# ALL-PanosP-REFS-J.bib

@article{KhodaeiJP:J:2018,
title = {{SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems}},
journal = {IEEE Transactions on Intelligent Transportation Systems (IEEE ITS)},
volume = {},
number = {},
month = {April},
year = {2018},
doi = {10.1109/TITS.2017.2722688},
comment = {},
typ = {J}
}

@article{RazaHPV:J:2017,
author = {Shahid Raza and T{\'{o}}mas Helgason and Panos Papadimitratos and Thiemo Voigt},
title = {{SecureSense: End-to-end Secure Communication Architecture for the Cloud-Connected Internet of Things}},
journal = {Future Generation Computer Systems},
volume = {77},
pages = {40--51},
number = {Supplement C},
month = {December},
year = {2017},
doi = {10.1016/j.future.2017.06.008},
keywords = {Security, Internet of Things, IoT, CoAP, DTLS, Cloud},
comment = {},
typ = {J}
}

@article{MirmohseniP:J:2017,
author = {Mirmohseni, Mahtab and Papadimitratos, Panos},
journal = {IEEE Transactions on Information Theory (IEEE IT)},
title = {{Secrecy Capacity Scaling in Large Cooperative Wireless Networks}},
year = {2017},
volume = {63},
number = {3},
pages = {1923--1939},
abstract = {We investigate \emph{large} wireless networks subject to security constraints. In contrast to point-to-point, interference-limited communications considered in prior works, we propose active cooperative relaying based schemes. We consider a network with $n_l$ legitimate nodes, $n_e$ eavesdroppers, and path loss exponent $\alpha\geq 2$. As long as $n_e^2\big(\log(n_e)\big)^{\gamma}=o(n_l)$, for some positive $\gamma$, we show one can obtain unbounded secure aggregate rate. This means zero-cost secure communication, given fixed total power constraint for the entire network. We achieve this result through (i) the source using Wyner randomized encoder and a \emph{serial (multi-stage)} block Markov scheme, to cooperate with the relays and (ii) the relays acting as a virtual multi-antenna to apply beamforming against the eavesdroppers. Our simpler \emph{parallel (two-stage)} relaying scheme can achieve the same unbounded secure aggregate rate when $n_e^{\frac{\alpha}{2}+1}\big(\log(n_e)\big)^{\gamma+\delta(\frac{\alpha}{2}+1)}=o(n_l)$ holds, for some positive $\gamma,\delta$. Finally, we study the improvement (to the detriment of legitimate nodes) the eavesdroppers achieve in terms of the information leakage rate in a large \emph{cooperative} network in case of \emph{collusion}. We show that again the zero-cost secure communication is possible, if $n_e^{(2+\frac{2}{\alpha})}\big(\log n_e\big)^{\gamma}=o(n_l)$ holds, for some positive $\gamma$; i.e., in case of collusion slightly fewer eavesdroppers can be tolerated compared to the non-colluding case.},
keywords = {Markov processes;antenna arrays;array signal processing;cooperative communication;radio networks;random processes;relay networks (telecommunication);telecommunication security;Wyner randomized encoder;active cooperative relaying-based schemes;beamforming;eavesdroppers;information leakage rate;large cooperative wireless networks;legitimate nodes;parallel relaying;path loss exponent;secrecy capacity scaling;security constraints;serial block Markov scheme;total power constraint;unbounded secure aggregate rate;virtual multiantenna;zero-cost secure communication;Aggregates;Array signal processing;Encoding;Markov processes;Relays;Security;Wireless networks;Secrecy capacity;colluding eavesdroppers;cooperative strategies;informationtheoretic security;large wireless networks;relaying;scaling laws},
doi = {10.1109/TIT.2016.2645227},
issn = {0018-9448},
month = {March},
comment = {},
typ = {J}
}

@article{HollickNPPS:J:2017,
author = {Matthias Hollick and Cristina Nita{-}Rotaru and Panagiotis Papadimitratos and  Adrian Perrig and Stefan Schmid},
title = {{Toward a Taxonomy and Attacker Model for Secure Routing Protocols}},
journal = {ACM SIGCOMM Computer Communication Review},
volume = {47},
number = {1},
pages = {43--48},
year = {2017},
month = {January},
keywords = {Attacker Models, Routing, Security, Taxonomy},
doi = {10.1145/3041027.3041033},
comment = {},
typ = {J}
}

@article{EhdaieAAAP:J:2016,
title = {{2D Hash Chain Robust Random Key Distribution Scheme}},
journal = {Information Processing Letters},
volume = {116},
number = {5},
pages = {367--372},
month = {May},
year = {2016},
doi = {10.1016/j.ipl.2015.12.006},
comment = {},
typ = {J}
}

