooperating peer nodes. Nodes which cannot directly communicate are assisted by
other nodes between which connectivity exists, and which can connect to the end
nodes which intend to communicate. Therefore, every node in an Ad Hoc network
must have the capability to perform itself as a router and possess forwarding
capability. These characteristics are particularly attractive to the military user due to
the inherent unpredictability of the tactical environment. This technology has its roots
in defense, personal area networking, civilian environments and emergency
operations.
Many examples of such scenarios come to mind. A fleet of fishing vessels
searching for schools of fish on the high seas, a seismic survey team in a remote area,
a disaster relief operation, or aid operation, trying to function in an area which has
been stripped by a natural disaster of its communications infrastructure. Scientists on
their field or indeed even a class of school-children on an outing into a national park,
all carrying laptops or electronic gadgets. Cars and trucks on country highways or
freeways, with onboard Internet connectivity needs message dissemination.
All these application areas adopts infrastructure less environment which
facilitates highly possible network attacks. Identifying such a security breach had
happened in network would be a Herculean task. In order to address this issue pro
active mechanism are implemented. This project identifies trusted parties to involve in
message communication and provides privacy of the message being sent to
destination using cryptographic mechanisms.
 2

1.2 TERMINOLOGY USED

• Authentication
Authentication is managed through certificates signed by a trusted third
party or designated certificate authority. An exchange of certificates is required
when a node sends a request message for another node for the first time. An
authentication mechanism proves the nodes identity in a given instance of time.
• Key Management
The main concept of key pairs (private-public key) and neighborhood key
(1-hop neighbor key) dynamically generated using RSA technique. Using this
algorithm, encryption and decryption process done.
• Joining and Leaving Groups
Efficiently distributing data in such applications requires members to
join network groups for communication. Supporting large nodes of the group
requires an efficient way to exchange information between group members. In
order to construct and maintain the network group, and distribute application
data to the group members. As you notice adhoc network is a type of transient
network where nodes often join and leave network .It is essential to monitor the
nodes join or leave during session communication.
• Message Keys
In a scheme such as the neighborhood key method, where secrets are
exchanged only between neighbors of the communication network, encrypted
message payloads cannot be deciphered by non-neighbors. This creates a
problem when a message is forwarded. To reduce the overhead incurred for each
new message it generates a new symmetric key for this message, called a
message key, and encrypts or signs the payload of the message with the message
key.
• Backward secrecy and Forward secrecy
o Backward secrecy -A new member should not be able to access data
transmitted before the member joined
o Forward secrecy - A member cannot access data that is transmitted after the
member left
 3

CHAPTER 2

SYSTEM STUDY & ANALYSIS

2.1 USER CHARACTERSTICS

An ad-hoc network is a local area network or other small network, especially

one with wireless or temporary plug-in connections, in which some of the network
devices are part of the network only for the duration of a communications session or,
in the case of mobile or portable devices, while in some close proximity to the rest of
the network. These adhoc nodes get to be established for a short period of time where
message forwarding and routing can happen. To provide application level security for
the messages sent via networks
Project aims to propose a novel method having separate interfaces to the
substrate network for application messages and protocol messages reflects a
separation of the control plane and the data plane in the design of the overlay socket.
Messages of the security protocol, e.g., for authentication and key exchange, thus
ensuring the transmission to be safely carried as per devised algorithm.

2.2 EXISTING SYSTEM

Legacy models mostly had used distance measured in hops without

considering security Existing system utilizes a well known routing AODV protocol
but unsecured one. As this routing protocol undergoes some familiar routing based
attacks and it’s essential to add up some sort of security measures. Restriction on
power consumption and computation capability prevents the usage of complex
encryption algorithms. For maintaining crypto keys re-keying operations at each node
becomes tedious. The security schemes in existing adopts widely established security
mechanisms Such as public private keys, signed certificates, and Per-message keys,
and are subject to less strengths and more weaknesses of these schemes .
 4

2.3 PROPOSED SYSTEM

The main goal of this project is to preserve session secrecies i.e., Backward &
forward secrecies. Proposed system adopts a novel key management and encryption
method, to preserve session secrecies (i.e., Forward and Backward secrecy). Privacy
and secrecy of data being transferred among nodes maintained by cryptographic
mechanisms.

2.3.1 Objectives of Proposed System

A novel secured aware routing scheme is followed instead of AODV for

routing. Proposed solution implements Neighborhood keying method rather
implementing complexity of algorithms. Using the proposed method effective
utilization of power and computation capability of adhoc nodes can be achieved.
Efficiently distributing data in such applications requires members to join network
groups for communication. When network members share their neighborhood keys
with their neighbors in the network, only the message key must be decrypted and re-
encrypted at each hop, without modifying the encrypted message payload thus
minimizing global re-keying operations.

2.3.2 Capabilities of Proposed System

Faster service
A user should be able to perform network operation quick and can obtain
transaction details with in time. Each component of simulator designed with swing
pluggable and play type provides good feel and look for windows platform.

User Track of Interface

Every process is through menu selection. Necessary menu item itself indicates
the simulator environment easy to understand for novice users and help are included
to guide the user in proper way.

Low Latency
All key generation and network operations done with limited battery backup
with less experience of latency.
 5

2.4 LITERATURE SURVEY

2.4.1 PROBLEMS IN MAINTAINING SECRECY

Consider a group of people getting together for an Adhoc meeting in a room

and trying to establish a wireless network through their laptops. They trust one
another personally; however don't have any a priori shared secret (password) to
authenticate one another. They don't want anybody outside the room to get a wind of
their conversation indoors. This particular scenario is vulnerable to any attacker who
not only can monitor the communication but can also modify the messages and can
also insert messages and make them appear to have come from somebody inside the
room.

This is a classic example of Adhoc network and the most simple way to tackle this
example would be through location based key agreement - to map locations to name
ladles and then use identity based mechanisms for key agreement. e.g.: participants
writing the configuration file such as node orientation, IP addresses on a piece of
paper and passing it around. Then a certificate based key agreement mechanism can
be used. These public key certificates can allow participants to verify the binding
between the configuration file (contains such as node orientation, IP address) and
keys of other participants.

