<%BANNER%>

Security in Heterogeneous Wireless Ad Hoc Networks: Challenges and Solutions

xml version 1.0 encoding UTF-8
REPORT xmlns http:www.fcla.edudlsmddaitss xmlns:xsi http:www.w3.org2001XMLSchema-instance xsi:schemaLocation http:www.fcla.edudlsmddaitssdaitssReport.xsd
INGEST IEID E20101219_AAAAEG INGEST_TIME 2010-12-19T23:13:18Z PACKAGE UFE0015609_00001
AGREEMENT_INFO ACCOUNT UF PROJECT UFDC
FILES
FILE SIZE 2488 DFID F20101219_AACKLB ORIGIN DEPOSITOR PATH zhang_y_Page_047.txt GLOBAL false PRESERVATION BIT MESSAGE_DIGEST ALGORITHM MD5
76e16e9477977aaa96b5ace4c7fc5ada
SHA-1
30e3fb3a21800b4c1214c1563a4edca4d00c5486
2682 F20101219_AACKKN zhang_y_Page_028.txt
40ce1e8103843a6ed611d0368288afb1
2b6152d376148e4e48c7ae8cef75cf2ba158f668
19808 F20101219_AACKJY zhang_y_Page_167.pro
5aaed0b08f21a3de5bfc06e50a0e753a
80730177db756a2d32b8e7051920a0e6e2a0fa9a
1088020 F20101219_AACJGW zhang_y_Page_052.jp2
9a7c00cce5d545ba3e397307884cd29d
c3e83db4815e58b0f1c5ad00e89ae8fe083eeee3
58009 F20101219_AACJHL zhang_y_Page_037.pro
7603267b09bb30461f254ef8e661375d
38c1596462f0d968831d91829116ba4b67e4a69d
2434 F20101219_AACKLC zhang_y_Page_048.txt
d326f6a489fdedd9a68a772a4153cfec
cc1417ad25359e48eaa1d6620f9410b1045eaa35
2715 F20101219_AACKKO zhang_y_Page_029.txt
72005d2533a4bdcb90976576a49778bb
e093b2d24c817dab00c8837f94c44e84de5e7126
2115 F20101219_AACKJZ zhang_y_Page_006.txt
b951ee1df96dbc5c7df8515fd44df6e9
74a13d7bd4def825d5951b04a7fc4fa75f8b5235
1042476 F20101219_AACJGX zhang_y_Page_057.jp2
726d283ef9dca48ad55c49e2015ffae4
745346f027df432a30ca2148e14dde7d67fdfb70
28033 F20101219_AACJIA zhang_y_Page_005.pro
40120b38bacb59f3ef6c030ce53e7b9a
3601251f37176a8cf0be104f32c1319815bfc670
26138312 F20101219_AACJHM zhang_y_Page_139.tif
cd9e5f346a7d9e8edd0ae17c138e3f84
3838dae2ac45f9c3c01835a1978cb7ae1c3d0474
2286 F20101219_AACKLD zhang_y_Page_050.txt
2b84301dba125ebe27cbd906465457e1
4abcef769e36cbcea5ae6666d5a27592d27df092
104252 F20101219_AACJGY zhang_y_Page_103.jp2
1298afdc7e5547b6e1fd7b42c6961485
0d01bf3d2cf2853dbf9fa57f9f2771c0ada49c9b
1092266 F20101219_AACJIB zhang_y_Page_164.tif
caec6169adf92afc6c611f2c6ebc6ec3
ef133a3a1b0329580816c0108d2691b54c44c46c
2528 F20101219_AACKLE zhang_y_Page_051.txt
2023d4e14eed61e23e54e4e59b62fbcf
f89795095a1368987cb573014e725dab8b6849c8
1493 F20101219_AACKKP zhang_y_Page_030.txt
b5895da6ecc3ae7a4a9961a4d13d5fb8
8d6bd5e27c4e8365a464787e78bf08f67fa285ce
F20101219_AACJGZ zhang_y_Page_110.tif
9c735f248b89efd5dcdce7c14d6b2d60
3e2f1cdd4ffa50687357cc0998996b32b88a6206
2408 F20101219_AACJIC zhang_y_Page_086.txt
d79c08609d0b038efc37ba7f5bb5756c
a67744fececd8eabdca8268747cf09b13660a6b4
F20101219_AACJHN zhang_y_Page_114.tif
92c8c66e2f9050922ef5467d2fe451d1
c14fbd911002432d714651daaa6f20aa15620fac
2497 F20101219_AACKLF zhang_y_Page_052.txt
fab3f3c469413538a1c5c9a331f5378e
869ed0970e718ae25dbb94e71522aa8d7aee9deb
2619 F20101219_AACKKQ zhang_y_Page_031.txt
ca3121ac4394d8c81977683e7d063633
a118af92fbedf5a0b51ca7254eda621dd801b507
6809 F20101219_AACJID zhang_y_Page_105thm.jpg
f33b1ff6dc2331485d6d7dd5dcbe8b97
e6c0a49ba9a61120d4153f3dad9781205af84ead
51777 F20101219_AACJHO zhang_y_Page_065.pro
92b8e62ea77386587f8a9fd5c41087b2
f8d9da66b8b51a199ba043cda8a6ed6b32918ee3
2179 F20101219_AACKLG zhang_y_Page_055.txt
b5625d3511800b2427f007df095e397b
ada11340756c5d9512776e7409322ad3b3e95096
2672 F20101219_AACKKR zhang_y_Page_032.txt
813cff4538ac2c3b499a9f9e56f560b6
0760274b98eb1d76ddb569e22a130bbf15dbb382
F20101219_AACJIE zhang_y_Page_145.tif
811989e817311b32c483c130ce89fa32
5e3092c466d23bdac6f95bd642f49b03600cf6aa
35149 F20101219_AACJHP zhang_y_Page_043.QC.jpg
8652bdee81d09c00308da3fcfa01993e
6c3fc738989b9f512b66211578a7fca64d1e6a6c
2561 F20101219_AACKLH zhang_y_Page_056.txt
322c372cd22f58b73c5b7a652db63f7a
610bb244f78df05d002d26d3aa63d64e869c520f
2511 F20101219_AACKKS zhang_y_Page_034.txt
9e31ea63e38c1d809a81442dfe5e036b
05c419f8e3669facdd962c4e73c7ab2a4fa270ce
F20101219_AACJIF zhang_y_Page_003.tif
d6c91ce12604cf9a0ef242cb127e4401
9b0ab7264163de410d43dfcc91514fbf682b7c9a
2305 F20101219_AACJHQ zhang_y_Page_053.txt
28b12b6581c5b86827ea7eb6df6ddfd9
1774caea1b0c652866595888aac566d1538f4e7d
2051 F20101219_AACKLI zhang_y_Page_057.txt
e734249c6fc04cf4e48d3c22e385050b
88e9b764ca94f18a30ed6b97742b7ad5128ded2f
2663 F20101219_AACKKT zhang_y_Page_036.txt
499ab31c531eaa2d6c23f24408f82f19
05615dfd97292e91fcaed916e6c05e167df14001
57422 F20101219_AACJIG zhang_y_Page_141.pro
4ee0b097387c7e411bac9e331f51996c
077b45e7c43d600b6768e3531b0c145d503bfd9e
F20101219_AACJHR zhang_y_Page_081.tif
51c021f5b20e18fb1f9cd9e4b2b95286
eca3cf53255d2a1ef9a651f274a0884fa1029aab
2323 F20101219_AACKLJ zhang_y_Page_058.txt
dacbde0eaa27f2512bbcda257b9123a2
4a51768ad637796655943fadd32b97bfded16ba8
2623 F20101219_AACKKU zhang_y_Page_037.txt
1dea776d7f4cca0eced57e9f4bee7f73
011735bf6e31a6616679ebad34983226d9f2cad4
7678 F20101219_AACJIH zhang_y_Page_101thm.jpg
fc0fdc0753ed348d95b4be8dd80f6423
7622a2cc5c7702ab1c2e26aaeb8a026a238b5f47
126905 F20101219_AACJHS zhang_y_Page_133.jpg
dcefb711a9f6c6b82f4a5de93a3fdccf
816fca509bcc0aaa70c1d22865e734db018e8347
F20101219_AACKLK zhang_y_Page_059.txt
074b749bc99979401727c0139d9952ed
6a4afc78b5d8916d02422c8bad4dfe91ba0d4a0b
2516 F20101219_AACKKV zhang_y_Page_038.txt
7a018406989ac2fe1184790a774e67c0
c5a720cc32863ba56491764392cf2bcb98b7bfde
31654 F20101219_AACJII zhang_y_Page_104.QC.jpg
6b2b3c3ca5295162d9ccbd7f84fcc3f0
156b3629c8f58aece516ab57159f9418a3082317
F20101219_AACJHT zhang_y_Page_068.tif
4462564e70783f84f4280fc20983b635
4999a3b8cf5a39c9649884e7a421186aa7973097
2393 F20101219_AACKLL zhang_y_Page_060.txt
0a5201ed1f1ba48b577887bf0314919a
74946a382109403ecd124364bd1fb670ec9e0e84
762 F20101219_AACKKW zhang_y_Page_040.txt
fc0aa780ba5efec7c98f55f206ec8b2d
f2d5746f72472cbae0c4d6c2b0dd9c12a9865db3
8106 F20101219_AACJIJ zhang_y_Page_096thm.jpg
803e0840bed9e3837920ba89da29bbc7
cb491b78e4eb09e2ed22f3aca182b1ee1b9540a2
1088008 F20101219_AACJHU zhang_y_Page_045.jp2
343ba235b37ec4b43afd6b5605225081
6d0c7147f0eca212c3e9ef9319c2060820d517f2
2540 F20101219_AACKMA zhang_y_Page_090.txt
2d42c6f1624bea0409f93c797265dd17
157923ed0456adf3cdefe82fff3ab390c6708c0f
2482 F20101219_AACKLM zhang_y_Page_062.txt
19212b49e57c7aa01517602766934dfe
f55851053cc1cb214ecd4d3926480d529cb02ab7
2341 F20101219_AACKKX zhang_y_Page_041.txt
3e365c97d1e8d00efe16a9b444843e28
891631a9558adfa2a9bb63f1c7e5afbe7efebf95
2463 F20101219_AACJIK zhang_y_Page_061.txt
025602615abad9a05eb37c2f122856b3
7db1692d58873c0f404e3fd8113e90dbd8a0860f
2447 F20101219_AACJHV zhang_y_Page_127.txt
79fe981696f9facc747a4d6c04f6fdd2
f408aa0f2c6f137612792c8e80dad106271b7dd8
2360 F20101219_AACKMB zhang_y_Page_092.txt
c5875e1b9ac4cfb2e2e8bccbd9bfc46d
a649bf0f1294830c0abdc6af24ea3b80bb669bd7
F20101219_AACKLN zhang_y_Page_063.txt
17e6122655d95663588a3b77ea0f82ac
9675f326b88fc6af11247be9fc7ce5941f99022b
2670 F20101219_AACKKY zhang_y_Page_042.txt
cbbba5c57b55a12378e2b371978c5f02
ec4f832f0bc6e2fd86ac43426669b25c23c5a398
35089 F20101219_AACJIL zhang_y_Page_037.QC.jpg
7476b9cce2d6f5af3363a5d401b3da72
af861769b33fea18725dcefa3e796824547ea405
120354 F20101219_AACJHW zhang_y_Page_034.jpg
c3ebc8d73f7008ae5f9dc916ae90a696
4fc9687875ffa32d9a440c8dcaec2d34c05aa834
2144 F20101219_AACKMC zhang_y_Page_094.txt
d3f999a36d2fa8c9dc812bf6b14d49c4
cfca2ddbbd388d5c9e70dcb839986ffbfe266ad4
2127 F20101219_AACKLO zhang_y_Page_064.txt
dbee2456738ae94b00d4f72fd5c40a04
744d989f6a7d9dbac50bb647347034337b175bc1
1201 F20101219_AACKKZ zhang_y_Page_044.txt
94bebc5443d8e2311f63c89c9e1954a3
8ff394dbfd503c9287ff9aa9b0db4b3cab62e072
F20101219_AACJJA zhang_y_Page_012.tif
63523f7c6e8ce798a904f3e9b1e2b6e6
09e01d6b516079a1ce4f908348255d43fbdfde5a
F20101219_AACJIM zhang_y_Page_143.tif
9247f6ddd471c96b73d43c29112d088a
e7921e408771093ee0042c2204107a4759cc224c
36972 F20101219_AACJHX zhang_y_Page_077.jp2
282d38a31b887771cec9057324ec3d7a
92a2640db1788e5172aa2c0ba6e0bab19f05d723
2130 F20101219_AACKMD zhang_y_Page_095.txt
49bec0283ee25e821e36c09ea5839e81
f40ee16554eef07a0dba48ebc69e977ee4458f2c
2293 F20101219_AACKLP zhang_y_Page_065.txt
e147faf4fc7d5be6dd6ea4846b5dd479
d20f07035acedb7b5da2055140fa912d5e21cd12
F20101219_AACJJB zhang_y_Page_109.tif
fbf51b3e38aa7360754a1ea7621bb9ec
9716f8b93ea3dc06e668d1d1ab67d999c7dbfc4e
1088024 F20101219_AACJIN zhang_y_Page_122.jp2
439e52f4565d912999fe8f1090965469
f08aedf4c7f192c25ba3bf0f832ed1046bd41948
61138 F20101219_AACJHY zhang_y_Page_154.pro
aef996a82709d716b3f3f38579a9c688
efbbf90e2c60949f1886c25f74d2af76ef231efc
2622 F20101219_AACKME zhang_y_Page_097.txt
fec4d93f49b920f9d5917f4ca91fa1f5
3f99c4b561e844289fcde23947e67161019474cc
35440 F20101219_AACJJC zhang_y_Page_162.QC.jpg
c4c80b2fe732a9e077ee13b9e705c863
deb99401fce41e0fd022d04a47d213a06d6da81f
67433 F20101219_AACJHZ zhang_y_Page_083.pro