@article{GisdakisGP:J:2016,
author = {Stylianos Gisdakis and Thanassis Giannetsos and Panagiotis Papadimitratos},
title = {{Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems}},
journal = {{IEEE} Internet of Things Journal},
volume = {3},
number = {5},
pages = {839--853},
year = {2016},
doi = {10.1109/JIOT.2016.2560768},
abstract = {Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of mobile crowd sensing (MCS). The openness of such systems and the richness of data MCS users are expected to contribute to them raise significant concerns for their security, privacy-preservation and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a holistic solution. That is, a secure and accountable MCS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after an MCS architecture that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving and intelligent MCS entities (servers). In this paper, we meet these challenges and propose a comprehensive security and privacy-preserving architecture. With a full blown implementation, on real mobile devices, and experimental evaluation we demonstrate our system's efficiency, practicality, and scalability. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system offers strong security and privacy-preservation guarantees, thus, facilitating the deployment of trustworthy MCS applications.},
keywords = {data privacy;mobile computing;trusted computing;holistic solution;incentive provision;mobile crowd sensing system;privacy preservation;privacy property;privacy-preserving architecture;security property;trustworthy MCS applications;Data collection;Data privacy;Internet of things;Mobile communication;Privacy;Security;Sensors;Incentive mechanisms;mobile crowd sensing (MCS);privacy;security},
doi = {10.1109/JIOT.2016.2560768},
issn = {2327-4662},
month = {October},
comment = {},
typ = {J}
}

@article{EhdaieAAAP:J:2015,
title = {{Key splitting: making random key distribution schemes resistant against node capture}},
journal = {Security and Communication Networks},
volume = {8},
number = {3},
pages = {431--445},
month = {February},
year = {2015},
doi = {10.1002/sec.991},
comment = {},
typ = {J}
}

@article{GisdakisMTRP:J:2015,
author = {Stylianos Gisdakis and Vasileios Manolopoulos and Sha Tao and Ana Rusu and Panagiotis Papadimitratos},
title = {{Secure and Privacy-Preserving Smartphone-Based Traffic Information Systems}},
journal = {{IEEE} Transactions on Intelligent Transportation Systems (IEEE ITS)},
volume = {16},
number = {3},
pages = {1428--1438},
year = {2015},
abstract = {Increasing smartphone penetration, combined with the wide coverage of cellular infrastructures, renders smartphone-based traffic information systems (TISs) an attractive option. The main purpose of such systems is to alleviate traffic congestion that exists in every major city. Nevertheless, to reap the benefits of smartphone-based TISs, we need to ensure their security and privacy and their effectiveness (e.g., accuracy). This is the motivation of this paper: We leverage state-of-the-art cryptographic schemes and readily available telecommunication infrastructure. We present a comprehensive solution for smartphone-based traffic estimation that is proven to be secure and privacy preserving. We provide a full-blown implementation on actual smartphones, along with an extensive assessment of its accuracy and efficiency. Our results confirm that smartphone-based TISs can offer accurate traffic state estimation while being secure and privacy preserving.},
keywords = {cryptography;smart phones;traffic information systems;TIS;cryptographic schemes;smartphone-based traffic estimation;smartphone-based traffic information system privacy preservation;smartphone-based traffic information system security;telecommunication infrastructure;traffic congestion;Authentication;Estimation;Mobile communication;Privacy;Roads;Servers;Privacy;security;traffic information systems},
doi = {10.1109/TITS.2014.2369574},
issn = {1524-9050},
comment = {},
typ = {J}
}

@article{KhodaeiP:J:2015,
journal = {IEEE Vehicular Technology Magazine},
title = {{The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems}},
year = {2015},
volume = {10},
number = {4},
pages = {63-69},
abstract = {Vehicular communication (VC) systems will greatly enhance intelligent transportation systems. But their security and the protection of their users' privacy are a prerequisite for deployment. Efforts in industry and academia brought forth a multitude of diverse proposals. These have now converged to a common view, notably on the design of a security infrastructure, a vehicular public-key infrastructure (VPKI) that shall enable secure conditionally anonymous VC. Standardization efforts and industry readiness to adopt this approach hint at its maturity. However, there are several open questions remaining, and it is paramount to have conclusive answers before deployment. In this article, we distill and critically survey the state of the art for identity and credential management in VC systems, and we sketch a road map for addressing a set of critical remaining security and privacy challenges.},
keywords = {intelligent transportation systems;mobile radio;public key cryptography;telecommunication security;VC systems;VPKI;credential management;intelligent transportation system;standardization effort;user privacy;vehicular communication system;vehicular public-key infrastructure;Automation;Intelligent vehicles;Management;Network security;Privacy;Security;Vehicle ad hoc networks;Vehicular and wireless technologies;Vehicular automation},
doi = {10.1109/MVT.2015.2479367},
issn = {1556-6072},
month = {December},
comment = {},
typ = {J}
}