2.5 PROBLEMS ASSOCIATED WITH AD-HOC ROUTING

2.5.1 Infrastructure

An Ad-hoc network is an infrastructure less network. Unlike traditional networks

there is no pre-deployed infrastructure such as centrally administered routers or strict
policy for supporting end-to-end routing. The nodes themselves are responsible for
routing packets. Each node relies on the other nodes to route packets for them.
Mobile nodes in direct radio range of one another can communicate directly, but
nodes that are too far apart to communicate directly must depend on the intermediate
nodes to route messages for them.
 6

Direct Radio Reach

Trusted
Router

Fig 2.5.1 a - Routing in Ad-hoc

Fig 2.5.1 b- Routing in traditional
Networks networks using router.

2.5.2 Frequent changes in network topology

Ad-hoc networks contain nodes that may frequently change their locations. Hence
the topology in these networks is highly dynamic. This results in frequently changing
neighbors on whom a node relies for routing. As a result traditional routing protocols
can no longer be used in such an environment. This mandates new routing protocols
that can handle the dynamic topology by facilitating fresh route discoveries.

2.5.3 Problems associated with wireless communication

As the communication is through wireless medium, it is possible for any intruder

to tap the communication easily. Wireless channels offer poor protection and routing
related control messages can be tampered. The wireless medium is susceptible to
signal interference, jamming, eavesdropping and distortion. An intruder can easily
eavesdrop to know sensitive routing information or jam the signals to prevent
propagation of routing information or worse interrupt messages and distort them to
manipulate routes. Routing protocols should be well adopted to handle such problems.
 7

2.5.4 Some Legacy Routing Protocols and existing problems

Perlman, in her thesis, proposed a link state routing protocol that achieves
Byzantine Robustness. Although her protocol is highly robust, it requires a very high
overhead associated with public key encryption. Secure BGP attempts to secure the
Border Gateway Protocol by using PKI (Public Key Infrastructure) and IPsecurity. In
their paper on securing ad hoc networks, Zhou and Haas primarily discuss key
management. They devote a section to secure routing, but essentially conclude that
“nodes can protect routing information in the same way they protect data”. They also
observe that denial-of-service attacks against routing will be treated as damage and
routed around. Security issues with routing in general have been addressed by several
and, lately, some work has been done to secure ad hoc networks by using misbehavior
detection schemes. This approach has two main problems: first, it is quite likely that it
will be not feasible to detect several kinds of misbehaving (especially because it is
very hard to distinguish misbehaving from transmission failures and other kind of
failures); and second, it has no real means to guarantee the integrity and
authentication of the routing messages.

2.6 SALVATION TO PROBLEMS IN AD-HOC-ROUTING BY USING (SAR)

It makes use of trust levels (security attributes assigned to nodes) to make

informed, secure routing decision. Current routing protocols discover the shortest path
between two nodes. But SAR can discover a path with respect to desired security
attributes (E.g. a path through nodes with a particular trust value).

A node initiating route discovery sets the sought security level for the route i.e. the
required minimal trust level for nodes participating in the query or reply propagation.
Nodes at each trust level can be randomly assigned a trust value based on initial
authentication made. Only the nodes with the highest trust value can read and process
the header and forward the packet. So if a packet has reached the destination, it must
guarantee that it has been propagated by nodes negotiating to provide same trust or
highest level.
 8

2.7 OBJECTIVE

The facility to easily extend one-to-one conversations which involves multiple

user of network to allow participants easily to join and leave groups, facilitating
spontaneous collaboration. Main goal of this project is to preserve (session secrecies
i.e., Backward & forward secrecies) using Neighbourhood key algorithm. Providing
privacy of data and also it must pass through secure route among neighboring nodes
using a security level maintained by routing protocol.

2.8 SYSTEM OVERVIEW

Main components of proposed system utilizes the following contents to provide

application level security for the messages sent via networks

Entry of nodes Leaving Nodes

Group management

Adhoc nodes

Channel communication
Security and measures

Fig 2.8.1 System Overview Context Level DFD

 9

The above diagram depicts an efficiently distributing data in such applications

requires members to join and leave groups while their communication happens.
Developing such a membership allows the sending hosts to deliver data efficiently to
a set of receivers with in the group. Supporting large groups requires an efficient way
to exchange control information between group members in order to construct and
maintain the communication group, and distribute application data to existing group
members.
Thus this project aims to propose a novel method having separate interfaces to
the substrate network for application messages and protocol messages reflects a
separation of the control plane and the data plane in the design. Messages used for the
security protocol, e.g., for authentication and key exchange, ensure transmission to be
carried as safely as possible.
 10

CHAPTER 3

SYSTEM REQUIREMENTS

3.1 Hardware Specification

To develop this project the following hardware specification are required.

Processor INTEL Pentium IV

CPU Speed 2.66GHz

Hard Disk 80GB

Monitor HP LCD Color monitor

Keyboard Standard key board

RAM 1GB

Mouse Optical mouse

3.2 Software Specification

To implement this project the following software specification are essential.

Operating System Microsoft Windows XP Professional

IDE Jcreator pro version

Front End Java ,Swing components

Back End MS-ACCESS

3.3 About the software

3.3.1 Windows XP Professional
Windows XP Professional integrates the strengths of Windows 2000, such
as standards-based security, manageability, and reliability, with the best features of
Windows 98 and Windows Millennium Edition.
The Microsoft® Windows® XP Professional operating system includes a
 11

variety of technologies that communicate with the Internet to provide increased ease
of use and functionality. Browser and e-mail technologies are obvious examples, but
there are also technologies such as Automatic Updates that help users obtain the latest
software and product information, including bug fixes and security patches. These
technologies provide many benefits, but they also involve communication with
Internet sites, which administrators might want to control.

3.3.2 JAVA
One of the most compelling reasons to move to java is its platform
independence. Java runs on most major hardware and software platforms, including
windows XP, 98, 95, and NT Macintosh and several varieties of UNIX. Java is a
general USA in 1991. Originally called oak by James Gosling, one of the inventors of
the language. The java development team which included Patrick Naught on
discovered that the existing language like C and C++ had limitations in terms of both
reliability and portability. However, they modeled their new language java on C and
C++ but removed a number of features of C and C++ that were considered as sources
of problems and thus made java a really simple, reliable, portable and powerful
language.
Specifically, this overview will include a bit include a bit of the history of java
platform, touch of the java programming language, and the ways in which people are
using java applications and swings, now and in the likely future. After going a while
down the path of consumer – electronics devices, they realized that they had
something particularly cool in the java language and focused on it as a language for
network computing. Sun formed the java soft group which in a little over three years
has grown to over six hundred people working on java related technologies.