01c3b502c5e5591ef63fddeaea8eb674
0d6477938a20bb4e3d1bde7c835a83a25326b12e
2568 F20101219_AACKMF zhang_y_Page_098.txt
8ac1573d818acb1160a3be992b00000b
83cfe351ec978b3a4358ac06c378478656ce2354
2490 F20101219_AACKLQ zhang_y_Page_067.txt
e27eea8ad3517184acde7dd4d433c8a9
100272a1416298bda15b6b2dff644db00bbba1cf
1088012 F20101219_AACJJD zhang_y_Page_135.jp2
43fb8720fc25a9fbf9ca8b1a83310447
c1066a8ece48a186a40765b38d8f986245871f20
1033786 F20101219_AACJIO zhang_y_Page_070.jp2
130924e4909eec31091e0735b1dec48d
8273f7461d2f700ab1b9747c4e98a7d4e045c794
2430 F20101219_AACKMG zhang_y_Page_100.txt
06f6d1b416cba8fec4f4f398f98026f0
df918f3d1d3ebac49b9e8cf6b21bcc3869036d07
1460 F20101219_AACKLR zhang_y_Page_069.txt
e851dac5ab935bbddfa2194202a90b7a
40e84e5f61ee8861b721ca00c4106532c576e393
1903 F20101219_AACJJE zhang_y_Page_074.txt
65a7fbdad8392b7018d1a5bacd2e1bad
cd6511336c2d72336d9f34f168e5f43c03c5a90a
8728 F20101219_AACJIP zhang_y_Page_024thm.jpg
a7be6877728661b675313b3f84b9c697
3dd4f563a2f17509b34318295fd8b202f0a5a1e2
2260 F20101219_AACKMH zhang_y_Page_101.txt
99daa2fc3aa3bbdd13a1fe708673aeaa
375a5d65a72120e4e4ecc17f9cc91ce3b5695f4e
2039 F20101219_AACKLS zhang_y_Page_071.txt
4255af755e011d0ab8614ca8eac95f14
b79c9db298082886cedbdd38fb68c870c4730a01
F20101219_AACJJF zhang_y_Page_052.tif
05569f7408e9daf05a7de3e9a222c322
f265fdbb11388f3f8982f7fabe584a99d3fac1a1
1088017 F20101219_AACJIQ zhang_y_Page_046.jp2
d1a72e2b537bb100b70c87dbebd82795
1365b9efc4264635704f8f643afaf78d7efef6fa
2455 F20101219_AACKMI zhang_y_Page_102.txt
2f75ddd0c50a151ebb19c0d597b98ff6
9b297f496542291f0e67f3466754cf8f75d01745
2536 F20101219_AACKLT zhang_y_Page_075.txt
116f10e886a08cd8fa1defa3a7b0d805
e50218e510242306098d85a7c5b20f91dc5cbd8f
2717 F20101219_AACJJG zhang_y_Page_039.txt
8ed53efd7ca3d509a930cabe66a00427
b07afbce3186345ffa4844ee5b7003c0336ddce8
F20101219_AACJIR zhang_y_Page_078.tif
db677bb07f121aee6c080edcb7d4d7d1
5e77fb5eb5d2c55c922c5a726c241458a0989a52
2358 F20101219_AACKMJ zhang_y_Page_103.txt
67b53448c27ae8a19e49870a39eb49b4
5a6d4de29bcca5bb1b35efd0b6767fa7fae50875
2479 F20101219_AACKLU zhang_y_Page_076.txt
ea9615e7a89a083f48f80d5b0890fe29
684513e3dd503bab34b20246bbf4b4d9a9f89d64
35093 F20101219_AACJJH zhang_y_Page_096.QC.jpg
3d566da32d501bea1da296155cb13074
8876148e533b12bb6574bed881d613ca43f0260e
F20101219_AACJIS zhang_y_Page_122.tif
ef1df0cbb031f421760135abf525a2b7
80709e45f47543552b0619940dc578959d502b3c
2100 F20101219_AACKMK zhang_y_Page_104.txt
944deddadd8d407a19fae0043f3c8bb2
d73ed0c7e35efe8d627badb41e911dbbf6ffc208
F20101219_AACKLV zhang_y_Page_078.txt
671b64ae86ab79643d1b3a80583d57ec
60570582a15dbbb3c33b15b81e58f1e3242a2b3a
2483 F20101219_AACJJI zhang_y_Page_018.txt
350e681797d2e4f70432c55704b1c03a
d39cd04596b433003181ab7e4e96ef350f164055
1087979 F20101219_AACJIT zhang_y_Page_053.jp2
91a7c1d8ffd7a9f24ef3aaa5363fcf30
f889f202bae61f4595144e787298d21e14fee233
1908 F20101219_AACKML zhang_y_Page_105.txt
7ca01ad4e8773131c48a85b6be42b061
e07e9c71e2775467865819d184dd03cb57c82e7b
2776 F20101219_AACKLW zhang_y_Page_081.txt
b70b30401e33d9433599072fe8371281
7652b3e8c4c387ae7c94212392cc241d88293da9
56358 F20101219_AACJJJ zhang_y_Page_121.pro
89855b98f94ecc495ba229140c30b2f1
a5155327860e2798673674c206f092973fc651e5
109808 F20101219_AACJIU zhang_y_Page_041.jpg
2447df3b66709f0f60dc77e9708eb04f
b05872680ace4c2f1c3d4c06f29867065d16ad2e
2164 F20101219_AACKNA zhang_y_Page_125.txt
2226bb375e52a94f3ab4f2018fa35291
81f943bd0f10bf1321b5ce546250dade60051c6e
2705 F20101219_AACKMM zhang_y_Page_106.txt
742f3582b88a3d0d17d16f77462e9b63
3010e1f928630655a37100e8769f15c4ca357b2f
F20101219_AACKLX zhang_y_Page_083.txt
4e8baca601dacad6d87785e84d4dc254
b98000e45bfc2d23f09067182ea25579383e1560
66167 F20101219_AACJJK zhang_y_Page_133.pro
4a09868898bed94dbc8cc40860ed240c
a1403e799f6af2d71f7fec7b2a458e4d87cd050b
2400 F20101219_AACJIV zhang_y_Page_142.txt
e0538342561add3ba890b7fb22221410
8fe0ba12b89be41c6f470afefbf3ece19c38a508
2448 F20101219_AACKNB zhang_y_Page_128.txt
2bb2076c11a581ff0034aaeffdd482d1
b2d601c1cf65382f512ab6c207e4002846bcd339
1964 F20101219_AACKMN zhang_y_Page_108.txt
5a2fb42d3da828cac0d94042f46935a7
511db7359f3d740ceb17dbfd7ae1c70d81cf7937
688 F20101219_AACKLY zhang_y_Page_084.txt
9aa44733d2f1794ab84efb0f45deaabe
9e4d4764067dc2e9d0696c3cdd6eb641173e1781
F20101219_AACJJL zhang_y_Page_054.tif
0773830ee6472bd731ee61d7bb438b46
0d76fdcb86e44143372ae330a44ee0715da69564
F20101219_AACJIW zhang_y_Page_134.tif
f1072e41b5b3ff494e11ae56faa98281
7a6ce572f1932ccc59be75e7af3eb79d2d1db48d
2050 F20101219_AACKNC zhang_y_Page_129.txt
455347fa2cf072010e9ec83fbb0c8cda
0c0fe3041a2361bf5cf2e41bb8093d2c178d239f
2308 F20101219_AACKMO zhang_y_Page_109.txt
7957b740884b3a64703d58928728374b
6337786403b3e6c0791e07ce0324d47b4380917f
2296 F20101219_AACKLZ zhang_y_Page_085.txt
32bbbf02af5a56ba211969d214305ae4
ae6c20b3b072f8b51fd5a22147cf13ec66a9ea1e
8824 F20101219_AACJJM zhang_y_Page_106thm.jpg
7bdd16ac6d889a88516b22c102b02736
0b50a68529764577ae63522acfc2a54c870f8b65
124661 F20101219_AACJIX zhang_y_Page_124.jpg
7ecace4730bb93cbb5fb2706ecf58652
99dcdfcea48d8a24ea242cd285b7d094e0a56017
2362 F20101219_AACJKA zhang_y_Page_126.txt
fb321b0fc07f2dd72d8da5923e95ec27
4db50d0163e1192bd3c01e0ec70a9161ae19f10e
F20101219_AACKND zhang_y_Page_130.txt
7fd820e7038203f6a6dc83d08b7f215e
dfdc26460c0424c9322b1fb2b4cb272b33f55269
2029 F20101219_AACKMP zhang_y_Page_110.txt
ca4ba2c24d206b37e5c82be56f6e2d3a
fed9ffadf3f165bc849f1b7d2b02efa537fe0284
3133 F20101219_AACJJN zhang_y_Page_040thm.jpg
d632d5b0ec4cdbcee321c4154b2289bf
15c9206876ed306d7768038012749ebe1a37e98b
932010 F20101219_AACJIY zhang_y_Page_108.jp2
76db0bbfefd80b035abede8151c106fd
7d9e1afee2b6b29b451f60c55600a02dc4696d57
119039 F20101219_AACJKB zhang_y_Page_151.jp2
836ee40d3647aca225f6d6326b996b31
9bc000b2087f6efb9e326586c4bd35909a87936d
2215 F20101219_AACKNE zhang_y_Page_131.txt
b7c433da156aaf7c9d8b7722527765c5
23ef4ca70fad72e8d46f1de7fb7b61284e7e4583
2072 F20101219_AACKMQ zhang_y_Page_111.txt
7c7352303cef20f5759224463808e987
f8028ad40a7f112b98ea264f10ae55a33acbf273
1087872 F20101219_AACJJO zhang_y_Page_097.jp2
10250e81e5efcc99961f94c4828235c0
a200f017d587c7e182260acee0b2e9b82e50174d
7593 F20101219_AACJIZ zhang_y_Page_073thm.jpg
dd21afd3b59fadda200fabd3270a731a
a3457b32cda52a18a32747f83218a216f53a64e7
37978 F20101219_AACJKC zhang_y_Page_031.QC.jpg
44a9573add5955399cd8c2fc16ee07f7
94ee71ea8a310340ea87489f6b63f8289909d398
2600 F20101219_AACKNF zhang_y_Page_133.txt
0ce89b653c38dee04640aa3cbd8a9e40
d2127bc2516c8adcb086b30a8e99169bc38b3c63
98526 F20101219_AACJKD zhang_y_Page_091.jp2
1805d6a18e8e1f5da878146067f42836
8025a7e4b4a5adeaa676f6028ddf5f0882527809
2582 F20101219_AACKNG zhang_y_Page_135.txt
428265f03aacf9b874ff68a499ac55de
b2d73a4d165365221bae93ecaf8d11abb389343a
2684 F20101219_AACKMR zhang_y_Page_113.txt
f28671a2d1d43da788fa99d3111f6bae
49ae7840b4f0388a4f0e5533e021194d2e5b827d
2203 F20101219_AACJJP zhang_y_Page_066.txt
415c202582a1bda2bdd7a116a13c31af
2285381138dd2532440bbef38d3caa4b3cb29056
1087973 F20101219_AACJKE zhang_y_Page_147.jp2
538e14ec93de401205617a39e1991701
16ee960b9fd9906c61e29f2bab8769e54331f3e9
2466 F20101219_AACKNH zhang_y_Page_136.txt
5d42a102cd67855ea55842be536b6085
49770926e11205254035fb56192583408a39b6cf
2272 F20101219_AACKMS zhang_y_Page_115.txt
f06f4c70de1ef65a9f6b845a11433515
e809b36b5d95e9423cd85be5be2e929fb25c640a
2541 F20101219_AACJJQ zhang_y_Page_033.txt
6a3a1eae6de69508d191fcd1be0dd04b
365d3e13147e6b024549aed5977bb8e6c24515e6
61289 F20101219_AACJKF zhang_y_Page_063.pro
f475a8326487375ceab0c4f12afc6487
80c472ec9ad2aa22446e22f5fc536a2566f3a0a3
1971 F20101219_AACKNI zhang_y_Page_137.txt
b45adedd273b008102a3a95694f95f4e
17b8f01b5987da89c40aa6405c2375b57026104b
2607 F20101219_AACKMT zhang_y_Page_118.txt
10d1e50718e7ef8c55e0131818856263
0b2a42428b442268cd5ae3e061bd1b0f023c74db
1781 F20101219_AACJJR zhang_y_Page_117.txt
42ce80052a56fb9fe0bf804649103937
a917690e212c21cc9749913ba799caf9084ce157
F20101219_AACJKG zhang_y_Page_021.tif
0510e315c16056514af37bef8add28f3
1562d290a3ebfabdda6acd9b625ea085c333553e
2435 F20101219_AACKNJ zhang_y_Page_139.txt
a3498c3ad1521e54fe242daef5005d57
1856bb1c70e9a58ed9e494df2a062d5373c10050
F20101219_AACKMU zhang_y_Page_119.txt
b5dd5bc9140dbc060907c6b7ea38dd07
e86001ddc78e961143aa57f21b7519ba8db5184a
72018 F20101219_AACJJS zhang_y_Page_165.pro
18c558061b73b971f8f2a2b4c1b7c682
440cd9f99df84ac81b7776dcf982e13c7c367181
2732 F20101219_AACJKH zhang_y_Page_145.txt
c36bf743b6e67ccb2d773c60d8b7579d
f94d68a12c07f64f82a8ab77d38b56e28f796abc
2432 F20101219_AACKNK zhang_y_Page_140.txt
5ed07ef8be0376631dda4a204e79f257
943068847708812813f7005527c40ee6a77d05f8
2495 F20101219_AACKMV zhang_y_Page_120.txt
c4f96034b3340ee9b13603e007ec477e
40d4b9da73ed6d43c2381066adecea9a32103136