@article{ShorkiTPKH:J:2014,
author = {R. Shokri and G. Theodorakopoulos and P. Papadimitratos and E. Kazemi and J. P. Hubaux},
journal = {IEEE Transactions on Dependable and Secure Computing (IEEE TDSC)},
title = {{Hiding in the Mobile Crowd: Location Privacy through Collaboration}},
year = {2014},
volume = {11},
number = {3},
pages = {266-279},
abstract = {Location-aware smartphones support various location-based services (LBSs): users query the LBS server and learn on the fly about their surroundings. However, such queries give away private information, enabling the LBS to track users. We address this problem by proposing a user-collaborative privacy-preserving approach for LBSs. Our solution does not require changing the LBS server architecture and does not assume third party servers; yet, it significantly improves users' location privacy. The gain stems from the collaboration of mobile devices: they keep their context information in a buffer and pass it to others seeking such information. Thus, a user remains hidden from the server, unless all the collaborative peers in the vicinity lack the sought information. We evaluate our scheme against the Bayesian localization attacks that allow for strong adversaries who can incorporate prior knowledge in their attacks. We develop a novel epidemic model to capture the, possibly time-dependent, dynamics of information propagation among users. Used in the Bayesian inference framework, this model helps analyze the effects of various parameters, such as users' querying rates and the lifetime of context information, on users' location privacy. The results show that our scheme hides a high fraction of location-based queries, thus significantly enhancing users' location privacy. Our simulations with real mobility traces corroborate our model-based findings. Finally, our implementation on mobile platforms indicates that it is lightweight and the cost of collaboration is negligible.},
keywords = {Bayes methods;data privacy;mobile computing;query processing;smart phones;Bayesian inference framework;Bayesian localization attacks;LBS server architecture;context information lifetime;epidemic model;information propagation;location-aware smart phones;location-based queries;location-based services;mobile crowd hiding;mobile devices;third party servers;user location privacy;user querying rates;user-collaborative privacy-preserving approach;Ad hoc networks;Bayes methods;Collaboration;Hidden Markov models;Mobile communication;Privacy;Servers;Bayesian inference attacks;Mobile networks;epidemic models;location privacy;location-based services},
doi = {10.1109/TDSC.2013.57},
issn = {1545-5971},
month = {May},
comment = {},
typ = {J}
}

@article{PoturalskiPH:J:2013,
author = {M. Poturalski and P. Papadimitratos and J. P. Hubaux},
journal = {IEEE Transactions on Dependable and Secure Computing (IEEE TDSC)},
title = {{Formal Analysis of Secure Neighbor Discovery in Wireless Networks}},
year = {2013},
volume = {10},
number = {6},
pages = {355-367},
abstract = {We develop a formal framework for the analysis of security protocols in wireless networks. The framework captures characteristics necessary to reason about neighbor discovery protocols, such as the neighbor relation, device location, and message propagation time. We use this framework to establish general results about the possibility of neighbor discovery. In particular, we show that time-based protocols cannot in general provide secure neighbor discovery. Given this insight, we also use the framework to prove the security of four concrete neighbor discovery protocols, including two novel time-and-location-based protocols. We mechanize the model and some proofs in the theorem prover Isabelle.},
keywords = {protocols;radio networks;telecommunication security;device location;formal analysis;message propagation time;neighbor discovery protocols;neighbor relation;secure neighbor discovery;security protocols;time-and-location-based protocols;time-based protocols;wireless networks;Computer security;Formal verification;Knowledge discovery;Security of data;Wireless networks;Neighbor discovery;distance bounding;formal verification;relay attack},
doi = {10.1109/TDSC.2013.17},
issn = {1545-5971},
month = {November},
comment = {},
typ = {J}
}

@article{FioreCCP:J:2013,
author = {M. Fiore and C. Ettore Casetti and C. F. Chiasserini and P. Papadimitratos},
journal = {IEEE Transactions on Mobile Computing (IEEE TMC)},
title = {{Discovery and Verification of Neighbor Positions in Mobile Ad Hoc Networks}},
year = {2013},
volume = {12},
number = {2},
pages = {289-303},
abstract = {A growing number of ad hoc networking protocols and location-aware services require that mobile nodes learn the position of their neighbors. However, such a process can be easily abused or disrupted by adversarial nodes. In absence of a priori trusted nodes, the discovery and verification of neighbor positions presents challenges that have been scarcely investigated in the literature. In this paper, we address this open issue by proposing a fully distributed cooperative solution that is robust against independent and colluding adversaries, and can be impaired only by an overwhelming presence of adversaries. Results show that our protocol can thwart more than 99 percent of the attacks under the best possible conditions for the adversaries, with minimal false positive rates.},
keywords = {mobility management (mobile radio);routing protocols;telecommunication services;vehicular ad hoc networks;ad hoc networking protocols;location-aware services;mobile ad hoc networks;mobile nodes;neighbor position verification;routing protocol;Mobile communication;Mobile computing;Protocols;Public key;Robustness;Timing;Neighbor position verification;mobile ad hoc networks;vehicular networks},
doi = {10.1109/TMC.2011.258},
issn = {1536-1233},
month = {February},
comment = {},
typ = {J}
}

