The Resurrecting Duckling:
Security Issues for Ad-hoc Wireless Networks

Frank Stajano and Ross Anderson

In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an environment. Our discussion is based on the concrete example of a thermometer that makes its readings available to other nodes over the air. Some lessons learned from this example appear to be quite general to ad-hoc networks, and rather different from what we have come to expect in more conventional systems: denial of service, the goals of authentication, and the problems of naming all need re-examination. We present the resurrecting duckling security policy model, which describes secure transient association of a device with multiple serialised owners.

Frank gave an evolving version of the Resurrecting Duckling talk on the following occasions:

1999-04-20

This research was first presented at the 7th International Workshop on Security Protocols, held in Cambridge, UK, from 1999-04-19 to 1999-04-21. The proceedings were published by Springer-Verlag in the Lecture Notes in Computer Science series, issue 1796. The full text of the paper, © Springer-Verlag, is available as PDF (114 KB) or HTML (35 KB).

1999-06-01

University of Pennsylvania, Philadelphia, PA, USA (to Jonathan Smith's group).

1999-06-04

NEC Computers&Communications Research Labs at Princeton, NJ, USA.

1999-10-18

COMET seminar at Columbia University, New York City, NY, USA.

1999-10-20

3rd AT&T Software Symposium, Middletown, NJ, USA. The text of this abridged and updated version is available as PDF (70 KB).

1999-10-28

A very condensed version of the core ideas was given as part of the internal AT&T Piconet project review at our lab in Cambridge, UK.

2000-01-31

AT&T Labs Research - Newman Springs, Red Bank, NJ, USA.

2000-02-02

AT&T Labs Research - Florham Park, NJ, USA.

2000-02-03

Telcordia Technologies - Morristown, NJ, USA.

2000-02-03

Bell Labs - Lucent, Murray Hill, NJ, USA.

2000-04-05

Further developments along this research line, aimed at enabling peer-to-peer interaction as well as master-slave, were presented at the subsequent edition of the Security Protocols Workshop, held in Cambridge, UK from 2000-04-03 to 2000-04-05. The proceedings are in LNCS 2133>. The full text of the paper, © Springer-Verlag, is available as "The Resurrecting Duckling --- What Next?" is available as PDF (182 KB) and HTML (37 KB).

(...and several more, but we stopped counting)

The full story of the Duckling, including the papers above and later developments such as the Big Stick Principle, appears in Chapter 4 of Frank's book Security for Ubiquitous Computing.

The Resurrecting Duckling was slashdotted on 1999-10-20. This gets some people excited. Our friendly sysadmin, for example. Not too unreasonable, after all, since on that day this page was hit about 47000 times.

Back to Frank Stajano's or Ross Anderson's home page

validated (recheck)