% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-24 % Creation time: 08-38-18 % --- Number of references % 9 % @Inproceedings { 2011-wirtz-kaleidoscope, title = {Cooperative Wi-Fi-Sharing: Encouraging Fair Play}, year = {2011}, month = {12}, day = {14}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-wirtz-kaleidoscope.pdf}, misc = {Online}, address = {ITU}, booktitle = {Proceedings of the ITU-T Kaleidoscope Event 2011, Cape Town, South Africa}, event_place = {Cape Town, South Africa}, event_name = {ITU-T Kaleidoscope: The fully networked human?}, event_date = {2011-12-12}, language = {en}, ISBN = {978-92-61-13651-2}, reviewed = {1}, author = {Wirtz, Hanno and Hummen, Ren{\'e} and Viol, Nicolai and Heer, Tobias and Lora Gir{\'o}n, M{\'o}nica Alejandra and Wehrle, Klaus} } @Inproceedings { 2011-hummen-pisa-demo, title = {PISA-SA - Security and Mobility in a Collaborative Muni-Fi (Demo Abstract)}, year = {2011}, month = {6}, day = {15}, volume = {15}, pages = {35--36}, tags = {mobile_access}, url = {fileadmin/papers/2011/2011-hummen-wisec-pisa-sa-demo.pdf}, misc2 = {Online}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the fourth ACM Conference on Wireless Network Security, Hamburg, Germany}, event_place = {Hamburg, Germany}, event_name = {Wireless Network Security 2011 (WiSec 2011)}, language = {en}, ISSN = {1559-1662}, DOI = {10.1145/2073290.2073297}, reviewed = {1}, author = {Hummen, Ren{\'e} and Wirtz, Hanno and Viol, Nicolai and Heer, Tobias and Wehrle, Klaus} } @Techreport { rfc6253, title = {{Host Identity Protocol Certificates}}, year = {2011}, month = {5}, number = {rfc6253}, abstract = {The Certificate (CERT) parameter is a container for digital certificates. It is used for carrying these certificates in Host Identity Protocol (HIP) control packets. This document specifies the CERT parameter and the error signaling in case of a failed verification. Additionally, this document specifies the representations of Host Identity Tags in X.509 version 3 (v3) and Simple Public Key Infrastructure (SPKI) certificates. The concrete use of certificates, including how certificates are obtained, requested, and which actions are taken upon successful or failed verification, is specific to the scenario in which the certificates are used. Hence, the definition of these scenario- specific aspects is left to the documents that use the CERT parameter.}, tags = {mobile_access}, url = {http://www.ietf.org/rfc/rfc6253.txt}, publisher = {IETF}, howpublished = {RFC 6253 (Experimental)}, series = {Request for Comments}, organization = {Internet Engineering Task Force}, institution = {Internet Engineering Task Force}, type = {Request For Commments (Experimental Standard)}, reviewed = {1}, author = {Heer, Tobias and Varjonen, Samu} } @Techreport { rfc5201-bis-04, title = {{Host Identity Protocol Version 2}}, year = {2011}, month = {1}, volume = {1}, number = {draft-ietf-hip-rfc5201-bis-04.txt}, note = {{expires: July 24, 2011 (work in progress)}}, tags = {mobile_access}, url = {http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-04}, misc2 = {Online}, publisher = {{IETF Trust}}, howpublished = {An online version is available at: http://tools.ietf.org/html/draft-ietf-hip-rfc5201-bis-04}, series = {Internet Drafts}, organization = {{Internet Engineering Task Force}}, institution = {Internet Engineering Task Force}, language = {en}, reviewed = {1}, author = {Moskowitz, Robert and Jokela, Petri and Henderson, Thomas R. and Heer, Tobias} } @Techreport { 2011-heer-draft-middle-auth, title = {End-Host Authentication for HIP Middleboxes (Version 4)}, year = {2011}, number = {draft-heer-hip-middle-auth-04}, abstract = {The Host Identity Protocol [RFC5201] is a signaling protocol for secure communication, mobility, and multihoming that introduces a cryptographic namespace. This document specifies an extension for HIP that enables middleboxes to unambiguously verify the identities of hosts that communicate across them. This extension allows middleboxes to verify the liveness and freshness of a HIP association and, thus, to secure access control in middleboxes.