@article{PoturalskiFPHL:J:2012,
author = {Poturalski, Marcin and Flury, M. and Papadimitratos, Panos and Hubaux, Jean-Pierre and Le Boudec, Jean-Yves},
title = {{On Secure and Precise IR-UWB Ranging}},
journal = {IEEE Transactions on Wireless Communications (IEEE TWC)},
year = {2012},
volume = {11},
pages = {1087--1099},
number = {3},
abstract = {To provide high ranging precision in multipath environments, a ranging protocol should find the first arriving path, rather than the strongest path. We demonstrate a new attack vector that disrupts such precise Time-of-Arrival (ToA) estimation, and allows an adversary to decrease the measured distance by a value in the order of the channel spread (10-20 meters). This attack vector can be used in previously reported physical-communication-layer (PHY) attacks against secure ranging (or distance bounding). Furthermore, it creates a new type of attack based on malicious interference: This attack is much easier to mount than the previously known external PHY attack (distance-decreasing relay) and it can work even if secret preamble codes are used. We evaluate the effectiveness of this attack for a PHY that is particularly well suited for precise ranging in multipath environments: Impulse Radio Ultra-Wideband (IR-UWB). We show, with PHY simulations and experiments, that the attack is effective against a variety of receivers and modulation schemes. Furthermore, we identify and evaluate three types of countermeasures that allow for precise and secure ranging.},
keywords = {modulation;multipath channels;protocols;radiofrequency interference;time-of-arrival estimation;ultra wideband communication;IR-UWB ranging;PHY;ToA;distance 10 m to 20 m;impulse radio ultrawideband;malicious interference;modulation scheme;multipath On environments;physical-communication-layer;protocol;time-of-arrival estimation;Distance measurement;Interference;Protocols;Receivers;Relays;Signal to noise ratio;Synchronization;Security;distance bounding;impulse radio;ranging;ultra-wideband},
doi = {10.1109/TWC.2012.011812.110483},
issn = {1536-1276},
month = {March},
comment = {},
typ = {J}
}

@article{ManolopoulosTRP:J:2012,
author = {Manolopoulos, V. and Tao, S. and Rusu, A. and Papadimitratos, P.},
title = {{HotMobile 2012 Demo: Smartphone-based Traffic Information System for Sustainable Cities}},
journal = {ACM Mobile Computing and Communications Review (ACM MC2R)},
volume = {16},
number = {4},
month = {October},
year = {2012},
issn = {1559-1662},
pages = {30--31},
doi = {10.1145/2436196.2436213},
typ = {J}
}

@article{PoturalskiFPHL:J:2011,
author = {Poturalski, Marcin and Flury, M. and Papadimitratos, Panos and Hubaux, Jean-Pierre and Le Boudec, Jean-Yves},
title = {{Distance Bounding with IEEE 802.15.4a: Attacks and Countermeasures}},
journal = {IEEE Transactions on Wireless Communications (IEEE TWC)},
year = {2011},
volume = {10},
pages = {1334--1344},
number = {4},
month = {April},
abstract = {Impulse Radio Ultra-Wideband, in particular the recent standard IEEE 802.15.4a, is a primary candidate for implementing distance bounding protocols, thanks to its ability to perform accurate indoor ranging. Distance bounding protocols allow two wireless devices to securely estimate the distance between themselves, with the guarantee that the estimate is an upper-bound on the actual distance. These protocols serve as building blocks in security-sensitive applications such as tracking, physical access control, or localization. We investigate the resilience of IEEE 802.15.4a to physical-communication-layer attacks that decrease the distance measured by distance bounding protocols, thus violating their security. We consider two attack types: malicious prover (internal) and distance-decreasing relay (external). We show that if the honest devices use energy-detection receivers (popular due to their low cost and complexity), then an adversary can perform highly effective internal and external attacks, decreasing the distance by hundreds of meters. However, by using more sophisticated rake receivers, or by implementing small modifications to IEEE 802.15.4a and employing energy-detection receivers with a simple countermeasure, honest devices can reduce the effectiveness of external distance-decreasing relay attacks to the order of 10 m. The same is true for malicious prover attacks, provided that an additional modification to IEEE 802.15.4a is implemented.},
doi = {10.1109/TWC.2011.020111.101219},
issn = {1536-1276},
comment = {DIVA - Fulltext},
comment = {},
typ = {J}
}

@article{CalandrielloPHL:J:2011,
author = {Calandriello, Giorgio and Papadimitratos, Panos and Hubaux, Jean-Pierre and Lioy, A.},
title = {{On the Performance of Secure Vehicular Communication Systems}},
journal = {IEEE Transactions on Dependable and Secure Computing (IEEE TDSC)},
year = {2011},
volume = {8},
pages = {898--912},
number = {6},
month = {November},
abstract = {Vehicular communication (VC) systems are being developed primarily to enhance transportation safety and efficiency. Vehicle-to-vehicle communication, in particular, frequent cooperative awareness messages or safety beacons, has been considered over the past years as a main approach. Meanwhile, the need to provide security and to safeguard users' privacy is well understood, and security architectures for VC systems have been proposed. Although technical approaches to secure VC have several commonalities and a consensus has formed, there are critical questions that have remained largely unanswered: Are the proposed security and privacy schemes practical? Can the secured VC systems support the VC-enabled applications as effectively as unsecured VC would? How should security be designed so that its integration into a VC system has a limited effect on the system's performance? In this paper, we provide answers to these questions, investigating the joint effect of a set of system parameters and components. We consider the state-of-the-art approach in secure VC, and we evaluate analytically and through simulations the interdependencies among components and system characteristics. Overall, we identify key design choices for the deployment of efficient, effective, and secure VC systems.},
keywords = {data privacy;mobile communication;road vehicles;telecommunication security;secure vehicular communication systems;transportation safety;vehicle-to-vehicle communication;Identity-based encryption;Network security;Optimization;Privacy;Public key cryptography;Wireless communication;Security and protection;and serviceability.;availability;reliability;wireless communication},
doi = {10.1109/TDSC.2010.58},
issn = {1545-5971},
comment = {},
typ = {J}
}