121022 F20101219_AACJJT zhang_y_Page_128.jp2
1c699c42fc512ca907afd767e733187a
f0f19be4b01ee90eea215822e5c10dc4ed308f39
F20101219_AACJKI zhang_y_Page_108.tif
2bcb0450f53bbfb2057c897c1d64b301
0adb571dc0f629357d77d85585f3cb0fd9dbad33
2336 F20101219_AACKNL zhang_y_Page_141.txt
6d30689913ffb0b5d2051d26d1868a1c
2476913ec1b67b7bfbb17a905c66dd67f50b76cd
2331 F20101219_AACKMW zhang_y_Page_121.txt
0fd73a7e65b5696934fb5ee3b32524a4
1b1e71ded31cd533e110c3a0d2b80a1dd8eea352
68427 F20101219_AACJJU zhang_y_Page_017.pro
a4ef9cadcbbdbdb95de521f51c7a41ee
e6aa0e28687b627e749d71952cd874d02a32f8d4
63 F20101219_AACJKJ zhang_y_Page_003.txt
00f13bf2d13419b0713c83a09c5a60ad
09a8b52222cefdaf7c80369c79428365af8a12e5
F20101219_AACKOA zhang_y_Page_164.txt
4bee04bccc33530521e7f5fc428f2743
64b6d7cb62ae8b3b765b1d074b42761f28b6550e
2559 F20101219_AACKNM zhang_y_Page_144.txt
f9256ba946e21ca86d6a46870e57be1d
367fb9f88baa57cc0266a7b1be50b10bd887c733
2353 F20101219_AACKMX zhang_y_Page_122.txt
1798980e75a41032afd9fe6048aeb379
9803f66566e0084b9a7c3fbb39456ebf46fa09dc
2730 F20101219_AACJJV zhang_y_Page_162.txt
b6b88e4abeede4a08f7578c0c05a0122
489ad7d48e70d3a294da324cbd8b5f28e7314ed7
133289 F20101219_AACJKK zhang_y_Page_164.jp2
598a0238f83799ae7e3cc1505656a5cb
8bc81bd4a8c12c1869e076921144e049ae623a3d
2917 F20101219_AACKOB zhang_y_Page_165.txt
1330e8491582848891b75891b7db4654
2b975df97c9785e66e2a1c4f278c9862d98297fc
F20101219_AACKNN zhang_y_Page_146.txt
cef462bd8c03440701ddda42e985221b
de4393f7ade87b29c87043837da160b7c14710ac
2491 F20101219_AACKMY zhang_y_Page_123.txt
62773085360b9c90d75ef356d9291c29
63156bd94ca87f9f91dad3faca8640eafee0fc1b
F20101219_AACJKL zhang_y_Page_161.tif
1fcca6fa5cd570260e3a4afc5ba958da
395366a8c38398ec7130bd96c774b7f8fd5e1113
8354 F20101219_AACJJW zhang_y_Page_082thm.jpg
74aec17a7527488f244402b32b35288a
751c66ba321405f21096163ce5e9f9272d9f2cb0
837 F20101219_AACKOC zhang_y_Page_167.txt
d3fc2ed8ee0b3bd77bd01bac37823f0a
afd205452e8897a46b020976e6e9dc86b06efca2
2496 F20101219_AACKNO zhang_y_Page_147.txt
03fe09a7ca2239c99a8e53c6512d7087
d121dffabeb55e8c6a84fa195951830dc1a8a52d
2565 F20101219_AACKMZ zhang_y_Page_124.txt
06df5e47e59cab81950fada332208bbc
e59abcaa7d278f38e36ef40d00c585ad1743e5c2
1087974 F20101219_AACJLA zhang_y_Page_025.jp2
b6bb291e87722ff853b6abc99b98ba08
76208eed8bbcde75d16e50a452bbaf0aadf2eac1
8222 F20101219_AACJKM zhang_y_Page_063thm.jpg
393921cd84082c8e3971835433b0aa8a
ebae7b94c174f14cf5ff23b7a9626eb21baf951b
73111 F20101219_AACJJX zhang_y_Page_160.pro
bc9ef07adef1b7ad95ee123e8f55fbda
4e10e9707b113ef9ca532b68d576499e1605b9b0
F20101219_AACKOD zhang_y_Page_001thm.jpg
5b46cb32e8ada372f1ae6857ef166614
4ebdd7b030db9bf8bbc1d39b951b832d5ae5d8ef
2872 F20101219_AACKNP zhang_y_Page_148.txt
6501cd1edfc25e000085187769a0409e
c98dd7640ba91f3a35f1f5ca183df04a5cbbf986
35158 F20101219_AACJLB zhang_y_Page_164.QC.jpg
b33034c4e4fc08bef1697c5aff04991b
8f3f5a70645216cfcd75d6afd90f7abef52eb42a
F20101219_AACJKN zhang_y_Page_046.tif
f5d52ade21a85684c11564f831950d9e
2e384ae33c72b54a1206b9a98ac0627d3980d99b
64816 F20101219_AACJJY zhang_y_Page_089.pro
4db66c5715b906f50b382364bc5187dd
175a20b4308e0e6074b94f83d43736c11c18a5b5
1358754 F20101219_AACKOE zhang_y.pdf
320a03c939c49fd82dd9e36a8771a614
300ae03bdd2f72386e25329e07b43169844e9889
2673 F20101219_AACKNQ zhang_y_Page_149.txt
d9b5d45da03b282b1b81ac9890562616
f3cb02089f26babcb19319bd6b5198116a8db93f
2384 F20101219_AACJLC zhang_y_Page_143.txt
1c867383b8adc4f2e795dfb2851b5988
f76b9ee1b5d5a3c567bd3ae3dafd7dd8e6bd4ef6
1003342 F20101219_AACJKO zhang_y_Page_129.jp2
c38c179e4d00085c6ba5c6f6a87c1806
9bc2b26d7225024df4155f3844ef89ceaf8fb8f4
43313 F20101219_AACJJZ zhang_y_Page_105.pro
f90d1f03d9c67745b3ff510c787be345
241182824140dfee042eeeb39e86d3d2f7be8c58
4908 F20101219_AACKOF zhang_y_Page_004thm.jpg
8a7c8d8c6660daea7d640c0dc3b7e923
2cbc90b11560cab8a1dec77ac752a65be2d89d57
2527 F20101219_AACKNR zhang_y_Page_150.txt
9c7a755edec4af36d994a7aca91d0a3d
c6c5169637963470aeb84f5eadc8863739dde030
110 F20101219_AACJLD zhang_y_Page_002.txt
8adf93bc5168460f6baefd9cf1610f95
a53bc0cde10b524042ee6976b482df9836c3b2f2
27880 F20101219_AACJKP zhang_y_Page_137.QC.jpg
0a7cb4c2d8759eb2cbbd2d75293a060a
caa6babd7784309ab055bb0f882cda9e741fd79f
7457 F20101219_AACKOG zhang_y_Page_019thm.jpg
340b0cbc058e5e92fb306362cad85bfe
cefcbc96ac1c0d3be1bf22a433a19c7c4dd5f098
7109 F20101219_AACJLE zhang_y_Page_099thm.jpg
97046b7147a432ef89178ccc078d5ab7
88ac62f0fed77b815d9884ab60ed4c4af43fcee6
28771 F20101219_AACKOH zhang_y_Page_111.QC.jpg
00c608fae41bce57422b5ef773920249
dbe4475f2280d6b5d1fe45d8751378e68aa6406c
2547 F20101219_AACKNS zhang_y_Page_151.txt
f3934bfb7b18bbaa11b8e38791129b10
057ec059c5d25d3c348406996f09c16f9e89c0a5
30084 F20101219_AACJLF zhang_y_Page_103.QC.jpg
388352adb55af7ad499a1526f34ff80c
1e65cd5501f6a1676ff17b56ba4c5d670de819cb
38874 F20101219_AACJKQ zhang_y_Page_133.QC.jpg
da03b0eb93b833d8b584cdf9d5cd7ece
cfb269deb0650f42ba010070897de63342447457
8340 F20101219_AACKOI zhang_y_Page_076thm.jpg
99c41d7398d2a44e519ad79e49ed4a04
ebac4361f5ad117aa9bf6e584ebf42a50a519e6f
2264 F20101219_AACKNT zhang_y_Page_153.txt
4a8c1dc40a24edd0b8f84212c3b3a028
4c39a9fc2cc1093761aa78637190a23d8f93682b
F20101219_AACJLG zhang_y_Page_018.tif
dacafab821e5aa799abcd985ea8fc9a9
fc77b95d653c0738ff9fdcac53cc5a3cfd6ed44e
F20101219_AACJKR zhang_y_Page_117.tif
0de68fc94ecd6180c81db00ea6bba6fc
653dadcc8a26612dc86015c5030faadc57b1c9e6
8703 F20101219_AACKOJ zhang_y_Page_124thm.jpg
0f137f52e090299c3aae1db29993883f
417d4e680ba6de7a0903bddcf56436c865b433dd
2449 F20101219_AACKNU zhang_y_Page_154.txt
58d700c95e98540a41ae811aa702c210
4f27b3c3b67aaa5061a537a9001ab73ce46143fd
8078 F20101219_AACJLH zhang_y_Page_078thm.jpg
5443acb67e1634d296b395c2a1bd9710
be9ae517782d00884453c8e684b35893b1b73d50
1088025 F20101219_AACJKS zhang_y_Page_133.jp2
0506e168aa65b15ccc0d037502e69e8e
f78da1ffa759aa8637b30e44a768bcc3787c7f33
7051 F20101219_AACKOK zhang_y_Page_111thm.jpg
9c13ad5138e59ff7888b703e7f0c1d2c
91b9b007ecf8671fa9bd3d8f396a2413653e86e0
771 F20101219_AACKNV zhang_y_Page_155.txt
76a2a48c8341360651fced1f422448c4
b34359c8505dc14cfd74e42e77f0573156a64e6e
8476 F20101219_AACJLI zhang_y_Page_037thm.jpg
5fddc2bc44739aca280d6fded792bb0c
dbc03eb1ee9c1bf11cd90da932b2a258992d26c9
F20101219_AACJKT zhang_y_Page_044.tif
e194ce8c4ba040d3802e1e169a29362b
23aea58d6f12b54cf47958e79e4ee08ac2b9eed4
39461 F20101219_AACKOL zhang_y_Page_059.QC.jpg
097812328cef3145f92a7108b4c3e80b
683e4a3afd9d3b14ab5d40fdc36b9b8561a1ea21
1359 F20101219_AACKNW zhang_y_Page_156.txt
0a3d31a7784bd343c090627db4e61850
6af544821c4df62cfd78b15c60f4cf58a96602c2
F20101219_AACJLJ zhang_y_Page_025.tif
d449b6be2e26b62d2a655d3dcdbed2a1
799547a7fbe0504334e3e97baaa6db1ef46d220c
29354 F20101219_AACJKU zhang_y_Page_069.pro
d92e28ca7511d47334dae7ae52f6d67b
9048e72838ad831d085ae291ffeaacac08926d2b
39637 F20101219_AACKPA zhang_y_Page_145.QC.jpg
94f1d01c2adfaa339579b49da4beff96
649d78a3ffaae7f634fe1cb9ffe18fb58fce9c9a
36273 F20101219_AACKOM zhang_y_Page_160.QC.jpg
aba9740227eb049170698047e7774087
757e24bde1be5dabf5f60286e622806bfebef6eb
2954 F20101219_AACKNX zhang_y_Page_158.txt
f48a82ff8506aa831b92c7582bec02c6
0149919a384bd28fb334d693a8f745c9d73edee9
55539 F20101219_AACJLK zhang_y_Page_066.pro
568d98978bb459393cd77e1e2a6dbf6a
e90d9c8f061b1f79291b71704a01a8f31ef31ea9
7930 F20101219_AACJKV zhang_y_Page_131thm.jpg
50197eebbe1a12995a5e1e451dc6930f
e14cebf3435fedf0f94e3b78ffcf8891c7a6310f
37924 F20101219_AACKPB zhang_y_Page_049.QC.jpg
924a6d760b71f9f529ee546009c82aff
28d0680f955c6c1a5119ea5f6e202c0ce7c19956
7954 F20101219_AACKON zhang_y_Page_120thm.jpg
faae988768ce2ad85618901decc696ea
197b2b31caec7e2f466df03bbd5bf5e74b390156
2882 F20101219_AACKNY zhang_y_Page_159.txt
bf4854014c6814fd92151d1884160400
783a9a69816cc9c51c6111088dcb00f8466fc733
110777 F20101219_AACJLL zhang_y_Page_147.jpg
5d0e2dcfbef82f553b7eb5829fbbdddc
df3844908981714a725dc8dff5c435791aa1334e
8072 F20101219_AACJKW zhang_y_Page_001.pro
b756370043ea8f16f5e9e94ea2c055e2
ee10eb56dfc482d390036a04f1243d0af24822c1
8431 F20101219_AACKPC zhang_y_Page_100thm.jpg
7d317b2f751fcd7af24c6ee8e3ad352c
18e53706d7488340e23291e008fa5e8f4dfea746
37086 F20101219_AACKOO zhang_y_Page_090.QC.jpg
4683cff8cdbbbfbd30704107885b4ce2
78db03db5c3f6184f73b438d37f2f18a2d7bc4cb
2791 F20101219_AACKNZ zhang_y_Page_163.txt
b9a42992637c63b7b1e348dd396077c6
5369e4ecccabc6fc9531609faba3c1c7271e5c51
1087961 F20101219_AACJLM zhang_y_Page_021.jp2
375850ded477d2f8bc1c730d2e0ef71e
df24845b547b1ed316acd751def18c524ef8af9f
F20101219_AACJKX zhang_y_Page_135.tif
3c1aaffdde842f1d8e5eb363a2614e8b
850e76c112cc5f622c5b65973d3f7ee795b91e55
111043 F20101219_AACJMA zhang_y_Page_023.jpg
a4f99caed9a842ba6fcb793d15657971
7d167d449198ed7f1f0b380363e67743098d1482
7490 F20101219_AACKPD zhang_y_Page_146thm.jpg