}, note = {Work in progress}, tags = {ietf, mobile_access}, url = {http://tools.ietf.org/html/draft-heer-hip-middle-auth-04}, misc2 = {Online}, institution = {Internet Engineering Task Force}, type = {Internet-Draft}, language = {en}, author = {Heer, Tobias and Komu, Miika and Hummen, Ren{\'e} and Wehrle, Klaus} } @Inproceedings { 2010-heer-pisa-sa, title = {PiSA-SA: Municipal Wi-Fi Based on Wi-Fi Sharing}, year = {2010}, month = {8}, day = {2}, volume = {1}, pages = {588-593}, abstract = {With the goal of providing ubiquitous wireless services (e.g., tourist guides, environmental information, pedestrian navigation), municipal wireless networks are currently being established all around the world. For municipalities, it is often challenging to achieve the bandwidth and coverage that is necessary for many of the envisioned network services. At the same time, Wi-Fi-sharing communities achieve high bandwidth and good coverage at a very low cost by capitalizing on the dense deployment of private access points in urban areas. However, from a technical, conceptual, and security perspective, Wi-Fi sharing community networks resemble a patchwork of heterogeneous networks instead of one well-planned city-wide network. This patchwork character stands in stark contrast to a uniform, secure platform for public and commercial services desirable for the economic success of such a network. Hence, despite its cost-efficiency, the community-based approach cannot be adopted by municipalities easily. In this paper, we show how to realize municipal wireless services on top of a Wi-Fi-sharing infrastructure in a technically sound and economically attractive fashion. In particular, we focus on how to securely provide services to mobile clients with and without client-side software support. Our solution cleanly separates the roles of controlling and administering the network from providing bandwidth and wireless access. With this separation, commercial ISPs and citizens with their private Wi-Fi can contribute to the network infrastructure. This allows municipalities in turn to focus their resources on municipal wireless services.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-icc-pisa-sa.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {International Conference on Computer Communication Networks, ICCCN 2010, Zurich}, event_place = {Zurich, Switzerland}, event_name = {International Conference on Computer Communication Networks, ICCCN 2010}, language = {en}, ISBN = {978-1-4244-7114-0}, DOI = {10.1109/ICCCN.2010.5560103}, reviewed = {1}, author = {Heer, Tobias and Jansen, Thomas and Hummen, Ren{\'e} and Wirtz, Hanno and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} } @Inproceedings { 2010-percomws-heer-munifi, title = {Collaborative Municipal Wi-Fi Networks - Challenges and Opportunities}, journal = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), IEEE.}, year = {2010}, month = {4}, day = {2}, volume = {1}, pages = {588 - 593}, abstract = {Municipal Wi-Fi networks aim at providing Internet access and selected mobile network services to citizens, travelers, and civil servants. The goals of these networks are to bridge the digital divide, stimulate innovation, support economic growth, and increase city operations efficiency. While establishing such urban networks is financially challenging for municipalities, Wi-Fi-sharing communities accomplish good coverage and ubiquitous Internet access by capitalizing on the dense deployment of private access points in urban residential areas. By combining Wi-Fi communities and municipal Wi-Fi, a collaborative municipal Wi-Fi system promises cheap and ubiquitous access to mobile city services. However, the differences in intent, philosophy, and technical realization between community and municipal Wi-Fi networks prevent a straight-forward combination of both approaches. In this paper, we highlight the conceptual and technical challenges that need to be solved to create collaborative municipal Wi-Fi networks.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2010/2010-heer-percomws-collaborative-municipal-wi-fi.pdf}, misc2 = {Print}, publisher = {IEEE Press}, address = {Washington, DC, USA}, booktitle = {Proceedings of the Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010), Mannheim, Germany.