@article{KarglP:J:2011,
author = {Kargl, Frank and Papadimitratos, Panos},
title = {{ACM WiSec 2011 poster and demo session}},
journal = {ACM Mobile Computing and Communications Review (ACM MC2R)},
year = {2011},
volume = {15},
pages = {34--34},
number = {3},
month = {November},
doi = {10.1145/2073290.2073296},
comment = {},
typ = {J}
}

@article{FestagPT:J:2010,
author = {Festag, Andreas and Papadimitratos, Panos and Tielert, Tessa},
title = {{Design and Performance of Secure Geocast for Vehicular Communication}},
journal = {{IEEE} {T}ransactions on {V}ehicular {T}echnology ({IEEE TVT})},
year = {2010},
volume = {59},
pages = {2456--2471},
number = {5},
month = {June},
abstract = {The characteristics of vehicular communication environments and their networking and application requirements have led to the development of unique networking protocols. They enable vehicle-to-vehicle and vehicle-to-infrastructure communication based on the IEEE 802.11 technology, ad hoc principles, and wireless multihop techniques using geographical positions. These protocols, which are commonly referred to as Geocast, greatly support the vehicular communication and applications but necessitate a tailored security solution that provides the required security level with reasonable processing and protocol overhead, as well as reasonably priced onboard and road-side unit equipment. In this paper, we present the design of a security solution for Geocast, which is based on cryptographic protection, plausibility checks using secure neighbor discovery and mobility-related checks, trustworthy neighborhood assessment, and rate limitation. We analyze the achieved security level of the proposed scheme and assess its overhead and performance. Furthermore, we develop a software-based prototype implementation of a secure vehicular communication system. We find that the proposed security measures could result in a network performance bottleneck in realistic vehicular scenarios. Finally, we analyze the tradeoff between security overhead and protocol performance and determine the minimal processing overhead needed for acceptable performance.},
keywords = {cryptographic protocols;mobile radio;telecommunication security;Geocast;IEEE 802.11 technology;ad hoc network;cryptographic protection;mobility-related checks;networking protocol overhead;secure neighbor discovery;trustworthy neighborhood assessment;vehicle-to-infrastructure communication system;vehicle-to-vehicle communication system;wireless multihop techniques;Communication system security;Cryptographic protocols;Cryptography;Data security;Intelligent transportation systems;Performance analysis;Road safety;Road vehicles;Spread spectrum communication;Wireless LAN;Geocast;performance;secure;vehicular communication},
doi = {10.1109/TVT.2010.2045014},
issn = {0018-9545},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosLH:J:2010,
author = {Papadimitratos, Panos and Luo, J. and Hubaux, Jean-Pierre},
title = {{A Randomized Countermeasure Against Parasitic Adversaries in Wireless Sensor Networks}},
journal = {{IEEE} {J}ournal on {S}elected {A}reas in {C}ommunications (IEEE JSAC)},
year = {2010},
volume = {28},
pages = {1036--1045},
number = {7},
month = {September},
abstract = {Due to their limited capabilities, wireless sensor nodes are subject to physical attacks that are hard to defend against. In this paper, we first identify a typical attacker, called parasitic adversary, who seeks to exploit sensor networks by obtaining measurements in an unauthorized way. As a countermeasure, we first employ a randomized key refreshing: with low communication cost, it aims at confining (but not eliminating) the effects of the adversary. Moreover, our low-complexity solution, GossiCrypt, leverages on the large scale of sensor networks to protect data confidentiality, efficiently and effectively. GossiCrypt applies symmetric key encryption to data at their source nodes; and it applies re-encryption at a randomly chosen subset of nodes en route to the sink. The combination of randomized key refreshing and GossiCrypt protects data confidentiality with a probability of almost 1; we show this analytically and with simulations. In addition, the energy consumption of GossiCrypt is lower than a public-key based solution by several orders of magnitude.},
keywords = {public key cryptography;telecommunication security;wireless sensor networks;GossiCrypt;data confidentiality protection;network security;parasitic adversaries;parasitic adversary;public key encryption;randomized key refreshing;symmetric key encryption;wireless sensor networks;Encryption;Markov processes;Protocols;Public key;Silicon;Wireless sensor networks;Confidentiality;GossiCrypt;Probabilistic Key Refreshing and En-route Encryption;Security},
doi = {10.1109/JSAC.2010.100908},
issn = {0733-8716},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosFEBC:J:2009,
author = {Papadimitratos, Panos and de La Fortelle, A. and Evenssen, K. and Brignolo, R. and Cosenza, S.},
title = {{Vehicular Communication Systems: Enabling Technologies, Applications, and Future Outlook on Intelligent Transportation}},
journal = {IEEE Communications Magazine },
year = {2009},
volume = {47},
pages = {84--95},
number = {11},
month = {November},
abstract = {Numerous technologies have been deployed to assist and manage transportation. But recent concerted efforts in academia and industry point to a paradigm shift in intelligent transportation systems. Vehicles will carry computing and communication platforms, and will have enhanced sensing capabilities. They will enable new versatile systems that enhance transportation safety and efficiency and will provide infotainment. This article surveys the state-of-the-art approaches, solutions, and technologies across a broad range of projects for vehicular communication systems.},