3.3.3 JAVA Components and JDBC usage

• Swing
• J Frame
• J File Chooser
• J Scroll Pane
• Image
• String Tokenizer
 12

Swing:
Swing is a set of classes that provides more powerful and flexible components
that are possible with AWT and hence we adapted swing. In addition to normal
components such as buttons, check box, labels swing includes tabbed panes, scroll
panes, trees and tables. It provides extra facilities than the normal AWT components.

J Frame:
Like AWT’s frame class, the J Frame class can generate events when things
happen to the window, such as the window being closed, activated, iconified or
opened. These events can be sent to a window Listener if one is registered with the
frame.

J File Chooser:
It provides a simple mechanism for the user to choose a file. Here it points
the users default directory. It includes the following methods:

Methods Used

Show Dialog:
Pops a custom file chooser dialog with a custom approve button.

Set Dialog Type:

Sets the type of this dialog. Use open-dialog when we want to bring up a file
chooser that the user can use to open file. Use save-dialog for letting the user choose
a file for saving.

Set Dialog Title:

Set the given string as the title of the J File Chooser window.

J Scroll Pane:
Encapsulates a scrollable window. It is a component that represents a
rectangle area in which a component may be viewed. It provides horizontal and
 13

vertical scrollbar if necessary.

Image:
The image class and the java.awt.image package, together provide the support
for imaging both for the display and manipulation of web design. Images are objects
of the image class, and they are manipulated using the classes found in the
java.awt.image package.

String Tokenizer:
The processing of text often consists of parsing a formatted input string.
Parsing is the division of the text in to set of discrete parts or tokens, which in a
certain sequence can convey can convey a semantic meaning.
The String Tokenizer provides first step in this parsing process, often called
the lexical or scanner. String Tokenizer implements the Enumeration interface.
Therefore given an input sting, we can enumerate the individual tokens contained in it
using String Tokenizer.

JDBC Connectivity

JDBC is essentially an Application Programming Interface (API) for executing SQL

statements, and extracting the results. Using this API, we can write database clients,
such as Java applets, servlets and Enterprise JavaBeans, that connect to a relational
database, such as Oracle, MySQL, MS-ACCESS, Sybase, Informix, Ingres,
PostgreSQL, or any other database that implements this API, execute SQL statements,
and process the results extracted from the database.

JDBC Versions

JDBC 2.0 API is the latest version of JDBC API available in the java.sql package.
The previous version focused primarily on basic database programming services such
as creating connections, executing statements and prepared statements, running batch
queries, etc. However, the current API supports batch updates, scrollable resultsets,
transaction isolation, and the new SQL:1999 data types such as BLOB and CLOB in
addition to the SQL2 data types.
 14

The JDBC Drivers

A database vendor typically provides a set of APIs for accessing the data managed by
the database server. Popular database vendors have supplied some proprietary APIs
for client access. Client applications written in native languages such as C and C++
can make these API calls for database access directly. The JDBC API provides a
Java-language alternative to these vendor-specific APIs. Though this takes away the
need to access vendor-specific native APIs for database access, the implementation of
the JDBC layer still need to make these native calls for data access.

JDBC accomplishes its goals through a set of Java interfaces; each gets implemented
differently by different vendors. The set of classes that implement the JDBC
interfaces for a particular database engine is called a JDBC driver. Hence the
necessity of a JDBC driver for each database server. In building a database
application, we do not have to think about the implementation of these underlying
classes at all as the whole point of using JDBC is to hide the specifics of each
database and let us concentrate on our application. A JDBC driver is a middleware
layer that translates the JDBC calls to the vendor-specific APIs. The Java VM uses
the JDBC driver to translate the generalized JDBC calls into vendor-specific database
calls that the database understands.

There are a number of approaches for connecting from our application to a database
server via a database driver.

JDBC-ODBC Bridge - Open Database Connectivity (ODBC) was developed to

create a single standard for database access in the Windows environment. ODBC is a
Windows API standard for SQL and it is based on X/Open Call-Level Interface (CLI)
specification, which is a standard API for database access. CLI is intended to be
vendor, platform, and database neutral. But ODBC API defines a set of functions for
directly accessing the data without the need for embedding SQL statements in client
applications coded in higher level languages.
 15

The JDBC API is originally based on the ODBC API. Thus, it becomes feasible for
the first category of JDBC drivers providing a bridge between the JDBC API and the
ODBC API. This bridge translates the standard JDBC calls to corresponding ODBC
calls. The driver then delegates these calls to the data source. Here, the Java classes
for the JDBC API and the JDBC-ODBC bridge are invoked within the client
application process. Similarly, the ODBC layer executes in another process. This
configuration requires the client application to have the JDBC-ODBC bridge API, the
ODBC driver, and the native language level API, such as the OCI library for Oracle
installed on each client machine.

Each data access call has to go through many layers, this approach for data access is
inefficient for high-performance database access requirements. Though this is not a
preferred one, this has to be used in some situations for example, a Microsoft Access
2000 database can be only be accessed using the JDBC-ODBC bridge.

Part Native Driver - This approach use a mixture of Java implementation and
vendor-specific native APIs for data access. This one is a little bit faster than the
earlier one. When a database call is made using JDBC, the driver translates the
request into vendor-specific API calls. The database will process the request and send
the results back through the API, which will forward them back to the JDBC driver.
The JDBC driver will format the results to confirm to the JDBC standard and return
them to the program. In this approach, the native JDBC driver, which is part Java and
part native code, should be installed on each client along with the vendor-specific
native language API. The native code uses vendor-specific protocols for
communicating with the database. The improved efficiency makes this a preferred
method over the use of the earlier one.

Intermediate Database Access Server This approach is based on intermediate

(middleware) database servers with the ability to connect multiple Java clients to
multiple database servers. In this configuration, clients connect to various database
servers via an intermediate server that acts as a gateway for multiple database servers.
While the specific protocol used between clients and the intermediate server depends
on the middleware server vendor, the intermediate server can use different native
protocols to connect to different databases. The Java client application sends a JDBC
call through a JDBC driver to the intermediate data access server. The middle-tier
 16

then handles the request using another driver, for example the above one, to complete
the request. This is good because the intermediate server can abstract details of
connections to database servers.