8152ebf8d6c691a733374f05246770f9
08b80a0ac904f528940fc2f160cfe64b0fff2e4c
32019 F20101219_AACKOP zhang_y_Page_121.QC.jpg
4c2fa5c2702976222ce1f123928bebfe
0ac5a1668434b48c3807cfcfe5960a6308b580fa
38560 F20101219_AACJLN zhang_y_Page_027.QC.jpg
66615ecee6571e4e0daf3c89a837a061
2220f126dc935a34e80629fd6f01c3a173ed6d33
2946 F20101219_AACJKY zhang_y_Page_160.txt
f525163b8d87a51145701b71b4cb8524
90df8963abd7640c8ecf907d43d42e2c6bc29e42
8494 F20101219_AACJMB zhang_y_Page_033thm.jpg
6e3d2b9289b2972edbd2c22289738f02
94c76d43e675866e455cd918513a8c323f65bbff
38716 F20101219_AACKPE zhang_y_Page_119.QC.jpg
1c8e3499f4cec15710bf3117fb9ff921
a3f913ce2d4c8d539f7a9bb5c6f389517965bce2
37950 F20101219_AACKOQ zhang_y_Page_042.QC.jpg
58e90135a98734e6bc7e51082a1c8b1e
6e3e50381fe986ea95a6b0a7684d2239ac20c6b9
89876 F20101219_AACJLO zhang_y_Page_016.jpg
c1f5dec4ad938ee8ae1652fbe29833ba
d30ea3ebf1b061537b7fd5a148eccc321b5b9fff
79402 F20101219_AACJKZ zhang_y_Page_069.jp2
ae7205eed566785654ff160cd8becdfe
afb941712b90629a75ada0e91c2397ef2c76b0e4
37074 F20101219_AACJMC zhang_y_Page_012.QC.jpg
8ba3d92e3167be0b450623bcb0197628
817d08fc145b5c77a24d7f7b400376688c09053b
1761 F20101219_AACKPF zhang_y_Page_015thm.jpg
650b7c12d1c44f4fb4adb0c2dc4f4e32
759820889be2994067aa93a3a85da7bad305f78d
38412 F20101219_AACKOR zhang_y_Page_089.QC.jpg
5e0c1b490bab562faa73292cae470996
5c2f40ee123501166a00e87d8e64f91dbc4b356a
33096 F20101219_AACJLP zhang_y_Page_115.QC.jpg
c105ac339c4d3f5ce79c83ade24be2c3
49729e825186e05829f97816fcf78e1d039173a0
51255 F20101219_AACJMD zhang_y_Page_131.pro
f4dfbdba360555a1e595fba3f4ddaec7
1694d7454b23ae8b7b7e1b549c9a03444706f053
7509 F20101219_AACKPG zhang_y_Page_006thm.jpg
b1868a65648cb4ff5f70bd7b63e88036
8dd56340d2db33de3418ab0be7192dc16f44759e
32439 F20101219_AACKOS zhang_y_Page_092.QC.jpg
8841b9a1c906f4138c4ee4a35832b119
ea3efac13dcf3beaf0c67545652e4ee1af6b786c
443 F20101219_AACJLQ zhang_y_Page_001.txt
abc4399484d0fa7d3904807a464af244
6a2a44792815bc7a7728531609d496e3d888473d
1936 F20101219_AACJME zhang_y_Page_073.txt
de074493676c3e74d3d9b04eaa4401f5
f07fcace7cd880a883781f1ed154a76411042dfa
37116 F20101219_AACKPH zhang_y_Page_006.QC.jpg
0c9f1175034f1fc1710038bf238dc2cf
40a516f345f0027d1675a1f61e98eae69118d9a7
2859 F20101219_AACJMF zhang_y_Page_012.txt
d1728bd086c00fc1ce2a0068499d0fb4
40b185c30e2321dad3383bdb6839a91dcfb9cbbb
34909 F20101219_AACKPI zhang_y_Page_018.QC.jpg
6f704eb41888185df02f74a86a2d07e6
89c099a2480f2703557ba90fab9fc6ba8fa47b0a
6652 F20101219_AACKOT zhang_y_Page_016thm.jpg
db9f66379c3a2a4d5f215ecad3509442
f531bb4d51142c9491c284c513fb65405d192dd7
2345 F20101219_AACJLR zhang_y_Page_088.txt
7a83b387379ca3d9a8e450b13164ca58
1c504343f23cfc149c873cbb74a39e3cb7a8557f
68007 F20101219_AACJMG zhang_y_Page_069.jpg
707cd3a2cd6d2ec5dabbd208a7067fea
ec81538c00fd94653d896cae6ca9487aebe5b1a6
2973 F20101219_AACKPJ zhang_y_Page_077thm.jpg
ff1bebb3fce4ff1149abebf3c30df529
17e582fd48714ef53d0eddfffa185927292bc921
8499 F20101219_AACKOU zhang_y_Page_138thm.jpg
048fe6f1dea1eaa482cffb0470b59013
93c33231065eb6ac411f400d274e96c945364e6c
2388 F20101219_AACJLS zhang_y_Page_096.txt
c8a40d56568cfa104b110fbe3bc654cb
66ca4de1b269aed30a2c3d39c8b31db9cfc71d79
33431 F20101219_AACJMH zhang_y_Page_053.QC.jpg
0b6924780729768d105854714a07daf6
ab44b356e6a4473ec059d6be88fb9d0fc3c36127
39786 F20101219_AACKPK zhang_y_Page_014.QC.jpg
eb24b158ffee52f0b2d7a13c97de8c44
7b2cf99b6fbecf61b27e9525ca8b3ab54040d375
6937 F20101219_AACKOV zhang_y_Page_001.QC.jpg
1c1b94f364c07efe8f50442d1fb80c5f
dd9103dd97497ea9254034bdbec9c94d04d07d6f
7353 F20101219_AACJLT zhang_y_Page_115thm.jpg
27b6d46ff3c9d9fa122103aa9b458e2f
a6f7ecf3c3a62a588063b572f9460cb51fc9fd7a
5936 F20101219_AACJMI zhang_y_Page_005thm.jpg
86a2ff1665f0df6d7040c5e8b4993a72
93d626e841257ea393010860a8758982e55420e7
8590 F20101219_AACKPL zhang_y_Page_012thm.jpg
e78a687c128c0691f92f67a0df43ad26
1895bc020f2664872f3a32bde3f95884dac44d8d
37303 F20101219_AACKOW zhang_y_Page_112.QC.jpg
1b5d9a779eb091efb82a3611b112475e
97609b514719b65fc2a154a1933f347ec202910b
57333 F20101219_AACJLU zhang_y_Page_020.pro
23e932453815bdc5ec421367d98f25eb
50ea570e6859adace5a34b001bd3f5dd3ae9d28f
34982 F20101219_AACJMJ zhang_y_Page_084.jp2
c1dfe483c9aa69f355e9511d08b0b8ba
43046eb8e5d940e28b3f8129bff41745ece960ae
38233 F20101219_AACKQA zhang_y_Page_013.QC.jpg
98686a895f6f2cd52fdbc8bcf3594251
7bd312a6bf08c1faeaf6245a2875eae6a1117749
8164 F20101219_AACKPM zhang_y_Page_154thm.jpg
c92a88154dd6f3b50379de9d4591a9f2
4e11fb0e4247f5042706dd9ee98f0b186e201832
35774 F20101219_AACKOX zhang_y_Page_060.QC.jpg
938ffb219e0dbf47f8f2f33975685d59
dee982643a424c3b74b86be934219297f44bbe30
F20101219_AACJLV zhang_y_Page_062.tif
8cbac49ebb870566c2a9c837a835041d
7a36d4f1dda616e5504c871f4c3a10196af84d61
1914 F20101219_AACJMK zhang_y_Page_070.txt
14ed321d2b6e6bfd06b734fc7d97f4df
a3d1b4df1f1fc1a38a1e97f7a68f9f989dc99271
8403 F20101219_AACKQB zhang_y_Page_013thm.jpg
8848bd848dff07800e7886ddc42d9fa0
849a3dfbdbf9eb7b59ae660d88234a417de5ccf0
8797 F20101219_AACKPN zhang_y_Page_114thm.jpg
3dc885f1279fb82c73af15f2f2cd234a
dc3d83683a956fc7c7f8da8f28208a4cb30c5515
37807 F20101219_AACKOY zhang_y_Page_056.QC.jpg
16c556f0679bb70e403f9ca6ac810170
3600f0f33a5fab21802cc74f8d991e8a7b0e8bf0
116632 F20101219_AACJLW zhang_y_Page_150.jpg
242ab5bdd75c972927f9ca0ef0076d91
3d35e89040d64bc389f856ee4aa2decf5e7f0ce9
F20101219_AACJML zhang_y_Page_118.tif
67f6f0e7d2682cf302259edd8ff66082
d0e341cd4491d26c8f109639bc9c6e131d20938f
F20101219_AACKQC zhang_y_Page_014thm.jpg
732ad8fa477804e11302644bb87ab863
0f981d1fba9bb87bbc73c58c99634118bca47dc8
29441 F20101219_AACKPO zhang_y_Page_009.QC.jpg
bcae49ee65e180ea8128a2d1ce26c6f9
411b3a0f790c2b6bb5e27723ad19e1cc0b78ba62
36501 F20101219_AACKOZ zhang_y_Page_082.QC.jpg
dde9dab9d69d1090b165304bbe4d90bd
ba0ba0497b62f6b3dd1b143ee84bf6e38f3f91c6
F20101219_AACJLX zhang_y_Page_082.txt
842f147e23858136336ca371a6ac07cb
28e18c2751f93c4e56f4822bb65348fb8d524ea7
64503 F20101219_AACJNA zhang_y_Page_090.pro
48651e9e148b7066f84e046477232bc2
938efb3f2373af3d624c8563dbdd5d3c62677658
967 F20101219_AACJMM zhang_y_Page_166.txt
8f1f5b91ee5eb35ce3ebeb3e889df269
1074336fa518f8d3f8104ce0fb0e45fa2572807b
6056 F20101219_AACKQD zhang_y_Page_015.QC.jpg
75b85cbcbcafb49c587451576dce4d7e
421c687e762d2a21d08b4223edc1e1f086574714
248350 F20101219_AACKPP UFE0015609_00001.xml FULL
9b2954f5aca52fb0ba30c82370fc2d34
bf550ddcd9e5351014533fe50ada7fe3ad5cf0ad
BROKEN_LINK
zhang_y_Page_001.tif
8898 F20101219_AACJLY zhang_y_Page_081thm.jpg
ee26a2eca32c5535b7843570d828f64b
7a219366fcc85b0e961bcfb3ab819edf172c2193
8778 F20101219_AACJNB zhang_y_Page_113thm.jpg
356474c7fa40b8e758ecee1a2f6d644e
e21ee4fe803c4ec0b948e9dccf9e899649910509
1088000 F20101219_AACJMN zhang_y_Page_073.jp2
4ac574e23a5ad230c72b49bee931edd0
66a9127ab8537a420df22ecb8515f93d85c72be3
27413 F20101219_AACKQE zhang_y_Page_016.QC.jpg
510febd1e061ebc2c6902c2653073570
44d530a4386c66ce9d3c2e548a0d98cebb7ad69a
1467 F20101219_AACKPQ zhang_y_Page_002.QC.jpg
0110b526478bab981e40de589e8b3560
ed0a17a03d551db3201b658bf2c75ea32726259d
F20101219_AACJLZ zhang_y_Page_024.tif
131a5c7450c19f57a2804d26b8d75447
74b4bc83fde31be06223b71c8a2fc90f909a2231
46254 F20101219_AACJNC zhang_y_Page_068.pro
093b582e34ff194db9be36465333b074
7a2bd67499ffeb01bdb44c99b82b1d939ead50e9
7883 F20101219_AACJMO zhang_y_Page_122thm.jpg
d5865e643db9d90957d73caf9cc50691
94303a18d1569237708d96b3f0e9cf41c01af695
8016 F20101219_AACKQF zhang_y_Page_018thm.jpg
5c71b94d4133f0b497b2d9cf1d213a86
9127216eb7ca1bbf7a5b8a48bc7d40a206c1bcf9
1182 F20101219_AACKPR zhang_y_Page_003.QC.jpg
3e3b91c5b24da9ab636a63143bb38754
004a40371194269ed37db97ae86d66285407bb0a
63130 F20101219_AACJND zhang_y_Page_078.pro
7ca0e760b89046cb1f5f0007ce32c6bd
c5037ab5a2e031147b5d0831c9303b1b624782cc
31532 F20101219_AACJMP zhang_y_Page_153.QC.jpg
e6972acc82fa5997ecb1fe2f69027db2
483660610d489b137a68fcb578a9e845f1fad2d7
29582 F20101219_AACKQG zhang_y_Page_019.QC.jpg
57d9786ec45c64a8882892cf574e60e5
80023343de451e45c471cec81d780aa75f129ef1
20764 F20101219_AACKPS zhang_y_Page_004.QC.jpg
93be66c6c55d808179d29fa0d993df28
dcd43529741b4ce3396090838fb2251232cb766c
36661 F20101219_AACJNE zhang_y_Page_038.QC.jpg
71de06a920407fea48ea42252545a49d
b54b0b91a0cec085839ba7926965ea339387b432
2193 F20101219_AACJMQ zhang_y_Page_068.txt
80aa2045329ec95a7d99eab1dff30d1d
028b365368c89299ed90fa39bc482f6d9dfb9002
33936 F20101219_AACKQH zhang_y_Page_020.QC.jpg
6e99fffeaee70c1f2c243d5ad27972b8
7702415f474f353a728044fdd07cbf66202f60c3
29297 F20101219_AACKPT zhang_y_Page_005.QC.jpg
b418d48db4123bb5bc1dd4867e42d04a
8aa56efc84469886fcd599e4865e5814ecaac6d8
10152 F20101219_AACJNF zhang_y_Page_084.QC.jpg
94a3111dc700968df2a3f8b1d9b0e9d0
90fb777d501d7b257a035c40ba43045db863213c
