Your browser does not support JavaScript!

Ladon: end-to-end authorisation support for resource-deprived environments

Ladon: end-to-end authorisation support for resource-deprived environments

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The authors present Ladon, an enhanced version of Kerberos which extends the original protocol with authorisation capacity and relaxes the necessity of clock synchronisation by adding to the protocol special limited-lifetime nonces. This way, although all entities need timers, only the clocks of the two servers that constitute the key distribution centre must be synchronised with each other. The design of this protocol is motivated by the emergence of a new trend of applications in which sensors and low-capacity devices become tiny information or application servers directly addressable by any Internet-connected entity. Despite the huge potential of these environments, security is probably the greatest barrier to their long-term success. To address this issue, Ladon allows for end-to-end pair-wise key establishment in an authenticated and authorised manner, while keeping the introduced storage, computational and communication overhead very low. The security analysis with the AVISPA formal validation tool shows that the protocol meets the stated security goals, whereas the performance analysis shows that the overhead of the protocol is bounded and comparable to that of other security protocols which provide even less functionalities.


    1. 1)
      • Karlof, C., Sastry, N., Wagner, D.: `TinySec: a link layer security architecture for wireless sensor networks', Proc. Second Int. Conf. Embedded Networked Sensor Systems (SenSys 2004), November 2004, Baltimore, MD, USA, p. 162–175.
    2. 2)
    3. 3)
      • M. Walla . (2000) Kerberos explained.
    4. 4)
      • IEEE 802.15.4 Standard: ‘Wireless medium access (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networks (WPANs)’, 2006.
    5. 5)
    6. 6)
      • Wettstein, G.H., Grosen, J., Rodriguez, E.: `IDfusion, an open-architecture for Kerberos based authorization', Proc. AFS and Kerberos Best Practices Workshop, June 2006, Michigan, USA.
    7. 7)
      • Montenegro, G., Kushalnagar, N., Hui, J., Culler, D.: `Transmission of IPv6 packets over IEEE 802.15.4 networks', RFC 4944, 2007.
    8. 8)
    9. 9)
      • Neuman, C., Hartman, S., Raeburn, K.: `The Kerberos network authentication service (v5)', RFC 4120, 2005.
    10. 10)
    11. 11)
      • Zhu, S., Setia, S., Jajodia, S.: `LEAP: efficient security mechanisms for large-scale distributed sensor networks', Proc. Tenth ACM Conf. Computer and Communications Security (CCS' 03), October 2003, Washington D.C., USA, p. 62–72.
    12. 12)
      • Shnayder, V., Hempstead, M., Chen, B.-r., Allen, G.W., Welsh, M.: `Simulating the power consumption of large-scale sensor network applications', Proc. Second Int. Conf. Embedded Networked Sensor Systems, (SenSys 2004), November 2004, Baltimore, MD, USA, p. 188–200.
    13. 13)
    14. 14)
      • Wang, L., Wijesekera, D., Jajodia, S.: `A logic-based framework for attribute based access control', Proc. ACM Workshop on Formal Methods in Security Engineering (FMSE’04), October 2004, Washington DC., USA, p. 45–55.
    15. 15)
      • AVISPA Project IST-2001-39252, ‘Deliverable 2.1: the high-level protocol specification language’, August 2003.
    16. 16)
      • IPv6 over Low power WPAN (6lowpan) Working Group,, accessed September 2011.
    17. 17)
    18. 18)
      • Neuman, C.: `Proxy-based authorization and accounting for distributed systems', Proc. 13th Int. Conf. Distributed Computing Systems, May 1993, Pittsburgh, USA, p. 283–291.
    19. 19)
      • Abadi, D.J., Lindner, W., Madden, S., Schuler, J.: `An integration framework for sensor networks and data stream management systems', Proc. 13th Int. Conf. Very Large Data Bases, August 2004, Toronto, Canada, p. 1361–1364.
    20. 20)
      • AVISPA: Automated Validation of Internet Security Protocols and Applications. FET Open Project IST-2001-39252,, accessed September 2011.

Related content

This is a required field
Please enter a valid email address