keywords = {mobile radio;road safety;intelligent transportation systems;transportation safety;vehicular communication systems;Communications technology;Computer interfaces;Europe;Intelligent transportation systems;Intelligent vehicles;Safety;Telecommunication standards;User interfaces;Virtual colonoscopy;Wireless sensor networks},
doi = {10.1109/MCOM.2009.5307471},
issn = {0163-6804},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosBHSFRMKKH2008,
author = {Papadimitratos, Panos and Buttyan, Levente and Holczer, T. and Schoch, E. and Freudiger, J. and Raya, Maxim and Ma, Z. and Kargl, Frank and Kung, A. and Hubaux, Jean-Pierre},
title = {{Secure Vehicular Communication Systems: Design and Architecture}},
journal = {IEEE Communications Magazine},
year = {2008},
volume = {46},
pages = {100--109},
number = {11},
month = {November},
abstract = {Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the deployment of the technology. This is so precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems can be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two articles in this issue. In this first one, we analyze threats and types of adversaries, identify security and privacy requirements, and present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second article we present our progress toward the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.},
keywords = {mobile radio;road vehicles;telecommunication security;SeVeCom project;private user information;road-side infrastructure units;secure vehicular communication systems;security architecture;Collaboration;Cryptographic protocols;Cryptography;Delay;Equipment failure;Identity management systems;Privacy;Protection;Vehicles;Virtual colonoscopy},
doi = {10.1109/MCOM.2008.4689252},
issn = {0163-6804},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{KarglPBMSWTCHKH2008,
author = {F. Kargl and P. Papadimitratos and L. Buttyan and M. Müter and E. Schoch and B. Wiedersheim and T. V. Thong and G. Calandriello and A. Held and A. Kung and Jean-Pierre Hubaux},
title = {{Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges}},
journal = {IEEE Communications Magazine},
year = {2008},
volume = {46},
pages = {110--118},
number = {11},
month = {November},
abstract = {Vehicular communication systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. we discuss the design of a VC security system that has emerged as a result of the European SeVe-Com project. In this second article we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems.},
keywords = {data privacy;mobile radio;European SeVe-Com project;open security research;privacy protection;secure vehicular communication system;Communication system security;Data security;Hardware;Information security;Information technology;Performance analysis;Privacy;Remotely operated vehicles;Vehicle safety;Virtual colonoscopy},
doi = {10.1109/MCOM.2008.4689253},
issn = {0163-6804},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosPSLBCH:J:2008,
author = {Papadimitratos, Panos and Poturalski, Marcin and Schaller, Patrick and Lafourcade, Pascal and Basin, David and \v{C}apkun, Srdjan and Hubaux, Jean-Pierre},
title = {{Secure Neighborhood Discovery: A Fundamental Element for Mobile Ad Hoc Networking}},
journal = {{IEEE} {C}ommunications {M}agazine},
year = {2008},
volume = {46},
pages = {132--139},
number = {2},
month = {February},
abstract = {Pervasive computing systems will likely be deployed in the near future, with the proliferation of wireless devices and the emergence of ad hoc networking as key enablers. Coping with mobility and the volatility of wireless communications in such systems is critical. Neighborhood discovery (ND) - the discovery of devices directly reachable for communication or in physical proximity - becomes a fundamental requirement and building block for various applications. However, the very nature of wireless mobile networks makes it easy to abuse ND and thereby compromise the overlying protocols and applications. Thus, providing methods to mitigate this vulnerability and secure ND is crucial. In this article we focus on this problem and provide definitions of neighborhood types and ND protocol properties, as well as a broad classification of attacks. Our ND literature survey reveals that securing ND is indeed a difficult and largely open problem. Moreover, given the severity of the problem, we advocate the need to formally model neighborhoods and analyze ND schemes.},
keywords = {ad hoc networks;mobile radio;telecommunication security;ubiquitous computing;mobile ad hoc networking;pervasive computing systems;secure neighborhood discovery;wireless communications;wireless devices;wireless mobile networks;Aircraft;Airplanes;Communication system security;Computer applications;Mobile computing;Neodymium;Protocols;Relays;Transceivers;Wireless sensor networks},
doi = {10.1109/MCOM.2008.4473095},
issn = {0163-6804},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosH:J:2008,
author = {Papadimitratos, Panagiotis and Hubaux, Jean-Pierre},
title = {{Report on the Secure Vehicular Communications: Results and Challenges Ahead" Workshop}},
journal = {{ACM} {SIGMOBILE} {M}obile {C}omputing and {C}ommunications {R}eview ({ACM MC2R}) },
volume = {12},
number = {2},
month = {April},
year = {2008},
issn = {1559-1662},
pages = {53--64},
numpages = {12},
doi = {10.1145/1394555.1394567},
acmid = {1394567},
address = {New York, NY, USA},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PiorkowskiRLPGH:J:2008,
author = {Michal Pi{\'{o}}rkowski and Maxim Raya and A. Lezama Lugo and Panagiotis Papadimitratos and Matthias Grossglauser and Jean{-}Pierre Hubaux},
title = {{TraNS: Realistic Joint Traffic and Network Simulator for VANETs}},
journal = {ACM SIGMOBILE Mobile Computing and Communications Review (ACM MC2R)},
year = {2008},
volume = {12},
pages = {31--33},
number = {1},
month = {January},
comment = {DIVA},
doi = {10.1145/1374512.1374522},
issn = {1559-1662},
typ = {J}
}