Pure Java Drivers - This pure Java alternative to part Java, part native driver. These
drivers convert the JDBC API calls to direct network calls using vendor-specific
networking by making direct socket connections with the database like Oracle Thin
JDBC Driver. This is the most efficient method of accessing databases both in
performance and development time. It also the simplest to deploy since there are no
additional libraries or middleware to install. All major database vendors, such as
Oracle, Sybase, and Microsoft, provide this type of drivers for their databases.

3.3.4 MS-ACCESS

3.3.4.1 Features of MS-Access

Microsoft Access is a relational database management system (DBMS). At the
most basic level, a DBMS is a program that facilitates the storage and retrieval of
structured information on a computer’s hard drive. Examples of well-know industrial-
strength relational DBMSes include:
 Oracle
 Microsoft SQL Destination node
 IBM DB2
 Informix
Well-know PC-based (“desktop”) relational DBMSes include:
 Microsoft Access
 Microsoft FoxPro
 Borland dBase

The many faces of MS-Access

Microsoft generally likes to incorporate as many features as possible into its

products. For example, the Access package contains the following elements:
• a relational database system that supports two industry standard query
languages: Structured Query Language (SQL) and Query By Example (QBE);
 17

• a full-featured procedural programming language—essentially a subset of

VB;
• a simplified procedural macro language unique to Access;
• a rapid application development environment complete with visual form
and report development tools;
• a sprinkling of objected-oriented extensions; and,
• Various wizards and builders to make development easier.

For new users, these “multiple personalities” can be a source of enormous

frustration. The problem is that each personality is based on a different set of
assumptions and a different t view of computing. For instance,
• The relational database personality expects you to view your application as sets of
data
• The procedural programming personality expects you to view your application as
commands to be executed sequentially
• The object-oriented personality expects you to view your application as objects
which encapsulate state and behavior information.
Microsoft makes no effort to provide an overall logical integration of these
personalities (indeed, it is unlikely that such integration is possible). Instead, it is up
to you as a developer to pick and choose the best approach to implementing your
application.
Since there are often several vastly different ways to implement a particular
feature in Access, recognizing the different personalities and exploiting the best
features (and avoiding the pitfalls) of each are important skills for Access developers.
The advantage of these multiple personalities is that it is possible to
use Access to learn about an enormous range of information systems concepts without
having to interact with a large number of “single-personality” tools, for example:
• Oracle for relational databases
• PowerBuilder for rapid applications development
• Smalltalk for Object-oriented programming.
 18

Protection about MS-ACCESS

If the database design needs to be secured to prevent from changes, Access databases
can be locked/protected (and the source code compiled) by converting the database to
an .MDE file. All changes to the database structure (tables, forms, macros, etc.) need
to be made to the original MDB and then reconverted to MDE.

Need for the project

Using Access for rapid application development, especially for the creation of
prototypes and standalone applications that serve as tools for on-the-road salesmen.
Access does not scale well if data access is via a network, so applications that are
used by more than a handful of people tend to rely on Client-Server based solutions.
However, an Access "front end" (the form designs, swing layouts, queries and JAVA
code) can be used against a host of database backends, including JET (file-based
database engine, used in Access by default), Microsoft SQL Server, Oracle, and any
other ODBC-compliant product.

Benefits

Access allows relatively quick development because all database tables,

queries, forms, and reports are stored in the database. For query development, Access
utilizes the Query Design Grid, a graphical user interface that allows users to create
queries without knowledge of the SQL programming language.

One of the benefits of Access from a programmer's perspective is its relative

compatibility with SQL (structured query language)-queries may be viewed and
edited as SQL statements, and SQL statements can be used directly in Macros.
 19

CHAPTER 4

TABLE DESIGN

4.1 Database design

The system will use MS-ACCESS database for data storage. The database design is as
follows:
4.1.1 Table Name: Node Information

Attribute Data Type Size Description

Node Number Long The node identification number
Integer
NodeName Text 50 The name assigned to the node
Nodex Number Long The X-axis orientation of the node
Integer
Nodey Number Long The Y-axis orientation of the node
Integer

Table 4.1.1 Node Information Table

4.1.2 Table Name: Key Details

Attribute Data Type Size Description

Node Number Long The node identification number
Integer
Privatekey Number Long The Private key used in crypto system
Integer
Publickey Number Long The Public key used in crypto system
Integer
Neighpub Number Long The Neighbor Public key used in crypto system
Integer

Table 4.1.2 Key Details Table

4.1.3 Table Name: Node coverage information

 20

Attribute Data Type Size Description

NodeName Text 50 The name assigned to the node
Coverage Text 50 The name of the neighboring nodes gets assigned
NodeName
Trustvalue Number Long The Random trust value based on authentication
Integer verified

Table 4.1.3 Node coverage information

CHAPTER 5

CONSTRUCTION OF USER INTERFACE

 21

5.1 GENERAL

The Wireless Adhoc Network is framed out using Java-swing components in

Simulation environments. It is difficult for a user to adapt to this java designed
simulation tool with the traditional options. The User Interface here makes use of Java
GUI (Graphical User Interface) to make it much efficient for the user to understand
the simulation process.

5.2 DATA FLOW DIAGRAM

 22

Node
Positioning
User
User Interface Node plotting
Menu
Options

User Data Mobility

Process Mobility Random
and individual move
Options
Simulation
Process
Privacy

Monitor Simulation Send data with Decryption

and graphical info Encryption Of data at
Process data destination

Monitor Status

Fig 5.2.1 User Interface Data Flow Diagram

5.3 WORKING OF USER INTERFACE

Fig 4.1 Context Level DFD VMT

5.3.1 MENU OPTIONS

The Menu option helps us to open menu items for operation to be performed
in network simulation. The various files available here is the configuration file which
 23

deals with configuring the network; the node input which gives the number of nodes
to be inserted from the source to the destination, mobility menu item specifies the
mobility of nodes from one place to another.

5.3.2 PROCESS OPTIONS

This option provides key generation for the plotted nodes and authentication
options for processing validity of nodes identity. This menu process the nodes
configure file and identifies a first trusted node in the formed network.

5.3.3 SIMULATE OPTIONS

The simulation has options to carry out Real-Time Simulation, Insertion of a

new node ,delete existing node and Send data where the first represents how it can be
seen in the real time situation and send is to route packets from sender to destination
during the simulation process and the graphical output can be taken from the
simulation results.