463 F20101219_AACJMR zhang_y_Page_003thm.jpg
11a3aa30e25d0c6034c877122f6d9e20
47c041452b0be78bf8bbb1930e85bb17b29448b9
7884 F20101219_AACKQI zhang_y_Page_020thm.jpg
c2db0c3e49ecaf308d1fd675291b4ffc
4fdd7b0927102429d1ba074465158f89b5c5435b
40104 F20101219_AACJNG zhang_y_Page_029.QC.jpg
90519995209d024180af68fad2589db7
063b7bed25e5b67bcc6ca61d072d62ac8715eebd
8148 F20101219_AACKQJ zhang_y_Page_021thm.jpg
72299751db648089966868c19b81234b
3d62cb08b7e06c37b88056a6ed78ce018724dbda
34716 F20101219_AACKPU zhang_y_Page_007.QC.jpg
e8c310ec0435f74798baf526e0edcadf
006a25faf512488201f81b382597b8cd6eb2eb57
8215 F20101219_AACJNH zhang_y_Page_126thm.jpg
ed0118a9fd95c7dcae80a1aeb004f9ab
b30736fda0e78a296170a998fa9e983a1b5df5f4
36522 F20101219_AACJMS zhang_y_Page_161.QC.jpg
95933ea0c71ae09d66b51cdb5e147c69
786abd2a3b727ccd10f41ab05ff912a483b5272d
35449 F20101219_AACKQK zhang_y_Page_022.QC.jpg
b59517c23de8501c6911dd2f8c34edb8
bb03788f75548e0ea09187d5d4e620f4202e797c
11212 F20101219_AACKPV zhang_y_Page_008.QC.jpg
0aad8b824bb233407c52ea84b723d84f
e5263d3dca14054cabf877524fe2108afcf1df4b
55390 F20101219_AACJNI zhang_y_Page_053.pro
3ea92979b827e77a52bbe46461aea2c9
1e76de110710b5b0a909eece0d7201138b328d16
1088010 F20101219_AACJMT zhang_y_Page_007.jp2
6b292ea98afa0edbbb0c4bdea199ea63
a86a0edbe666e832b9400f5f233a7c7e29de6500
8089 F20101219_AACKQL zhang_y_Page_022thm.jpg
e920e9d401929798c270cfcc1aedb779
bb308fe9d3a083671ecb8c5bf8a742916aa1f582
2658 F20101219_AACKPW zhang_y_Page_008thm.jpg
aa20c41dcebac293c879a9f4e85b7a93
2ed65510ae3ba441990d159191037eac7f58d3ac
2197 F20101219_AACJNJ zhang_y_Page_132.txt
f351ce6c7753709edf0d0a11a52d2361
ee5e020a4ba9990209d9342232afc8fe4898737e
30406 F20101219_AACJMU zhang_y_Page_146.QC.jpg
f7f3290086030d6e06724b2b3a4f5fd4
47c751217f42253af76d4cc5bb774669cdd4b14d
8837 F20101219_AACKRA zhang_y_Page_036thm.jpg
8606d65cc031cf8971329048b5d7d49c
3d7e7fdc23aa7f6118987dff30f514f9d8c5e9ec
34021 F20101219_AACKQM zhang_y_Page_023.QC.jpg
c7d545ffdb2da1fdd216442bcf4db8d1
d10f7be0cd42c0a7203482a3017ba2bfc9784706
6661 F20101219_AACKPX zhang_y_Page_009thm.jpg
9327825e6a7823f4d6c7fdda3d4976cc
1ea18303a02a9577c90593f98358b5616049dda3
126084 F20101219_AACJNK zhang_y_Page_097.jpg
d54e3423c11b99cb907e106fce51b6f7
c86d333f3873094730660c9e16172d455725ad0b
F20101219_AACJMV zhang_y_Page_102.tif
1919e5627e256cbed82e201bdb5ff5dc
d7498a8e151ab03dc97d1288fcc4827bb64465c4
8304 F20101219_AACKRB zhang_y_Page_038thm.jpg
4252eb7cbb426aaf2c10f7b1b8090bb7
1a704a66ec1934f9781b85aa86904f1e1288193c
38473 F20101219_AACKQN zhang_y_Page_024.QC.jpg
c96ae8b05792f691e2e4fb4aa811e920
651fa04b351a7a26ef73726fed4b4849fa60472c
27970 F20101219_AACKPY zhang_y_Page_010.QC.jpg
c25bdb40555da2e2461557791e88b1ef
f3ea6a5e7bd309836e19d5b538564e8268f5a403
58413 F20101219_AACJNL zhang_y_Page_088.pro
e44708fb12cd5a95272c5c2ce3bce1a0
cdb7a69654c4cae63ba946f7ddfac5d5eec460ad
125721 F20101219_AACJMW zhang_y_Page_013.jpg
bdc3fd594c52011fe683cb8562b4ba6e
48bbe0c511a3b9c3d6cade636a4c2e89b0909797
38486 F20101219_AACKRC zhang_y_Page_039.QC.jpg
b74c8aaee3bcc53322fd1bc0821fe287
62f7877da83544e1226660d9b727b8b64f859662
8610 F20101219_AACKQO zhang_y_Page_025thm.jpg
d8caaee8ac1384653e089c2ff84b124a
489dea6f39440a3a9ee3275329f9f40d17953d64
33586 F20101219_AACKPZ zhang_y_Page_011.QC.jpg
eda95469fd181f58189dc57b69e8651a
dea11a8531a4a6b85658a89fdebcb9b3433828c9
F20101219_AACJOA zhang_y_Page_109.jp2
19c314c10414b5cc37589563f4d4ac91
00bbe885c34ef854ccc7e3e42fed965e7b590bf6
2601 F20101219_AACJNM zhang_y_Page_045.txt
2a2c0b9e97867a478d3d9dc7271564d0
58e65ba70bcf63f41ec8e02d4216f4ff0730a173
100590 F20101219_AACJMX zhang_y_Page_095.jpg
ea833d9eb4ac2de827aeb6ad758822c3
17bbe358b7f9844c0d2db3fae800295707c8f83f
11960 F20101219_AACKRD zhang_y_Page_040.QC.jpg
97800d38880e77857db3f283fff3e406
3bcc09e8c270a1fb33b8ea4d756f88e3b4113655
30842 F20101219_AACKQP zhang_y_Page_026.QC.jpg
9bcc4397c225c034975fcc769431b5b5
97b27f760143ceeb6ba874fef672b12379a2dce8
35453 F20101219_AACJOB zhang_y_Page_021.QC.jpg
a1d28ac5cfce91eddd86ea6cf7433be3
bc6d0e223c99465548403e5c851bdfc518875e54
F20101219_AACJNN zhang_y_Page_150.tif
4b50b84b8c5b505410d54489260201f7
ba841fb3d8f017b8a277d726c4d45d77b07d3b9e
122150 F20101219_AACJMY zhang_y_Page_090.jpg
bbae7a421c7cfd56c673a8249f2c8550
2da89834fb13233741b0808b027d5e66c5e5fd04
7844 F20101219_AACKRE zhang_y_Page_041thm.jpg
f28f922f2500b74bf3ff190f9d26f7e7
e3903d150bd2ca6c06d09a1359d6a43fe0680020
7596 F20101219_AACKQQ zhang_y_Page_026thm.jpg
2fe7b28f62a0488287273e8d26850847
188084ab690dbe579ef1f8f300ba18bd0b6d51f9
116252 F20101219_AACJOC zhang_y_Page_130.jpg
da9066e761de5c962719c96012750ab9
d7157976c2e5e365624a55ecbdb46619d9571702
106842 F20101219_AACJNO zhang_y_Page_115.jpg
6fe6c0d12134aefec8b4c65c19e6befa
5929b385d9d29653110c5bf04ed36b4f4cce2ec6
37497 F20101219_AACJMZ zhang_y_Page_062.QC.jpg
c277fe6ce72f019880b4c6517307a532
8cb70376b5eeae0e1a0ad4c0cc665703f391d310
8838 F20101219_AACKRF zhang_y_Page_042thm.jpg
831bbb8f5ea2f2ff1cf96b1a0df09e9e
928eeac85f0e7c41133c4a771393b446656db7e6
40034 F20101219_AACKQR zhang_y_Page_028.QC.jpg
5bae4cd66879bb85d429a2a1481f601f
081eedac906b242b051376887c8e6d81aab1c9ce
F20101219_AACJOD zhang_y_Page_127.tif
64226ebac15f7156bc84313edca09474
872716aceab4090ec1eee05b1359c78673b4c62e
39330 F20101219_AACJNP zhang_y_Page_040.jpg
e47ba04ea18eefd0a807036e11aca57c
f66ed32158ef7e65e5f5a0174895b359f96cd8eb
8270 F20101219_AACKRG zhang_y_Page_043thm.jpg
d955997ed7173b48b4dddd6b4e1f324d
d1c37f320d47864303c049961a108818d9f2b73a
8792 F20101219_AACKQS zhang_y_Page_028thm.jpg
8c8115e996ad105a78acf99e5c29f4a8
776961def4e54eb63d464482656b8234ea75b68c
4176 F20101219_AACJOE zhang_y_Page_002.jpg
02d394728027c85f746f1d873915b62d
a35b7e65ec4e5829426075007fa80508425d4468
7898 F20101219_AACJNQ zhang_y_Page_023thm.jpg
79720270da08e28e847c563594f4a3fd
618830600ddf4a2212b584059f336f94dfac22e4
18833 F20101219_AACKRH zhang_y_Page_044.QC.jpg
99130f35c949b98297337577a5e8942c
31a4968cd31add3614fbb2309379ab451f385388
8895 F20101219_AACKQT zhang_y_Page_029thm.jpg
b077d3245881b0a11e4f5e4841107763
e81eaaf19c8871a7a132a309238722a058da787b
5437 F20101219_AACJOF zhang_y_Page_002.jp2
30702f9d8a8b6e1b2109b14bb34ec6aa
a69d94afd3d1631afbb6eb8efca684e400b73d67
F20101219_AACJNR zhang_y_Page_034.tif
57fd2d6b9112a66659ce26d071c46c10
d3f1f239c74e3c7d03ef5ab29187f3c5981484b1
4420 F20101219_AACKRI zhang_y_Page_044thm.jpg
38b43ec21c2b3c6f925109df5d5ac4f9
d8c40db4d815d30c45dce776a1ad3d19e7557f49
33577 F20101219_AACKQU zhang_y_Page_030.QC.jpg
c4e3f8fc379a393bb882496410d4bf2d
99cba549f97adddfa89ad6246b35282fb433a4a8
35991 F20101219_AACJOG zhang_y_Page_078.QC.jpg
71db1b5a51b1fe358daf3d5ed4640cb3
9cbecbf8a61970e641b9bf76b60c3784508f03fd
6750 F20101219_AACJNS zhang_y_Page_007thm.jpg
585fc3434dbba40151fb3af764aa59bd
11ada6ec695bd4ed2e311e18915fea0a3aa901d7
38810 F20101219_AACKRJ zhang_y_Page_045.QC.jpg
3065b85652a121d57a79c6f79bca9563
60e708cd571a7ffff4c627341ff7eee1caf0a255
36245 F20101219_AACJOH zhang_y_Page_144.QC.jpg
05b5c2bb41d432ff5b0a86b6ea614a83
4387c5c24fee8cb4f0bd7d82f5d3b3eb1078b534
8489 F20101219_AACKRK zhang_y_Page_045thm.jpg
399abf6066a38d1904f72ad64da9d2a8
8a7ebe10647fab0f796041a48849927aebcf2079
38528 F20101219_AACKQV zhang_y_Page_032.QC.jpg
f0ea3b5aabf479eca41b7f4a9ca8aaf6
f17579708cf7bae97a7b78d21b3c4cd3db1bc68c
F20101219_AACJOI zhang_y_Page_128.tif
a1d1433bdec53066fda7f9c71e0c356b
f759d458d93cbb79d67a1aa00ff12ae05660071b
7465 F20101219_AACJNT zhang_y_Page_153thm.jpg
b98733159d97257a0be5a08b290e9e29
e90ebb8a4d973da9e048549c57e72475b5cbc5a3
37700 F20101219_AACKRL zhang_y_Page_046.QC.jpg
dd1d27b974c84f56551fdec350d96f26
c409cfa09bfd86a5ef15cddac9292fe64cce264d
36502 F20101219_AACKQW zhang_y_Page_033.QC.jpg
58d457b0f14cc67288c8d5a7f3fa5ed5
971ba396cf7f066eb7810497fd2fea6f1cc061f2
31968 F20101219_AACJOJ zhang_y_Page_077.jpg
ba4f7e4e55f7b4f58d4798fc5f5f668f
2c735461e47cf57f62ca90d56e88577425e037c5
1707 F20101219_AACJNU zhang_y_Page_099.txt
1381ed036eb626bc8ba9ed2d47365ea9
7410e49d33516900c32f29eb9e53d248e1cb5d18
7187 F20101219_AACKSA zhang_y_Page_057thm.jpg
94d79f2b6cceb044208508453923e46d
66b83a23d9a1a8c7a20d3cec30143186f08fdad8
36813 F20101219_AACKRM zhang_y_Page_047.QC.jpg
9763cd2fdb457df038683a6d68ce1227
3fb03b323d0ec1518f97d5a5a3df8e7b90795654
35751 F20101219_AACKQX zhang_y_Page_035.QC.jpg
0ece1c6cf93b59614bc06de039277fcd
04bba4d519fa1dbf008fa032dfdfb353b6a5026b
113626 F20101219_AACJOK zhang_y_Page_128.jpg
817585a9675f5578c85a4932c4c10854
7dcab5567d612be68deb4277eeb80503a9d04ec0
109187 F20101219_AACJNV zhang_y_Page_053.jpg
af2cb5a7a34082d7fbdaf0caa2d11cb6
b3d7c9d60f039ad47582656820e0a6135d51920d
8212 F20101219_AACKSB zhang_y_Page_058thm.jpg
771cbfb47b217059a24874e84105e708
7a6f45c12ce0ab6f5f3511a78c27ca0372a08256
8168 F20101219_AACKRN zhang_y_Page_047thm.jpg