@article{RayaPAJH:J:2007,
title = {{Eviction of Misbehaving and Faulty Nodes in Vehicular Networks}},
journal = {IEEE Journal on Selected Areas in Communications (IEEE JSAC)},
year = {2007},
volume = {25},
pages = {1557--1568},
number = {8},
month = {October},
doi = {10.1109/JSAC.2007.071006},
abstract = {Vehicular networks (VNs) are emerging, among civilian applications, as a convincing instantiation of the mobile networking technology. However, security is a critical factor and a significant challenge to be met. Misbehaving or faulty network nodes have to be detected and prevented from disrupting network operation, a problem particularly hard to address in the life-critical VN environment. Existing networks rely mainly on node certificate revocation for attacker eviction, but the lack of an omnipresent infrastructure in VNs may unacceptably delay the retrieval of the most recent and relevant revocation information; this will especially be the case in the early deployment stages of such a highly volatile and large-scale system. In this paper, we address this specific problem. We propose protocols, as components of a framework, for the identification and local containment of misbehaving or faulty nodes, and then for their eviction from the system. We tailor our design to the VN characteristics and analyze our system. Our results show that the distributed approach to contain nodes and contribute to their eviction is efficiently feasible and achieves a sufficient level of robustness.},
keywords = {mobile radio;protocols;telecommunication network reliability;faulty network node detection;mobile networking technology;vehicular network;Fault detection;Fault diagnosis;Information retrieval;Large-scale systems;Manufacturing;Protocols;Research initiatives;Robustness;Vehicle driving;Vehicle safety},
doi = {10.1109/JSAC.2007.071006},
issn = {0733-8716},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosH:J:2006,
author = {Papadimitratos, Panos and Haas, Z.J.},
title = {{Secure Data Communication in Mobile Ad Hoc Networks}},
journal = {IEEE Journal on Selected Areas in Communications (IEEE JSAC)},
year = {2006},
volume = {24},
pages = {343--356},
number = {2},
month = {February},
abstract = {We address the problem of secure and fault-tolerant communication in the presence of adversaries across a multihop wireless network with frequently changing topology. To effectively cope with arbitrary malicious disruption of data transmissions, we propose and evaluate the secure message transmission (SMT) protocol and its alternative, the secure single-path (SSP) protocol. Among the salient features of SMT and SSP is their ability to operate solely in an end-to-end manner and without restrictive assumptions on the network trust and security associations. As a result, the protocols are applicable to a wide range of network architectures. We demonstrate that highly reliable communication can be sustained with small delay and small delay variability, even when a substantial portion of the network nodes systematically or intermittently disrupt communication. SMT and SSP robustly detect transmission failures and continuously configure their operation to avoid and tolerate data loss, and to ensure the availability of communication. This is achieved at the expense of moderate transmission and routing overhead, which can be traded off for delay. Overall, the ability of the protocols to mitigate both malicious and benign faults allows fast and reliable data transport even in highly adverse network environments.},
keywords = {ad hoc networks;data communication;fault tolerance;message authentication;mobile radio;routing protocols;telecommunication network topology;telecommunication security;MANET;SMT protocol;data communication;fault-tolerant communication;mobile ad hoc network;multihop wireless network;multipath routing overhead;network topology;secure message transmission;transmission failure detection;Data communication;Disruption tolerant networking;Fault tolerance;Mobile ad hoc networks;Mobile communication;Protocols;Spread spectrum communication;Surface-mount technology;Telecommunication network reliability;Wireless networks;Fault tolerance;mobile ad hoc network (MANET) security;multipath routing;network security;secure data transmission;secure message transmission;secure routing},
doi = {10.1109/JSAC.2005.861392},
issn = {0733-8716},
comment = {DIVA},
typ = {J}
}

@article{RayaPH:J:2006,
author = {Raya, Maxim and Papadimitratos, Panos and Hubaux, Jean-Pierre},
title = {{Securing Vehicular Communications}},
journal = {IEEE Wireless Communications Magazine},
year = {2006},
volume = {13},
pages = {8--15},
number = {5},
month = {October},
abstract = {The road to a successful introduction of vehicular communications has to pass through the analysis of potential security threats and the design of a robust security architecture able to cope with these threats. In this article we undertake this challenge. In addition to providing a survey of related academic and industrial efforts, we also outline several open problems},
keywords = {mobile radio;telecommunication security;vehicles;robust security architecture;securing vehicular communications;security threats;Communication system traffic control;Forgery;Protocols;Road safety;Road vehicles;Robustness;Security;Vehicle driving;Vehicle safety;Virtual colonoscopy},
doi = {10.1109/WC-M.2006.250352},
issn = {1536-1284},
comment = {},
typ = {J}
}