5.3.4 OTHER OPTIONS

The other options here are adjusting the background color of the simulation
process and the nodes. To improve the graphical user interface operations easy for
novice users help information added.

5.4 SUMMARY
The User Interface deals with the adhoc simulation interacting with the Java
GUI. This provides an effective communication built between the user and the
simulation environment. The GUI option shows a real time output of the
simulation compared to the traditional study of existing adhoc simulations.

CHAPTER 6

DATA FLOW DIAGRAM

6.1 Basics of DFD

 24

Data flow diagram is used to define the flow of the system and its
resources such as information. Data flow diagrams are a way of expressing system
requirements in a graphical manner. Data flow diagrams represent one of the most
ingenious tools used for structured analysis. A data flow diagram or DFD as it is
called; also known as a bubble chart. It has the purpose of clarifying system
requirements and identifying major transformations that will become programs in
system design. It is the major starting point in a design phase that functionally
decomposes the requirement specification down to the lowest level of detail.

A DFD consists of a series of bubbles joined by lines. The bubbles represents

data transformation and lines represents flow in the system, in the normal convention,
a DFD has major symbols.

 Square, which defines source or destination of date

 Arrow, which shows data flow

 Circle, which represents a process that transforms incoming data into

outgoing flow

 Open rectangle, which shows the data store

The DFD at the simplest level is referred in simple words a “CONTEXT ANALYSIS
DIAGRAM”. These are expanded by level, each explaining its process in detail.
Processes are numbered for easy identification and are normally labeled in a block
letters. Each data flow is labeled for easy understanding.

Symbols are as follows:

A square defines a source or destination of system data.

An arrow identifies data flow.

 25

A circle or bubble represents a process that transforms incoming data

flow into outgoing data flow.

An open rectangle represents a data store.

6.2 SYSTEM FLOW DIAGRAM

Communicating
Nodes

New Node Join Existing node

Request for
Authenticatio Verify communication
n signature

Exchange Valid Checking for

Node availability of
certificate neighbors

Node Details Join

Network
Routing Protocol
Detail

Ready for
Communication
Add Group comm. Details
Node Id
IDIDAddress

Node Details

Fig: 7.1 Module Design depicting all Modules of the project

CHAPTER 7

PROJECT MODULES WITH DFD

 26

7.1 SPECFIYING PROJECT MODULES

1. Authentication of nodes ( PGP authentication )

2. Channel communication (Joining and Leaving ) - Neighborhood keying
Method
3. Improving the performance of routing - AODV protocol by using SAR

Analysis: Graphical oriented performance monitor of existing and proposed

Routing protocol analyzed.

7.2 Basics concepts related to project modules

7.2.1 Cryptosystems for the ad hoc environment

Once that the security architecture has been designed in terms of which
routing protocol to use, it is necessary to precise the requirements that a cryptographic
infrastructure must satisfy in order to be usable. Symmetric cryptography is fast and
light for encryption and digesting, while asymmetric cryptography is efficient for
signature and multiple key management. Asymmetric algorithms offer many
advantages in the securing process of an ad hoc network. However, these ciphers are
unsuitable when the nodes are unable to verify asymmetric signatures quickly enough,
or when network bandwidth is insufficient.

7.3 Requirements

In a generic way it is desirable that the signature algorithm used in ad hoc

networks has these characteristics:

• a short signature (in bits), to minimize message overhead;

• a fast signature verification time, to prevent an intruder perform a DoS attack just
by sending a large number of false signatures;
• verification faster than signing, because a message generated and signed by one
node has to be verified by several (or all) nodes in the network;
 27

• low complexity, because of the CPU power limitation of nodes in a mobile ad hoc
network.

The same applies for a hashing algorithm, with the remark that generation and
verification of the digest are the same operation.

An extremely strong algorithm is usually not required; the algorithm should be

strong enough only to protect the exchanged messages until the next key renewal. In
this point of view, a smaller key may be suitable.

7.3.1 Algorithm analysis

Choosing which cryptographic scheme to use for the protection of the messages is
not an easy task. The choice depends largely on the requirements: whether we want to
identify messages from each node (i.e. ensure non-repudiation) or just guarantee the
integrity of messages – hence if we have to use asymmetric key pairs or just a
symmetric key; available techniques for key distribution; computational complexity;
robustness against different kind of cryptanalysis; size of the signature or digest;
required time for signature generation and verification, or digest generation; and
more. Furthermore, once the requirements are set, an algorithm can be carefully
implemented in software and/or dedicated hardware in a way to perform better than
another. With this in mind, comparing the different known algorithms has sense only
if all-purpose hardware is employed. The cipher should be chosen once the
requirements are clear, and while looking both at the algorithms and the software and
hardware available.

Asymmetric algorithms eligible for use in ad hoc networks may include RSA,
DSA, and ECNR. If a symmetric cipher must be used instead, a good choice would be
HMAC with MD5 or SHA-1, i.e. HMAC-MD5 or HMAC-SHA1. Note that the MD5
hash function has been broken i.e. collisions have been found in references mentioned
under [II, B]; however, this does not compromise the security of HMAC-MD5.
 28

7.3.2 Cryptography basics

Encryption is the process of disguising a message in such a way that it hides its
content; the operation consists in transforming the message from plaintext to
ciphertext. The inverse process is called decryption.

It is also possible to add a message digest, also called a hashing or digital

fingerprint, to the message so that the integrity of the message can be verified.

Signing a message means, instead, to add a sequence of bits (a digital signature)

to the message in order to identify its real originator.

These techniques are performed by using a cryptographic algorithm (cipher) and a

key, whose format depends on the algorithm used. It is often necessary to apply more
than one technique, i.e. a message can be encrypted and then digitally signed.

With respect to the aforementioned security attributes:

• the encryption provides confidentiality, because the messages is transmitted in

cipher text, and only the owner of the key can decrypt the cipher text;
• the message digest provides integrity;
• the signature provides non-repudiation, as only the owner of the key could have
generated it.

Authentication, and subsequent access control, is more complicated to obtain and

requires the use of more advanced cryptographic primitives, while service availability
is not the concern of cryptography.