575e9ed8ef0fd6f3006443101b3b1e24
9d255be49e4adbbf5d53136171c9cb7fba1aeec9
8253 F20101219_AACKQY zhang_y_Page_035thm.jpg
d9fbf721b4788594d4c0ed15455018d2
0abe3613cee25aecb827fbb368280190ecf79ba6
44961 F20101219_AACJOL zhang_y_Page_070.pro
66a85b7f0afebe5c805565de2dcdceed
504465710a661f2cf98a13cc6a79c21aea3d5fcd
2992 F20101219_AACJNW zhang_y_Page_167thm.jpg
0e8476a7cdec2a5b36ed7607664a6e41
0e55017ab204e263a1cc3a3e6adb57d15173020c
8440 F20101219_AACKSC zhang_y_Page_060thm.jpg
5039b61906ceac9bb70932e047b76dee
22a0edb20dc1aac58ca398746686a129af602fec
8216 F20101219_AACKRO zhang_y_Page_048thm.jpg
f68feba8e387c88dd51b9bb2399c8cef
f7fff301163ac3ac7c2cd6f239ada8c6b7f7467b
39074 F20101219_AACKQZ zhang_y_Page_036.QC.jpg
0b6a4f180461471d1c687177098909d5
294ea430a7312ebf1b63d562f93627e1e084c547
6838 F20101219_AACJOM zhang_y_Page_110thm.jpg
c2f295ac03dd9f56a731eb2f1a356f77
ae779f6f34e7a97689a6e090d20a6a4c50ab347c
101607 F20101219_AACJNX zhang_y_Page_079.jpg
4d2d55a745dfc77f88cc339cfb298c3b
e25f72242ba22de36bad5771eb5baeb0b898f569
F20101219_AACJPA zhang_y_Page_130.tif
ea136e9a1cff0ea9693505b5e87b5867
7c352eb7427359d4d1a45d7fefba8ec2f6f50e86
36950 F20101219_AACKSD zhang_y_Page_061.QC.jpg
5ccda6544c8f1f47eb3cd62d6ad054ee
cef238eb55be0e81d160297cf75cf27147b48366
8492 F20101219_AACKRP zhang_y_Page_049thm.jpg
725f8be9716338139db05b2d25ddfcd4
d79002d402701667d2cc9f5f89e6ea9217cce351
50659 F20101219_AACJON zhang_y_Page_009.pro
31ff1d6a10dae2c387cccbb5dd0dae26
f65d0eb64df3c7c4901c1b6a668907e98756b45f
1088021 F20101219_AACJNY zhang_y_Page_145.jp2
012191a269036e12ab7b1d7ffcc44c14
212746d3e8204f4cd6bf4b7e29918c3f02c0368c
120150 F20101219_AACJPB zhang_y_Page_061.jpg
c4f45f9eaac2bc2af4cfea2dee5be4ce
9ca232389de7ef4626ab534af28db8f4d5c8d69c
8305 F20101219_AACKSE zhang_y_Page_061thm.jpg
70a6a57cdb7560292182e5e598a235ec
b1f0003c6ef89cbfa621a2e53774bb7cf1a7ee73
33731 F20101219_AACKRQ zhang_y_Page_050.QC.jpg
71a73507c207e038563ce6385e534029
c250831a2017e8087d424bf4d73aaf3a969fdc75
33015 F20101219_AACJOO zhang_y_Page_041.QC.jpg
15312b01a3388ef5732db34ece933aba
04a394d3321502715132cd5dc38b49e5bfc97ba5
1088026 F20101219_AACJNZ zhang_y_Page_127.jp2
4f637bfdd74dbeb1ce08a6bb4e0740c0
a3d0de0a415a9db23ad39fdb9ad41f28c250a99a
2150 F20101219_AACJPC zhang_y_Page_116.txt
17138a7dfb83864cd275b261343b068c
1cdc0a020333c2c85eac23b6a22656f4f9e6e81e
8474 F20101219_AACKSF zhang_y_Page_062thm.jpg
43fc09029c86dbdcc10476ed94d71f8e
ef6d0b329ef31e1930d55e6ce202df99a05d0502
37287 F20101219_AACKRR zhang_y_Page_051.QC.jpg
147a064585d777d1bb66fddf55b9c1ee
c9740b440ad1f1d050c9fa43cbd668dec49c263f
F20101219_AACJOP zhang_y_Page_160.tif
f2ab6cf8bea211c812d2eaa6eeb4a7de
5926835eefd434f469ae8831de04288b0a3594af
1010 F20101219_AACJPD zhang_y_Page_003.pro
c096b620718715211d4f06b35064190f
6021b938eebf24f98123a5ea4ebdbe7d14b66956
29424 F20101219_AACKSG zhang_y_Page_064.QC.jpg
1ab6d96bf79dba3e5ee8d63afd9af364
0d34fb47d79659b015d33a2de793344464ad48da
8599 F20101219_AACKRS zhang_y_Page_051thm.jpg
a40a81477dcaa5504bea993e913bf990
0a0b2d861eded840e69c3d302f284348fa12b1ba
1088019 F20101219_AACJOQ zhang_y_Page_100.jp2
55576e3e75a394a340ef3ada169c3bea
c9f9f42b91639c6234fc8cdaec8933c1df729bbb
31527 F20101219_AACJPE zhang_y_Page_095.QC.jpg
5a687a42c2dd769eef85650cd4afd043
9390908c523097fe11fe29f5f407403695325504
F20101219_AACKSH zhang_y_Page_064thm.jpg
be110755d9166ac29df70bbae4e18955
71d977bb8e0af700b91b3e02d87fff903fb11295
37686 F20101219_AACKRT zhang_y_Page_052.QC.jpg
b6a7d4ef28d843f6c863f8d998c06c07
1a020b38dd56a51ccefe1e2ffee59bd5aa94cc56
2487 F20101219_AACJOR zhang_y_Page_152.txt
c6b92aae9502076bde1a5f86abf31588
cee416c395c43a5d6aaeca2ffec245ecb3e761fd
2235 F20101219_AACJPF zhang_y_Page_009.txt
2f1605b9453116cce3f2b95ac3f0ab02
6fe4b810b8a2fb987bfaaa98bbb5ed96bf995915
33359 F20101219_AACKSI zhang_y_Page_065.QC.jpg
731630bc6862938a6e64aec7d6011a5e
14acac5b08973c8851e2be5c55991150145b82fb
8684 F20101219_AACKRU zhang_y_Page_052thm.jpg
e35820d2542249784001313b6e412890
7af38257b5b2af50a3e3418ec4481fae1de5cc91
119474 F20101219_AACJOS zhang_y_Page_033.jpg
5939386863ef86f4893746f39a890612
bd177311c211786703726cc2cb90228e47bef706
1087960 F20101219_AACJPG zhang_y_Page_123.jp2
75262dcd5a26b1c29504d22d4314da95
cf586815564f3d8c953a39d6f0f4d1ccc8d96bf6
8023 F20101219_AACKSJ zhang_y_Page_065thm.jpg
f5c27890d424303cbf9172f1195baaa6
125983621a4417774714037b093004a35c6ee575
8009 F20101219_AACKRV zhang_y_Page_053thm.jpg
b493ee2a78d1be7fa06799aa74abe509
a9e87171ccbffd258bd00590723e9ac5b9cfbd51
8669 F20101219_AACJOT zhang_y_Page_059thm.jpg
bb651a07ba9fc3559e75bea10ad4a450
3457e53ce04dedcfa3f6d690771aacedcb985eb8
32085 F20101219_AACJPH zhang_y_Page_156.pro
1df4aae168f48fb8b60dcd0761a12c37
a6af6b2699d94e6bed47e94c78db4425ff6cdf10
7740 F20101219_AACKSK zhang_y_Page_066thm.jpg
f1db98a8a79a2fdde34a2d80c3867c39
fe68d3273fb95f203b3b457915592fabcb303062
190191 F20101219_AACJPI zhang_y_Page_015.jp2
27cf9b56719849534176a05a400d349b
3b89f5c1be38ea86b1ded8ef0d880d18fed14e5f
8184 F20101219_AACKSL zhang_y_Page_067thm.jpg
b547b943e761022d22233190d6020771
cafbf89bb9645d3cc86bb40cc014da92fb0ca801
38357 F20101219_AACKRW zhang_y_Page_054.QC.jpg
efd6bd3eec6bd637f5ba67d0da99ab5d
6cf80562c810ce1287cb71b33227a74906732b27
557 F20101219_AACJPJ zhang_y_Page_002thm.jpg
edd7b90f629b3f65792dfab84c255caa
bb108e2e48e9601bffd5c11f41b4ad45f547e6ae
35256 F20101219_AACJOU zhang_y_Page_008.jpg
f8a17a82598e4a070330096a5aed781e
fb2eff205ec9c4cf391563edbde29e80bd87e8fa
36745 F20101219_AACKTA zhang_y_Page_076.QC.jpg
df0e525a194ed3f1392b8702409f1145
1a16316d969bbf7ab06630b516330756fcc77e35
29676 F20101219_AACKSM zhang_y_Page_068.QC.jpg
02ffd6387427402684f5107c9e14ca2e
0e9d3d248a3e6a202cad4c0b3f6c9412a0f27c72
30477 F20101219_AACKRX zhang_y_Page_055.QC.jpg
02792185ebb98018c4582a393975cbe0
8e3f851d0c9b9c4da6c68f2c193ba666c6c20181
93818 F20101219_AACJPK zhang_y_Page_111.jpg
fe55c5f350885d5573a5ead3e880f8c8
e4f5a2e42d20c80dea153799e8240dc8abcaa315
F20101219_AACJOV zhang_y_Page_089.tif
b22297d7ad069067fb009818f46c801b
4066c1d915bbbc7a3d87d07de539d91bb900dd6b
9747 F20101219_AACKTB zhang_y_Page_077.QC.jpg
54a91978662a4b816ab854abb1db4f71
f1410f764df50b0934e53bfff5ff1d155e96460f
20360 F20101219_AACKSN zhang_y_Page_069.QC.jpg
c1469de6b66ce120dd564bf567a98b78
f7fb3e21f15d1e01f41def170f65fd773fe91d09
7419 F20101219_AACKRY zhang_y_Page_055thm.jpg
fbd96c143ee651c6a896b606568efbd9
24173a353574af7db4bee5c5b074a94bfeac9c6b
F20101219_AACJPL zhang_y_Page_098.tif
a300bbeca57bf3fc45d6ea5f3598b5c5
58cae5d8bde50ecd39ffd78496cb97ef7efd5d8c
1087915 F20101219_AACJOW zhang_y_Page_138.jp2
5d663020715817065fd4efac2ffbbaf3
d6a15af15393b9a08d8799b5e27ed23e0462004e
30706 F20101219_AACKTC zhang_y_Page_079.QC.jpg
de7af460765e83fd56cfeb258f46a91a
fbf04bc47f420ae6b03c6a91b377eab00f7fee0c
5053 F20101219_AACKSO zhang_y_Page_069thm.jpg
82a39bd6f48ef2d8ea98cb00dee5767b
7cddd1df00b4734bac981a826b765da3897233c4
8322 F20101219_AACKRZ zhang_y_Page_056thm.jpg
732b7d6a7472e81797a6c512b207ffc6
926e93858906b22cbb1714e115ae60951fd0b453
29778 F20101219_AACJQA zhang_y_Page_094.QC.jpg
303e1d66f5ea254350e20efbddbea6d3
b198de4d69a7d389e4e47b8a41e27b7a0d9b8a52
127602 F20101219_AACJPM zhang_y_Page_164.jpg
c57e4c922e1e037649420933723d9bc5
6c8693bba43b2da8cb55ceb052ce382df37b9651
8242 F20101219_AACJOX zhang_y_Page_139thm.jpg
218e037dc79500e43b3e6e38fa0a0068
fcf0b190a51b641549f06f1dca6bbec356abf21a
7100 F20101219_AACKTD zhang_y_Page_079thm.jpg
7b99153db74ef82efbcf8bf1443baa86
44eac4b23fccbe132ff6d720bbc747862d2d08a2
29186 F20101219_AACKSP zhang_y_Page_070.QC.jpg
1ea05bde1a936043a737858e2474f84e
4a50cc944d014e91715c1aff70ea6b1939120cba
8393 F20101219_AACJQB zhang_y_Page_118thm.jpg
65ca535f3f8a57fbd71fdb12c219e201
fb88bcc879823df685ee3f98267fda81bed7b1f5
68383 F20101219_AACJPN zhang_y_Page_024.pro
d37a01fbae80db1e094e759d66e3fed9
faf088f6d072cb7b0f714bc51330356ef038403c
8414 F20101219_AACJOY zhang_y_Page_163thm.jpg
596b155b4fcec37452f6d9146491439d
616e28930cabc1d016dabc98eb1d404c4a61c50a
7653 F20101219_AACKTE zhang_y_Page_080thm.jpg
88d80df5c2eabf6eede07edf86dff337
7798276750da41a57ac285e1ce6a3cf0f8864541
6866 F20101219_AACKSQ zhang_y_Page_070thm.jpg
48aaec880e21eff9741b57aade522ba5
7ef18a36d86e3abacb466cd7e4c6d70681403491
119297 F20101219_AACJQC zhang_y_Page_123.jpg
72bbe420f97ff2dbf694bc21a4244ead
44b8ab94828f0b1473710b6b9467b70381fd1bbc
33136 F20101219_AACJPO zhang_y_Page_101.QC.jpg
ac5902fabddaab0a6c8cb3860250b738
facdeebe2aed4fffaa8be5dbcd48a2a8b1757dcb
34657 F20101219_AACJOZ zhang_y_Page_152.QC.jpg
66c84afd65e48c7988637c31bfc00f13
2d562ef47951b497d44c2282df30dee157b65565
40119 F20101219_AACKTF zhang_y_Page_081.QC.jpg
73a08ba589bbc6004be1ac389d1a6930
e2485b16a36542ace35a49a9ab518bdcb416c99a
29471 F20101219_AACKSR zhang_y_Page_071.QC.jpg
c6ec7cfac25b7aeae70c26e69f5e66e6