@article{PapadimitratosSM:J:2005,
author = {P. Papadimitratos and S. Sankaranarayanan and A. Mishra},
journal = {IEEE Communications Magazine},
title = {{A Bandwidth Sharing Approach to Improve Licensed Spectrum Utilization}},
year = {2005},
volume = {43},
number = {12},
pages = {supl.10-supl.14},
abstract = {The spectrum of deployed wireless cellular communication systems is found to be underutilized, even though licensed spectrum is at a premium. To efficiently utilize the bandwidth left unused in a cellular system, the primary system (PRI), we propose an overlaid ad hoc secondary network (ASN) architecture, with the ASN operating over the resources left unutilized by the PRI. Our basic design principle is that the ASN operates in a nonintrusive manner and does not interact with the PRI. In this article we present the ad hoc secondary medium access control (AS-MAC) protocol to enable PRI-SEC interoperation, address a number of technical challenges pertinent to this networking environment, and evaluate the performance of the AS-MAC. In a single-hop ASN the AS-MAC transparently utilizes 75 percent of the bandwidth left unused by the PRI, while in multihop ASNs, due to spatial reuse, the AS-MAC can utilize up to 132 percent of the idle PRI resources in our experiments.},
doi = {10.1109/MCOM.2005.1561918},
issn = {0163-6804},
month = {December},
comment = {},
typ = {J}
}

@article{PapadimitratosH:J:2003,
author = {Papadimitratos, Panos and Haas, Z. J.},
title = {{Secure Message Transmission in Mobile Ad Hoc Networks}},
journal = {{E}lsevier {A}d {H}oc {N}etworks {J}ournal},
year = {2003},
volume = {1},
pages = {193--209},
number = {1},
month = {July},
keywords = {MANET security, Secure routing, Secure routing protocol, Secure message transmission, Multipath routing},
abstract = {Abstract The vision of nomadic computing with its ubiquitous access has stimulated much interest in the mobile ad hoc networking (MANET) technology. However, its proliferation strongly depends on the availability of security provisions, among other factors. In the open, collaborative MANET environment, practically any node can maliciously or selfishly disrupt and deny communication of other nodes. In this paper, we propose the secure message transmission (SMT) protocol to safeguard the data transmission against arbitrary malicious behavior of network nodes. SMT is a lightweight, yet very effective, protocol that can operate solely in an end-to-end manner. It exploits the redundancy of multi-path routing and adapts its operation to remain efficient and effective even in highly adverse environments. SMT is capable of delivering up to 83\% more data messages than a protocol that does not secure the data transmission. Moreover, SMT achieves up to 65\% lower end-to-end delays and up to 80\% lower delay variability, compared with an alternative single-path protocol - a secure data forwarding protocol, which we term secure single path (SSP) protocol. Thus, SMT is better suited to support quality of service for real-time communications in the ad hoc networking environment. The security of data transmission is achieved without restrictive assumptions on the network nodesâ€™ trust and network membership, without the use of intrusion detection schemes, and at the expense of moderate multi-path transmission overhead only.},
issn = {1570-8705},
doi = {https://doi.org/10.1016/S1570-8705(03)00018-0},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadiH:J:03,
author = {Papadimitratos, Panagiotis and Haas, Z. J.},
title = {{S}ecure {R}outing for {M}obile {A}d {H}oc {N}etworks},
journal = {{ACM} {SIGMOBILE} {M}obile {C}omputing and {C}ommunications {R}eview ({MC2R}) -\ {S}pecial {I}ssue: {R}eport on a {W}orking {S}ession on {S}ecurity in {W}ireless {A}d hoc {N}etworks, L. Buttyan, J.-P. Hubaux, Eds.},
year = {2003},
volume = {7},
pages = {79--80},
number = {1},
month = {January},
doi = {10.1145/881978.882002},
comment = {DIVA - Fulltext},
typ = {J}
}

@article{PapadimitratosH:J2002,
author = {Papadimitratos, Panos and Haas, Z. J.},
title = {{S}ecuring the {I}nternet {R}outing {I}nfrastructure},
journal = {{IEEE Communications Magazine}},
year = {2002},
volume = {40},
pages = {60--68},
number = {10},
abstract = {The unprecedented growth of the Internet over the last years, and the expectation of an even faster increase in the numbers of users and networked systems, resulted in the Internet assuming its position as a mass communication medium. At the same time, the emergence of an increasingly large number of application areas and the evolution of the networking technology suggest that in the near future the Internet may become the single integrated communication infrastructure. However, as the dependence on the networking infrastructure grows, its security becomes a major concern, in light of the increased attempt to compromise the infrastructure. In particular, the routing operation is a highly visible target that must be shielded against a wide range of attacks. The injection of false routing information can easily degrade network performance, or even cause denial of service for a large number of hosts and networks over a long period of time. Different approaches have been proposed to secure the routing protocols, with a variety of countermeasures, which, nonetheless, have not eradicated the vulnerability of the routing infrastructure. In this article, we survey the up-to-date secure routing schemes. that appeared over the last few years. Our critical point of view and thorough review of the literature are an attempt to identify directions for future research on an indeed difficult and still largely open problem.},
keywords = {Internet;security of data;telecommunication network routing;telecommunication security;transport protocols;Internet routing infrastructure security;countermeasures;false routing information;integrated communication infrastructure;link state protocols;network performance;networked systems;networking infrastructure;networking technology;preventive security mechanisms;research;routing infrastructure;routing protocols;secure routing schemes;Access protocols;Commercialization;Computer crime;Data security;Degradation;IP networks;Information security;Internet;Protection;Routing protocols},
doi = {10.1109/MCOM.2002.1039858},
issn = {0163-6804},
month = {October},
comment = {},