It is likely that information that was true at some time in the past may not be true
anymore in the present. A common problem is that, even assuming a digest or
signature is successfully checked, previously transmitted messages can be sent again
by an attacker. That is, an intruder may record a bulk of messages and re-send them
some time later; these messages, if they cannot be identified as old (by some
definition of “old”), will be accepted as valid because they are properly signed. This is
known as replay attack, and may easily disrupt communications. To oppose replay
attacks, messages usually embed a piece of time information, called timestamp.
 29

The timestamp is included in the computation of the signature. An adversary may

exploit possible weaknesses in cryptographic functions. For instance, when relaying a
control message with digest from one node to another, an attacker may replace the
original message with a forged one which, due to a flaw in the digesting algorithm,
has the same digital fingerprint. The adversary discovers these flaws using different
techniques e.g. plaintext-chosen or brute-force attacks, depending on the data
available to work on. These kinds of code breaking attacks (cryptanalysis) are aimed
against the cryptographic layer, and do not require the disclosure of any key to the
attacker. However, when designing security schemes that rely on cryptography, it is
usually assumed that cryptographic primitives are robust against these attacks.

Two branches of cryptography exist: symmetric cryptography and asymmetric

cryptography. Each is useful to perform different functions.

7.3.3 Symmetric cryptography

Symmetric cryptography (also called secret key cryptography, single key

cryptography, or one key cryptography) is the most ancient form of cryptography.
Symmetric cryptography is based on symmetric key algorithms, i.e. algorithms where
the encryption key and the decryption key are the same (or, more broadly, where the
encryption key can be computed from the decryption key and vice versa). The sender
and the receiver of a message must agree on a secret shared key, which will
henceforth be used to encrypt, decrypt, and generate a digest on exchanged messages.

Encryption

Some of the symmetric algorithms for encryption are: DES with its improvements
Triple DES and AES, IDEA, LOKI, Lucifer, Skipjack, Vernam (also known as one-
time pad), RC2, and RC4.

To this class of algorithms also belong the ancient substitution and transposition
ciphers, like Caesar, Mary Stuart’s, Pigpen, Vigenere, Playfair, and ADFGVX. These
ciphers were in use centuries ago, in the pre-computer era, and are not used anymore
because they are easy to break by applying cryptanalysis.
 30

Message digest

Symmetric algorithms make large use of hash functions [III] for digesting. A hash
function h maps a bitstring of arbitrary finite length to another bitstring of fixed
length n, where n depends on h. The hash function hence outputs a hash value which
is a condensed representative image of the bitstring fed in input. Changing just one bit
of the input string results in a very different hash value in output; this is known as the
avalanche effect.

A hash function h should have the following properties:

• be one-way, i.e. given an output y it is computationally infeasible to find an input

x such that h(x) = y (preimage resistance);
• given an input x it is computationally infeasible to find another input x′ x such
that h(x′) = h(x) (second preimage resistance);
• it is computationally infeasible to find two inputs x,x′, with x x′, such that h(x) =
h(x′) (collision resistance).

Examples of hash functions are MD5 (Message Digest 5) [III] which is the
successor of MD4, Snefru, RIPEMD-160, and the class of SHA (Secure Hash
Algorithm) functions [III] such as SHA-1 [III] and SHA-256.

7.3.4 Asymmetric cryptography

In asymmetric cryptography (also called public key cryptography), there is a

key for encryption (public key) and another key for decryption (private key or secret
key). A public and its companion private key compose a key pair; knowing a public
key, it is computationally infeasible to calculate the companion private key. A party
can leave its public key available to everyone, e.g. by publishing the key in a public
directory; its private key needs to be kept undisclosed. All public key exchange may
be done over an insecure channel, i.e. a channel that may be subject to eavesdropping.
Public key cryptography therefore requires a Public Key Infrastructure (PKI) to
authenticate the parties, generate the key pairs, or distribute, update and revoke the
public keys.
 31

CHAPTER 8

PROJECT MODULES DESCRIPTION

8.1 DESCRIPTION OF MODULES

The architecture realizes practical security solutions for potentially very

large and very dynamic scalable networks that do not require or assume
permanent availability of a network infrastructure. The security goals are
assurance of backward secrecy (a new member of the network cannot access data
transmitted before the member joined) and forward secrecy (a member cannot
access data that is transmitted after it left the network) for application data that
passes between source and destination.

8.1.2 Authentication among Nodes using Digital Signatures

In an ad hoc network with communicating nodes should produce their

authenticity among neighbors. An exchange and verification of certificates between
neighbors in the communication network occurs only when needed. When an
incoming want to join network for the first time it sends a signed certificate to already
authenticated node and gets itself authenticated

8.1.3 Joining and Leaving

Since the Spanning Tree Protocol is implemented by building an overlay

network, it must provide some rendezvous mechanism to enable nodes who want to
join the overlay network to communicate with nodes in the overlay.

Basically there are three kinds of rendezvous mechanism for an overlay

network:

(1) Broadcast: non-members have a broadcast mechanism that is available to

them. They use this to announce themselves to members of the overlay network.
 32

(2) Server: non-members contact a well-known server that establishes

communication between members and non-members of an overlay network.

(3) Buddy List: non-members maintain a list of members that are likely to be in
the communication network (a "buddy list"). They use this list to contact members.
This type of maintaining members nearby forms neighbors of network. For
neighborhood keying this type of buddy list computed whenever the potential
members of network changes.

8.1.4 Basics of Secured -Aware Ad-hoc Routing (SAR)

SAR can extend any routing protocol. Most of AODV’s original behavior such
as on-demand discovery using flooding, reverse path maintenance and forward path
setup via Route Request and Reply (RREP) messages is retain. Route Discovery and
Route Maintenance each operate entirely “On demand”. In particular, unlike other
protocols, this requires no periodic packets of any kind at any layer within the
network. Providing a detailed scenario of ad-hoc networking can be used in the AEC
industry, giving an overview of the existing mobile ad-hoc networks and addressing
some issues of implementation and deployment of the networking protocol called Ad-
hoc On-demand Distance Vector routing (AODV). There is very little difference
between prior work on existing AODV and proposed security issues in ad hoc
network routing protocols.

8.2 AUTHENTICATION

Authentication is managed through certificates signed by a trusted third party

or designated certificate authority. An exchange of certificates is required when an
neighbor member of the group receives a protocol message from another node for the
first time. Processing of that certificates are formatted following using X.509
specification. In this process, all authenticated nodes are trusted. In verification of
authentication process any authenticated node can authenticate any other node.
 33

Group of Ad-Hoc network created

After the Node Plotting Process

Initially first node is authenticated

Node (verified by DSA)

Initial Node can authenticate any

other Node

Any authenticated Node can

authenticate any other Node

Fig 8.2.5 Authentication of Nodes

 34

8.3 KEY MANAGEMENT

This refers to creation and exchange of secret keys at application level.

