The Resurrecting Duckling:
Security Issues for Ad-hoc Wireless Networks
Frank Stajano and Ross Anderson
In the near future, many personal electronic devices will be able to
communicate with each other over a short range wireless channel. We
investigate the principal security issues for such an environment. Our
discussion is based on the concrete example of a thermometer that makes its
readings available to other nodes over the air. Some lessons learned from
this example appear to be quite general to ad-hoc networks, and rather
different from what we have come to expect in more conventional systems:
denial of service, the goals of authentication, and the problems of naming
all need re-examination. We present the resurrecting duckling
security policy model, which describes secure transient association of a
device with multiple serialised owners.
Frank gave an evolving version of the Resurrecting Duckling talk on the
- This research was first presented at the 7th
International Workshop on Security Protocols, held in Cambridge, UK,
from 1999-04-19 to 1999-04-21. The proceedings were published by
Springer-Verlag in the Lecture Notes in
Computer Science series, issue 1796. The full text of the paper,
© Springer-Verlag, is available as PDF (114 KB) or HTML (35 KB).
University of Pennsylvania, Philadelphia, PA, USA (to Jonathan Smith's group).
NEC Computers&Communications Research Labs at Princeton, NJ, USA.
seminar at Columbia University, New York City, NY, USA.
- 3rd AT&T Software Symposium, Middletown, NJ,
USA. The text of this abridged and updated version is available as PDF (70 KB).
A very condensed version of the core ideas was given as part of the
internal AT&T Piconet project review at our lab in Cambridge, UK.
AT&T Labs Research - Newman Springs, Red Bank, NJ, USA.
AT&T Labs Research - Florham Park, NJ, USA.
Telcordia Technologies - Morristown, NJ, USA.
Bell Labs - Lucent, Murray Hill, NJ, USA.
- Further developments along this research line,
aimed at enabling peer-to-peer interaction as well as master-slave,
were presented at the subsequent edition of the Security Protocols
Workshop, held in Cambridge, UK from 2000-04-03 to 2000-04-05. The
proceedings are in LNCS
2133>. The full text of the paper, © Springer-Verlag, is
available as "The Resurrecting Duckling --- What Next?" is available
as PDF (182 KB) and
HTML (37 KB).
(...and several more, but we stopped counting)
The full story of the Duckling, including the papers above and
later developments such as the Big Stick Principle, appears in Chapter
4 of Frank's book Security for Ubiquitous
The Resurrecting Duckling was slashdotted
on 1999-10-20. This gets some people excited. Our friendly sysadmin, for example. Not too
unreasonable, after all, since on that day this page was hit about 47000 times.
Back to Frank Stajano's or
Ross Anderson's home page