5d2b1ef6991e06723d00bb27cb30da1798bea867
73496 F20101219_AACJQD zhang_y_Page_148.pro
284b11e8baab553681b7d6cbea0d8742
b6ee1ef01f63d5b9b35b70f35e59939f688e1ab8
50683 F20101219_AACJPP zhang_y_Page_057.pro
53d81586b19b1d2f6c4ca2164830154d
4862f674f8a75a86cea5d6693c1e702413811914
F20101219_AACKTG zhang_y_Page_084thm.jpg
b27d137afd92bedde4a21ee3cc3fc584
65c32cd68df89e3a9421029f5851d41688c78c56
6882 F20101219_AACKSS zhang_y_Page_071thm.jpg
8590474730abc0eeab1d78df47307077
9a205b9633e487ac79ff356fb47546b5df946759
1088006 F20101219_AACJQE zhang_y_Page_115.jp2
acb8a41d368a6f74d638fdf3b56322c7
f56638ec112093994953cfa075eaf1f5b5a567d4
37351 F20101219_AACJPQ zhang_y_Page_067.QC.jpg
a48a0ef174e5380044bf7ff5165c2cb9
266bbcfed699cc0f78e6c36c9a40401c1cff4f12
32903 F20101219_AACKTH zhang_y_Page_085.QC.jpg
e9c15e306c273ea3c1428e335cf0f5cb
569fd6142b97853f7d71c3dbf9ef4e6b02db2109
33079 F20101219_AACKST zhang_y_Page_072.QC.jpg
af16f590eb578521b9d2e89a92bbb4a0
c1bc76d60369d191c4050e82ad4ccb261844cc33
106861 F20101219_AACJQF zhang_y_Page_065.jpg
a6f67b5d10f216295e748ca447fc5ef4
c139d0ccbd275dff65f7db7ebf88acda42a65c84
108259 F20101219_AACJPR zhang_y_Page_125.jpg
5ef8cd914ba34de2d87fe33e18f65c51
9b62c56363a1f76fd7c035bc2dff53556195ea77
7735 F20101219_AACKTI zhang_y_Page_085thm.jpg
b66b5742b9db444d2167e30d142b6e65
a3a166a86b5f24b9416767cab8d9c83cf42ee2ce
7704 F20101219_AACKSU zhang_y_Page_072thm.jpg
68f9cc86fe4b8cf42758c2f6deaadb60
dbace726f7c8067d0591c332b619d169cedb1242
463483 F20101219_AACJQG zhang_y_Page_008.jp2
813bce34dcb734dc324e0a9c535454d1
d3a4d39bcb531f758105e115c5add02e02347742
1118 F20101219_AACJPS zhang_y_Page_002.pro
76fbb8190b76f9b917c69ba02b9fe08f
3402a3db46354767bd65aa113b821d7d017383fe
8279 F20101219_AACKTJ zhang_y_Page_086thm.jpg
5d4ef3bc4634703dfe52f9d68faf0dc0
fab5576f89f3a1c3d69a726f7242598441866303
32280 F20101219_AACKSV zhang_y_Page_073.QC.jpg
578f185947824dea245e33479508ae7c
f40ff63f76fc3c36997c873ea527c2bde06a418b
8970 F20101219_AACJQH zhang_y_Page_148thm.jpg
d0e4cc29e135eb5109a000632f445e8d
0394e781828c3dcbb566ff4da2c794f40aac7b44
6102 F20101219_AACJPT zhang_y_Page_010thm.jpg
753dfec9116cfd9f7a2aada8d610ef12
579ae90694af479e71bfbf03330f64ba8b837871
32696 F20101219_AACKTK zhang_y_Page_087.QC.jpg
1d9b6730f04d0204133fb2b1bcd25222
d0572166f04f5cdb57cc7e6522a59b0562815c32
28742 F20101219_AACKSW zhang_y_Page_074.QC.jpg
7380afd7598d3d9abeb05a0104747836
954b56c5b5f71d149af5928df4d85ec074ecdb41
1859 F20101219_AACJQI zhang_y_Page_016.txt
1e03d4641e0c6c49267389a133c57240
c4c2d840fd44b9f394cacc9858736bb784ae1268
32446 F20101219_AACJPU zhang_y_Page_066.QC.jpg
a13224f1b80de7e48607f6eefa25e1ca
251957b5c54d6856473184eef8351110640cfe6b
7421 F20101219_AACKTL zhang_y_Page_087thm.jpg
dc30fbf3a5f00be2f41b9b9d92cf3309
b3a8cfe2257989e87e51f1de162e8a7431432969
97148 F20101219_AACJQJ zhang_y_Page_103.jpg
1b08ebd1077ab0cb66f0a0eeb244b6f6
6a4e60730087ffcd70a830f3c0fb3acc447f67fc
8035 F20101219_AACKUA zhang_y_Page_102thm.jpg
9b609f1e44c5be00225373dcf0a94df0
4d4eba8715061252d007abb85e8ba000af8c628d
34711 F20101219_AACKTM zhang_y_Page_088.QC.jpg
7bb40e103b9ba80386ad3d433957a557
17a716b2ad9023eabe46909343c8fa7db0574dfd
7003 F20101219_AACKSX zhang_y_Page_074thm.jpg
e0bc572f405b49e153ca5c8d1796f417
193938e881919bcf2ed9af1f5126814c771774cd
F20101219_AACJQK zhang_y_Page_086.tif
56cdf06c5e78ec15ed71d0bd101a6a3b
6f4e5af6ce1c9a7a2a508693f10d5a2af74dd918
1166 F20101219_AACJPV zhang_y_Page_079.txt
3d9bda4c2edc6dd7199e6ca71e9f0e7b
eac60e8512cc898d91cc53f300d01f7c5fd142a2
7227 F20101219_AACKUB zhang_y_Page_103thm.jpg
e954185bde9445f6f07c3d7b683fee5c
06220a931306b561f15b225545f044c1cf56f77d
8103 F20101219_AACKTN zhang_y_Page_088thm.jpg
9467c8be61ad6e9d33dc33cb58d29483
c432b710e6505ceca857f9bf240c83fc4c61f5ef
37548 F20101219_AACKSY zhang_y_Page_075.QC.jpg
60d2fe83786801715a9a26d7111b08c9
325fb7d045d4472998dd8876a5adedbe0a0cffc9
134477 F20101219_AACJQL zhang_y_Page_158.jpg
fd88a102cc866fd18bacb193b2c39f5f
52451a02401bc6c6a5f47c61b5161a54f87ec225
37727 F20101219_AACJPW zhang_y_Page_114.QC.jpg
5eeaa070a1da5bb3baa97c3f9b264237
ab0b5eac4d8c684e2c16099e7140b35491948ed8
7706 F20101219_AACKUC zhang_y_Page_104thm.jpg
7290c29a8b966c6fa9daf500dda450f7
4138736e169b3e1bb1ac40fcff46693f5ba8ba07
8652 F20101219_AACKTO zhang_y_Page_089thm.jpg
575a8b125ee4fe682c0242ec85021ff7
57e980f0dca5a06bf90ab5377231cc468e71ce68
8602 F20101219_AACKSZ zhang_y_Page_075thm.jpg
f6325d8833640e9d36cf61c7b4e7fc03
8571898414b590ee63f1108fef2f4ce780277085
134151 F20101219_AACJQM zhang_y_Page_163.jp2
f344e0219457182543ec09a19c281d30
def8be923ac6d6819ae9157d8edbfd4fc6366d60
68281 F20101219_AACJPX zhang_y_Page_119.pro
6fba68ca39a908442781f0fb416e461c
1c1545ef92f10d429414e1d7e74886908b227101
35333 F20101219_AACJRA zhang_y_Page_048.QC.jpg
6338e16c3f30da3671a37a58ba2db3eb
8a20dbaa783d2644fec4b7fbd707ee6ce86b14a6
28563 F20101219_AACKUD zhang_y_Page_105.QC.jpg
88215b01aa83367cde4116c5efef053a
17ad8939f9432b60bd0d9c3f37805fa159505a6e
8583 F20101219_AACKTP zhang_y_Page_090thm.jpg
b64406a483b32c514bd7248d16e78db5
c1c2bcf223c1ecb2773cdb02e12e601ce1c979be
F20101219_AACJQN zhang_y_Page_116.tif
a09e79b924014fac61927ecbe73c0b1c
ef3df9296622ec4feb87d53b3c4093a25a6e676a
F20101219_AACJPY zhang_y_Page_070.tif
5f7cb38894707c5bf27166f3eac890b7
b4cf85a2937bb5c268cb3f2488d16f7e0acf2268
2063 F20101219_AACJRB zhang_y_Page_091.txt
9ced400d974d65846eaa3510baca242e
82fd20ade39da211b04aefd90e53794daedc5bd8
38557 F20101219_AACKUE zhang_y_Page_106.QC.jpg
c972f2c9ae8e0ea671f44d15008bc027
bca3888433d6d824459eb9309d25264aaff2a6e6
29238 F20101219_AACKTQ zhang_y_Page_091.QC.jpg
249c79044f6c6a30bd444cb8ff563be2
3bc56029d07b7f237dd61e7d6d71368f96ef3220
2546 F20101219_AACJQO zhang_y_Page_089.txt
2d9a11a1f6345284710ecc30c3db247c
373725c51fd27e8aa91d7bfb460a77d35750adc6
105168 F20101219_AACJPZ zhang_y_Page_080.jpg
c5c85e0680edd5296837dccd8aaa86b3
7763671cc793998f85449fa8f1df0896a470732f
65856 F20101219_AACJRC zhang_y_Page_156.jp2
660637a3370f4de711581f82d6cab9bc
da68be53a3e45e2c16e8bf51a4e70eadba2e1bd2
35912 F20101219_AACKUF zhang_y_Page_107.QC.jpg
01cb464c8435434d649c2a80855c338e
53f72719636739179ea96f6b7217d174a2266f32
6550 F20101219_AACKTR zhang_y_Page_091thm.jpg
5e378a02c1749a19a7add3e2b4721009
fbe4ec158d7ec10d8576141b5d2794e25f147247
F20101219_AACJQP zhang_y_Page_082.tif
a5233f79b039a6f9ac538022c8b20a1a
41338f362bae2aba942a0faf9a1c8150fc669fae
1370 F20101219_AACJRD zhang_y_Page_004.txt
958b344280065aa65d21f63fe6fba792
e5d97eb91259f2d401d5cd9b1f51a8133665488a
28192 F20101219_AACKUG zhang_y_Page_108.QC.jpg
10aee5e0375b28ad104a0e188f7980b2
17e0c65ebcfe8cf478b418d7812a9f6fd7a59b5a
7661 F20101219_AACKTS zhang_y_Page_092thm.jpg
be7baf0eeaa49019ed31d30ab8696f83
7585e362d5d833d2c0e0a653e360d84a042a1333
68223 F20101219_AACJQQ zhang_y_Page_032.pro
8a44c18e585d171f8ab6484ef66d1986
8afa9a478716866008a78b9bb7aca1b93af30edb
2943 F20101219_AACJRE zhang_y_Page_161.txt
fbded7e80dba81563240418c3d59d1a1
e469f7ffd3fdb4223fa1ba030ff6407dcd11552d
33204 F20101219_AACKUH zhang_y_Page_109.QC.jpg
068e60386e4573370c217c9c73b776fa
360a91bad85aff8303cbd9b81b10180431d3f6ec
8229 F20101219_AACKTT zhang_y_Page_093thm.jpg
cf20c0aef78ed0f615527f7129b33187
b8fafb9f1b4df98f70b77e1e6c0ab25108982f17
128622 F20101219_AACJQR zhang_y_Page_059.jpg
092fd7f47728732c6acee6f3937472f3
230bc1a95a494b38bde0deb26fde5c8bf886547d
7823 F20101219_AACJRF zhang_y_Page_151thm.jpg
d484ef9826d6cc1c2d534ca15298593a
35e52c54e2d6a9982eac03d80b55a4bb1780c82d
7748 F20101219_AACKUI zhang_y_Page_109thm.jpg
c608a6ca6125b2576d4b355e99b3992e
e588c42a54b93ac965735e8f8fb65a1cc5b444a9
7617 F20101219_AACKTU zhang_y_Page_095thm.jpg
e3e6480a289f10d90387705cb9c11ce9
0bbf40c942f115c2b6dd5ee505e4fd7d6da2da92
37653 F20101219_AACJQS zhang_y_Page_118.QC.jpg
29a9c5e3b2e3f2e7038a0f9ba408440f
283cc883a3fd3aeb0c5d58e81cd14a59cd061e84
120422 F20101219_AACJRG zhang_y_Page_062.jpg
1240c072cf49ba2196fc7a3dfa1b494f
5f29f95fd247c31cb89f85f369988bff94cb262d
28380 F20101219_AACKUJ zhang_y_Page_110.QC.jpg
421b20b605043d69e959f1d0734d746f
35e5fcf243108eff2f7cd59f87e7ae39f395bec8
38547 F20101219_AACKTV zhang_y_Page_097.QC.jpg
290b4fa6602a9d66a98f3656350ca43d
a3026c4a4953a959aaa3b91025c6e5bd9a7b7467
35828 F20101219_AACJQT zhang_y_Page_140.QC.jpg
d5c2a0a90bf5422e311f987598312814
926b6b485b30eb6dfe8f16ce63588f4ba16ee791
F20101219_AACJRH zhang_y_Page_008.tif
39538d31c27d93e9ce2d3e4b1d1fa45c
2ca2bf3f776005181cec87a10c3b61d289e72994
8556 F20101219_AACKUK zhang_y_Page_112thm.jpg
9315fabdf06a7cc2ec89a1d392dc3277
16a2d7889f235e66ae6cc395b9a5cedf3bb6149b
F20101219_AACKTW zhang_y_Page_097thm.jpg
561780905bf971936fbcd641814777ab
031a974d37f20459b1ced6f81c7151d9524980c9
64624 F20101219_AACJQU zhang_y_Page_151.pro
4a38a6deb23e408325d91436f8f6ff1a
1b84e2910259b9325966f9ca68ba8ed9b478d62f