Network Group members share a single symmetric group key for encrypting and
signing messages. This is commonly done in secure group communications for
network-layer multicast. To ensure forward and backward secrecy, group keys must
be updated and distributed each time the group membership changes. This is referred
to as re-keying. Existing software’s does not provide a protocol for re-keying and
leaves this task to the application. This proposed architecture has an alternative to
group keys, called neighborhood key method, where each member its own secret key,
called the neighborhood key, which is shared only with authenticated neighbors in the
network to neighbors. The neighborhood key method avoids network wide re-keying
operations. This neighbor shared key is called as (NSR), hence potential members
who have that proper key can decrypt the encrypted message at intermediate nodes.
As you notice this working algorithm can ensure session secrecies.

8.4 KEY GENERATION USING RSA ALGORITHM

RSA

RSA (Rivest, Shames Adleman) is a popular asymmetric key encryption

standard. It is based on number theory (more specifically the difficulty in factorizing
a large number). The key size ranges between 512 and 2048 bits.
It is used in many e-commerce applications such as the Secure Electronic
Transaction (SET) protocol for credit card payment.

• A public encryption method that relies on a public encryption algorithm, a

public decryption algorithm, and a public encryption key.

• Using the public key and encryption algorithm, everyone can encrypt a
message.

• The decryption key is known only to authorize parties.

Let us assume,
• p and q are two prime numbers.
• n = pq
• m = (p-1)(q-1)
 35

• a is such that 1 < a < m and gcd(m,a) = 1.

• b is such that (ab) mod m = 1.
• a is computed by generating random positive integers and testing gcd(m,a) = 1
using the extended Euclid’s gcd algorithm.
• The extended gcd algorithm also computes b when gcd(m,a) = 1.

8.4.1 Encryption and decryption

• Message M < n.
• Encryption key = (a,n).
• Decryption key = (b,n).
• Encrypt => E = Ma mod n.
• Decrypt => M = Eb mod n. extended gcd algorithm also computes b when
gcd(m,a) = 1.

From this RSA algorithm, encryption and decryption process are followed in this
system with generated private-public keys for each node.

8.4.2 Message Keys

In this scheme using neighborhood key method, where secrets are exchanged
only between neighbors of the network, encrypted message payloads cannot be
deciphered by non-neighbors. This creates a problem when a message is forwarded.
Clearly, decrypting and re-encrypting a message at each hop is very time-consuming
and not practical in large networks. To reduce the overhead incurred at each hop
usage of separate keys for each message. Here, when an member wants to transmit a
message, it generates a new symmetric key for this message, called a message key,
and encrypts or signs the payload of the message with the message key. Then, the
message key is encrypted with the neighborhood key and appended to the message.
When routing takes place with neighboring members they share their neighborhood
keys with their neighbors in the network, only the message key must be decrypted and
re-encrypted at each hop, without modifying the encrypted message payload.
 36

Thus final message is only confined to destination can whole process message
with payload to retrieve the message that has been sent by source. By this way we can
achieve privacy of message communication at application level since that can be
processed with intended receiver node using its own private key as it is a confidential
one. This technique can be represented in flow diagram as follows;

While Data Transferring

Generate a Message Key

Get the input file and Encrypt that

file with message key

If it is No
Destina
tion Encrypt the message key
Node with sender’s
Neighborhood public
Yes key

Encrypt the message key with

destination node’s public key

Encrypted data send to destination

node

If it is No
Destina Decrypt the message key
tion with neighborhood
Node public key
Yes

Encrypted message key is decrypted

with receiver’s private key

Finally decrypt the encrypted input

file with the help of message key and
get the original input file

Fig 8.4.2 Preserving privacy of data during transmission

 37

8.5 Security-Aware Ad-hoc Routing (SAR)

AODV is implemented in existing systems as this well known for attacks,

Mobile Ad hoc Secure Routing Protocols incorporates security in routing strategy of
AODV.So directly look into the secure mechanism incorporated by SAR over AODV.
SAR uses Security as on of the Key Metrics in its route discovery and maintenance.
This framework also uses different levels of security for different level of
applications.
Additionally introducing a security metric which may be negotiated between
the source and the destination. To account for security properties such as time stamp,
sequence number, authentication, integrity, etc. The security metric is embedded into
route request (RREQ) packets. An RREQ can be processed or forwarded only if the
node can provide the required security (or has the required authorization)
Each node in the network is associated with a level of trust metric, based on
which route Will be followed according the security requirements of the application.
Let us consider the example shown in figure

Fig 8.5.1 Reactive Routing- Secured aware Routing

Let us consider that node1 in the network wants to find a route to the node 10.
There are two possible ways in the network to establish a route between node 1 and
node 10 Path1: 1-5-6-11-10, Path2: 1-2-3-8-10. In the network let us assume that the
security metrics of the nodes 2,3 and 8 are less than 5,6 and 11 and they are part of a
private network. So based on the security metrics, the SAR protocol chooses the path:
1-5-6-11-10 for routing between node 1 and node 10.
 38

8.5.1 Simulation of SAR

SAR (Security-Aware ad hoc Routing) is a modification of a traditional, non-

secured route discovery protocol (like AODV, DSR, or ZRP) to include the security
level of a node into routing metrics. The nodes are organized in a trust hierarchy; a
number is associated with each privilege level and represents the security or
importance or capability of a node. RREQ and RREP packets are encrypted. In this
manner, packets are routed only through safe nodes; nodes without the required
security rank cannot even read the control packets and must therefore drop them. At
simulation level of SAR each node maintains trust value for his neighbors in the
network. That trust value can be accessed as security level value so that if such value
or more than that trust value if node possess we can forward the packet through that
node.