}, event_place = {Mannheim, Germany}, event_name = {Sixth IEEE PerCom Workshop on Pervasive Wireless Networking (PWN 2010)}, event_date = {April 02, 2010}, language = {en}, ISBN = {978-1-4244-6605-4}, DOI = {10.1109/PERCOMW.2010.5470505}, author = {Heer, Tobias and Hummen, Ren{\'e} and Viol, Nicolai and Wirtz, Hanno and G{\"o}tz, Stefan and Wehrle, Klaus} } @Inproceedings { 2009-icc-heer-middleboxes, title = {End-host Authentication and Authorization for Middleboxes based on a Cryptographic Namespace}, year = {2009}, volume = {1}, pages = {791-796}, abstract = {Today, middleboxes such as firewalls and network address translators have advanced beyond simple packet forwarding and address mapping. They also inspect and filter traffic, detect network intrusion, control access to network resources, and enforce different levels of quality of service. The cornerstones for these security-related network services are end-host authentication and authorization. Using a cryptographic namespace for end-hosts simplifies these tasks since it gives them an explicit and verifiable identity. The Host Identity Protocol (HIP) is a key-exchange protocol that introduces such a cryptographic namespace for secure end-to-end communication. Although HIP was designed with middleboxes in mind, these cannot securely use its namespace because the on-path identity verification is susceptible to replay attacks. Moreover, the binding between HIP as an authentication protocol and IPsec as payload transport is insufficient because on-path middleboxes cannot securely map payload packets to a HIP association. In this paper, we propose to prevent replays attack by treating packet-forwarding middleboxes as first-class citizens that directly interact with end-hosts. Also we propose a method for strengthening the binding between the HIP authentication process and its payload channel with hash-chain-based authorization tokens for IPsec. Our solution allows on-path middleboxes to efficiently leverage cryptographic end-host identities and integrates cleanly into existing protocol standards.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2009/2009-heer-icc-end-host-authentication.pdf}, misc2 = {Print}, publisher = {Piscataway, NJ, USA}, address = {Dresden, Germany}, booktitle = {Proceedings of the IEEE International Conference on Communications 2009 (ICC 2009), Dresden, Gemany}, organization = {IEEE}, event_place = {Dresden, Germany}, event_name = {IEEE International Conference on Communications 2009 (ICC 2009)}, language = {en}, ISBN = {978-1-4244-3435-0}, ISSN = {1938-1883}, DOI = {10.1109/ICC.2009.5198984}, reviewed = {1}, author = {Heer, Tobias and Hummen, Ren{\'e} and Komu, Miika and G{\"o}tz, Stefan and Wehrle, Klaus} } @Conference { 2008-heer-pisa-full, title = {Secure Wi-Fi Sharing at Global Scales}, year = {2008}, month = {6}, day = {16}, volume = {1}, pages = {1-7}, abstract = {The proliferation of broadband Internet connections has lead to an almost pervasive coverage of densely populated areas with private wireless access points. To leverage this coverage, sharing of access points as Internet uplinks among users has first become popular in communities of individuals and has recently been adopted as a business model by several companies. However, existing implementations and proposals suffer from the security risks of directly providing Internet access to strangers. In this paper, we present the P2P Wi-Fi Internet Sharing Architecture PISA, which eliminates these risks by introducing secure tunneling, cryptographic identities, and certificates as primary security concepts. Thus, PISA offers nomadic users the same security that they expect from a wired Internet connection at home. Based on its three fundamental mechanisms, PISA achieves a flexibility which opens significant advantages over existing systems. They include user mobility, anonymity, service levels with different performance and availability characteristics, and different revenue models for operators. With this combination of key features, PISA forms an essential basis for global, seamless, and secure Wi-Fi sharing for large communities.}, tags = {mobile_access}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2008/2008-heer-ict-secure-wifi.pdf}, misc2 = {Print}, publisher = {IEEE}, address = {Washington, DC, USA}, booktitle = {Proc. of 15th International Conference on Telecommunication (ICT), St. Petersburg, Russian Federation}, event_place = {St. Petersburg, Russian Federation}, event_name = {15th International Conference on Telecommunication (ICT)}, event_date = {16-19 June 2008}, language = {en}, ISBN = {978-1-4244-2035-3}, reviewed = {1}, author = {Heer, Tobias and G{\"o}tz, Stefan and Weingaertner, Elias and Wehrle, Klaus} }