The trust value can be calculated as

Trust value= (C, A*P)

Where, C refers to cryptography used

A refers to Availability
P refers to Packet Forwarding

Using these metrics the tabulation indicates the value of trustiness calculated as per
requirements;

Metrics used Possible values Type Equation Measure

Method
Cryptography 0,1 Integer No = 0, Yes =1 Certificate
(C) Exchange
Packet 0-1 Ratio Successful pkt Acks of the
Forwarding (P) Fwd/ Total pkt destination
Fwd
 39

Availability (A) 0-1 Ratio Ping message Ping after some

replied / Ping interval
message sent
Trust Value (T) (0,0)-(1,1) (binary, (C, A*P) (C, A*P)
multiplication of
ration)

Table 7.8.1 Initial trust parameter values

Advantage
Eliminates the attacks that happened while using legacy routing protocols.

Drawbacks
A lot of encryption overhead, since each intermediate node has to performs it.

Summary

SAR is indeed secure in the way that it does ensure that only nodes having the
required trust level will read and reroute the packets being sent. Unfortunately, SAR
still leaves a lot of security issues uncovered and still open for attacks such as:

 Nothing is done to prevent intervention of a possibly malicious node from

being used for routing, as long as they have the required key
 If a malicious node somehow retrieves the required key the protocol has no
further security measure to prevent against the attacker from bringing the
entire network to a standstill.
 There is excessive encryption and decryption required at each hop. Dealing
with mobile environments makes an extra processing leading to increased
power consumption can be a problem.

SAR is intended for the managed-open environment as it requires some sort of key
distribution system in order to distribute the trust level keys to the correct devices.
 40

CHAPTER 9

SYSTEM TESTING

9.1 SYSTEM IMPLEMENTATION

This project can be implemented on any platform. Since developed in java

provides platform independent. Any authenticated node (user) can process the
payload data sent across communication network

9.2 SYSTEM TESTING

9.2.1 Module Testing

Module testing is a process of testing the system module, where all the
inputs given and for that corresponding all the outputs are produced can be
tested by going a walk through these modules errors were debugged whenever
occurred.

9.2.2 Interface Testing

The Interface testing is performed to verify the Interface between sub
modules while performing integration of sub-modules aiding master modules
recursively.

9.2.3 Black box Testing

In this type of testing by giving the input to the system and test the
output. Here there is no necessary for watching. The internal variable in the
system and what are the changes to be made on them for obtaining the
required output.

9.2.4 White Box Testing

It is just the vice versa of the black testing. Here watching the internal
variables during testing are not needed. This gives a clear idea what is going
on during execution of the system. The points at which the bugs occur were
crystal and it has been removed.
 41

9.2.5 Overall System Testing

System testing is designed to uncover weakness that was not found in

earlier tests. This includes forced system failure and validation of the total
system, as it is users in the operational Environment will implement it. The
total system is also tested for major failures to ensure that no data are lost
during emergency. It is concerned with subtlety in the interface, decision
logic and control flow recovery procedures throughput, capacity and timing
characteristics of the entire systems.

9.2.6 Acceptance Testing

Acceptance testing involves planning and execution of the functional

tests, performances tests and stress tests to verify that the implemented system
satisfies its requirements. Acceptance tests are typically performed by the
quality assurance and customer organization

9.2.7 Stress Testing

The purpose of stress testing is to prove that the candidate system does
not malfunction under peak loads, subject a high volume of data over a short
period of time and in scalability. This creates an adhoc environment where
more processing of activities can be carried out.

9.3 Summary

The design of simulator is done with java swing components and hence
verification and validation testing done to simulation entry fields. Above
mentioned tests are also performed with basic testing tools. Thus software
defects are identified and test cases are recorded for various values and
effectively removed any software defect is present in this simulation design.
 42

FUTURE ENHANCEMENTS

Currently this project deals with session secrecy alone. Moving to next level
of security for achieving confidential nature of data transmission. Providing this
feature would be an extension to the project. Confidentiality and integrity of data
being transferred among nodes can be maintained by using MAC mechanisms.
Confidentiality can be applied only for application data, i.e., the payload field of the
message. Encryption of the payload is performed at the source of a message and
decryption is performed at the destination(s) of the message. Data is encrypted using a
symmetric key algorithm (AES, Blowfish, DES, and DESede) with a specified key
length (between 0 and 1024 bits). For the above implementation needs MAC
computation, additional security header appended need to verify at receiving side and
MAC verify can provide data confidentiality along with data integrity.
 43

CONCLUSION

This project is used for the development of applications that bringsthe total
security functionality inherent in popular messaging systems to a wireless ad-hoc
environment. Our primary goal is to facilitate spontaneous conversations between
mobile hosts where no centralized server exists. Application messages being
distributed reliably via Ad Hoc wireless nodes on the handheld devices. SAR provides
the best strategy for routing and evading well known routing attacks.

The facility to easily extend one-to-one conversations to involve multiple

users allowed participants to easily join and leave groups, facilitating spontaneous
collaboration. Thus main goal of the project is preserved (session secrecies i.e.,
Backward & forward secrecies) using Neighbourhood key algorithm.Additionaly this
proposed algorithm operates only the message key must be decrypted and re-
encrypted at each hop, without modifying the encrypted message payload thus
minimizing global re-keying operations. Capturing of application messages is
confined to the intended destination to provide privacy.
 44

BIBILOGRAPHY

References

I) G.Calinescu, I.Mandoiu, P.J. Wan, and A. Zelikovsky, “Selecting forwarding

neighbors in Wireless Ad Hoc Networks,” Proc. Fifth Int’l Workshop Discrete
Algorithms and Methods for Mobile Computing and Comm., pp. 34-43, Oct. 2001.
II) Jorg Liebeherr and Guangyu Dong “An Overlay Approach to Data Security in Ad-
Hoc Networks”, Elsevier. Journal - Ad hoc communications, available on line 5 July
2006
III) R.Draves ,J.Padhye, & B.Zill. Comparison of routing metrics for static multi-hop
wireless networks. In Proc.of ACM Sigcomm, Aug. 04.
IV) Reijo Savola and Ilkka Uusitalo. “Towards Node-Level Security Management in Self-
Organizing Mobile Ad Hoc Networks”,International Conference on Internet and Web
Applications and Services (AICT/ICIW 2006) IEEE computer society

Book References

[ A ] Java 2 Network Security by Pistoia, Reller, Gupta, Nagnur and Ramani Pearson
EditionII -2001
[ B ] The hand book of Ad-hoc Wireless Networks, Mohammad IIyas - CRC press
Edition 2003.

Web reference –URL’s

http://freepastry.rice.edu.
http://www.ieeeexplore.org
http://www.ietf.org/rfc/rfc3626
http://www.wikipedia.org