37403 F20101219_AACJRI zhang_y_Page_025.QC.jpg
11041cd1849fb06ab635ffd25a3ae8af
c1e09196a6c30d1317a8eb5f8a8894e53fb23fec
39605 F20101219_AACKUL zhang_y_Page_113.QC.jpg
8abb2ec32f829ff430610f3dba749a27
9bff9705c90fca7ef3b99da0dbb77c14b515d70b
37545 F20101219_AACKTX zhang_y_Page_098.QC.jpg
6450df8287699ccae0a033da86030295
b7c6948c98bd7f15561b14a2c5940581c022ce1e
F20101219_AACJQV zhang_y_Page_080.txt
126452bcf1b5a62cdf6a009299157e0a
66a8b52b012ed817596cf20270df368427f918f4
F20101219_AACJRJ zhang_y_Page_066.tif
b06ef7a8f042cc13c0b37e0ee871b225
82060bf8f9c21db97722b1c072588e69cdb384d8
8263 F20101219_AACKVA zhang_y_Page_127thm.jpg
a6cfc24d56acae5c52c60b5aac41dd27
16a8504fb7b5cdbc6e95325387fdbc1b5a6fa799
30933 F20101219_AACKUM zhang_y_Page_116.QC.jpg
485ddd34dd35164a58a4f43ea75c3f4b
571d19ca10dbf2cb6712ba8f6685770975a95c59
36038 F20101219_AACJRK zhang_y_Page_102.QC.jpg
c245633cddd356c472324b263435b312
6ae92be2193c53498fafa2273502f91a6b4e9c7a
35641 F20101219_AACKVB zhang_y_Page_128.QC.jpg
daa82a395dbfd740173d5612c2516496
1842bc170a8366c78b32c7679ee0ac3afcacb3ba
7474 F20101219_AACKUN zhang_y_Page_116thm.jpg
3bea2363ac80e79279c046fecce48f33
eb1b45d2f9d0837dbcc30442dd6ebd71e69158ae
8605 F20101219_AACKTY zhang_y_Page_098thm.jpg
c3f92c33eea90609afa6da5bd1d8c4dd
cbf43d3fd1eb02b6a14a1b050a82ed06f4d740b7
8221 F20101219_AACJQW zhang_y_Page_164thm.jpg
b60020095565e3e4710eaeade47ff3f6
5c08db4b46ec48d959c65ac230da014d9bc2807d
98603 F20101219_AACJRL zhang_y_Page_132.jpg
3dd8fb7c99f05754cff8254e1d7ceacd
bf13515a2e4355d4408580797573318fc7c38fbe
7896 F20101219_AACKVC zhang_y_Page_128thm.jpg
44fa49ae99dda35dfb4f1499755eb0b9
ae79214d5decd6bd23bb3628157ce23f46f46dda
29590 F20101219_AACKUO zhang_y_Page_117.QC.jpg
7e15390da375e76cbe4abd2449daa40f
b594a60a4c020f98d6f5af3372c2bb0838b10aa3
31188 F20101219_AACKTZ zhang_y_Page_099.QC.jpg
b87a26c5b5386df4fba9541842b9262c
75d0c8d9708857c1ac0e27089df23ad86ec5ce93
1088001 F20101219_AACJQX zhang_y_Page_066.jp2
6f528e8d032d0eb2d6351602ca0af993
4c7645453472924c50acd555bb3f704f012dc962
58810 F20101219_AACJSA zhang_y_Page_035.pro
7de69ea3777f9cd75e8c27a7320b8bd5
c09257724cd32f5062cfb0bf781f3f31a118367a
8579 F20101219_AACJRM zhang_y_Page_039thm.jpg
ab9e872b892797003322059d8f884b1a
acb07453006a421d8cb0a093fa4849f55fc8c4e7
30657 F20101219_AACKVD zhang_y_Page_129.QC.jpg
c19e5cf3522ea83b236f81ac81ffb88f
8af28a713bc827c742e62943186873010dadeee5
6830 F20101219_AACKUP zhang_y_Page_117thm.jpg
cdd0563ce21563b06f3c92c2a4f6e36d
c200b8f93be349eab9388eb0baf5f594be38f306
23413 F20101219_AACJQY zhang_y_Page_001.jpg
99f734f71d34b005f01c463d2be42932
2aa86532fabd0b3b7f7052605056dc1c468a7006
44390 F20101219_AACJSB zhang_y_Page_111.pro
a527cfd8de31f65483e58773fe5e3b73
2d158b6d2e097663aad7a1d5b0e1d130337ee124
2262 F20101219_AACJRN zhang_y_Page_087.txt
195242e05e1433935d3a7734a8b91b32
b83492982c116b62d2f387a57aaed9325e64cfe1
7141 F20101219_AACKVE zhang_y_Page_129thm.jpg
ae3f384aa530fdcb2029d0cf2e4ff69c
2a2b2389aa68107a5ab8f9faf8f63e146a6cd413
34744 F20101219_AACKUQ zhang_y_Page_120.QC.jpg
f4332c35c44c013d79c038255d9a0df8
9c8d9222c6204e089c6bf372fd6dc8fac6a2b044
F20101219_AACJQZ zhang_y_Page_073.tif
5a7cef976105ee092592ebd541082f8c
90a5cb820c656b86bab764a23ffbc0ac89a4d248
7041 F20101219_AACJSC zhang_y_Page_108thm.jpg
5e9a747adcf29ec2e9261eafe025fc33
a34c355689fd2044f50838f24e70834675ee78a3
F20101219_AACJRO zhang_y_Page_011.tif
efa2e1cfed19d6f330514b46822da2f3
1cdec87f906aa2f3567fd56da2745d82847ff18b
35307 F20101219_AACKVF zhang_y_Page_130.QC.jpg
9301c47f4c53fafa5d14b60a03629356
2afa1d43da76017f83e9c78c7a6bcb15535b85f8
7534 F20101219_AACKUR zhang_y_Page_121thm.jpg
e606bbe27770e53fe8720595ea1a9f10
12cf5f3df7e4c7a20105cd65a1675d5d7ccbeb93
38640 F20101219_AACJSD zhang_y_Page_083.QC.jpg
6aba11778485ef3047feac3afc3918b6
8214b299d726b7694ee14f6d60ec15d3f61aebcc
1087957 F20101219_AACJRP zhang_y_Page_036.jp2
f7de2c057b916a5c1eeb9d46ea607f18
2267708b0e6da8f97633320bc3987d4634d2bf49
32386 F20101219_AACKVG zhang_y_Page_131.QC.jpg
eded320493d784abe434b94e5b9c4ae1
060271138f7eeadb032a30c2c6ddd04a7e00965e
34590 F20101219_AACKUS zhang_y_Page_122.QC.jpg
4c7602ff5775d0ad582f1fb1d9fac91f
f4bac732ece310412336730f0244f15853374f60
2329 F20101219_AACJSE zhang_y_Page_035.txt
575051e1c5afb66e208bf2455da8d03a
ad979be5f35fb9b6c3cb6e2dd869a55564b2c308
8104 F20101219_AACJRQ zhang_y_Page_130thm.jpg
dc2d07de4f478824836f7595be3db927
9043a4fdb1261ae2ee8f5ba03ee1a0719a1a3a48
7163 F20101219_AACKVH zhang_y_Page_132thm.jpg
50bc292cbe918fed1206fc6ca63c9956
22177d732dd6f4afadfc7a70a10f2021101048ff
36907 F20101219_AACKUT zhang_y_Page_123.QC.jpg
231bc158ce070d9c449716507034b28b
c357159cd008e57d65fedf10c3ac8cb9a557fd66
18728 F20101219_AACJSF zhang_y_Page_156.QC.jpg
15ba9dcf82eab3fc4a1cd8bce4fef67d
783f54fe8f9cae97f7a30e7068b376a0acfb6bb0
8301 F20101219_AACJRR zhang_y_Page_107thm.jpg
af96e0cd48354273deb04717a6b5dced
e7e3d002d2e6de2e5969f9df66d826d223796e2b
8785 F20101219_AACKVI zhang_y_Page_133thm.jpg
b7afa460f9a25652501bf4ac5370201b
5ea742e7dc1c069faf4813277547b6071351d9a5
8527 F20101219_AACKUU zhang_y_Page_123thm.jpg
c0b855fa9022d21ecf1d8a85085b9a45
4d2791fe4aec35e23345967e43550727a79852f2
35111 F20101219_AACJSG zhang_y_Page_143.QC.jpg
031ebbc53202227703f579c55f721c66
75627608a4c9d170c9dc68012a6c40ffa2023d56
8461 F20101219_AACJRS zhang_y_Page_032thm.jpg
a941b903bec4bb12e3706376878ec099
cec18f3b13626e29f3b4f2e7486638458ee6601a
35062 F20101219_AACKVJ zhang_y_Page_134.QC.jpg
c9a49295a52a858ad9a7774c7c271036
b485d3246d5c9d74b8f0f1519641a35c8f1aaee4
37883 F20101219_AACKUV zhang_y_Page_124.QC.jpg
8bd7dc21dd2539fd1efbec22d097bd9b
cde69a7c81d5b13c4242bc571e4ba2578760af22
2614 F20101219_AACJSH zhang_y_Page_049.txt
feef6169cb0b62090082ec8d5f3e123d
260cddfadfd753a5312c957696f0dbe42f2ef7fe
8368 F20101219_AACJRT zhang_y_Page_150thm.jpg
a6a3630ad5b283a896795feb4fa77050
44474ab800450dbc4af8f8837186e01c51cd42d7
7815 F20101219_AACKVK zhang_y_Page_134thm.jpg
cc24ed5ddfa2f9e3876e33119b935830
0fd4433f1974d12bded7d1ec26e584e0cbbae534
33456 F20101219_AACKUW zhang_y_Page_125.QC.jpg
a55de0d4948d819c7214470aaf053341
186b211b8c9a5b034d31634484051cc2d43ff0a1
F20101219_AACJSI zhang_y_Page_039.tif
63ed89a94b13ec1c9e63262a3ec69fb4
7a43b9ce5ae5926693b7121fd2e6c9656ac70646
F20101219_AACJRU zhang_y_Page_080.jp2
7950b54f1808e698cbcec7c813ae5231
25f1985b7ab36e30853310d7ac5564753826db00
36831 F20101219_AACKVL zhang_y_Page_135.QC.jpg
3f63dd52efb1ea11ea6e871b31bfdd36
9b3265cbc3c9eefcff1f35e8825ffa8ef0e009da
7850 F20101219_AACKUX zhang_y_Page_125thm.jpg
4d275d258497e1beb48101151d87b793
d2911e1ba8128d07eaf6e5f4f95205da0e87d755
F20101219_AACJSJ zhang_y_Page_153.jp2
77dc9ea64538d71ac6c6f9724a09f325
3a14538a201dfeedc2bb18ca13ea3daef29b77c1
2566 F20101219_AACJRV zhang_y_Page_138.txt
e96f3b76efc0619b7dddbbb180a6fa06
2ed3c2702f7c52e583b4e80527e55ac0a7f6b66b
7958 F20101219_AACKWA zhang_y_Page_147thm.jpg
a262d83fbd65b53f12dbdfe891587090
0fc205e381859e95585b683002a53daca75459ab
8377 F20101219_AACKVM zhang_y_Page_135thm.jpg
284bb1a3a48250ee4cbfde921050f4f1
b74e41f9b33c50a01f928cec634258250c1f9316
35794 F20101219_AACKUY zhang_y_Page_126.QC.jpg
ba88e48755d50c1c7f33bbc4ccae9df6
8ad212f7b4a92b4dd728e214a1b7ee1bfcc937dd
687 F20101219_AACJSK zhang_y_Page_077.txt
aa969c1944d8dc72851b7f74b6fe0420
0832ecf0a249242e02a700936a521233800db477
62510 F20101219_AACJRW zhang_y_Page_152.pro
ea1fb71f0aa5641535b44d368e278395
529fad25934939e2c7b58277caf93757bce1f9d5
8367 F20101219_AACKWB zhang_y_Page_149thm.jpg
311d8d05f447b2d06e1cc2da4aa39403
228b8bdaf003cebbd00446677b21459539cd3b27
36176 F20101219_AACKVN zhang_y_Page_136.QC.jpg
a384c7d55ac4747bab9a756576729913
c7cb5b4a501c052451cf98ee5e3801c619d57289
191877 F20101219_AACJSL UFE0015609_00001.mets
957e0c26b865e4d8c033fa2f843571b9
97d13d36afd19b0db89c10ea3b0823fb88d3771c
zhang_y_Page_001.tif
36221 F20101219_AACKWC zhang_y_Page_150.QC.jpg
f4cba0739c64dab760b3f446a01d8b8c
078f01b4c1ec1cd4f33a87afadb2bd0b8a0bb991
8119 F20101219_AACKVO zhang_y_Page_136thm.jpg
dbc990e34d42810268b330d31514cb44
83f8b172f443bf622219ffc5e9103581f660e83a
35909 F20101219_AACKUZ zhang_y_Page_127.QC.jpg
a1fa0c4d16e635791ef8d6ce7579fd27
a1783bd0330d8c20fee45f13fe1d1f937077331a
111406 F20101219_AACJTA zhang_y_Page_021.jpg
89ed4f737cee40dcf116e6a9bf4c5f0b
27e129d30925428d10cbbb40ed1ba3d5e4930f3f
2550 F20101219_AACJRX zhang_y_Page_112.txt
753099c9992b1ef54a5b8bd9c1d73dea
9ad200087ad022fb8fa471c9f556ff05e685cc17
34991 F20101219_AACKWD zhang_y_Page_151.QC.jpg
2ec102a85d9f61b0f6890d060f1b11b0
63b70d5aa6191ae6f429663d9ba9cfdd41850a6d
6904 F20101219_AACKVP zhang_y_Page_137thm.jpg
de3c2293c520bd03c0cf39ce9aef00b1
5532af02a224e5351d4f8f564ef4e8c802699e47
115828 F20101219_AACJTB zhang_y_Page_022.jpg
f16eb67e8471769f2c829f3645039bdd
64f13bb17589b93f033f1de3d4cba747f0e95682
F20101219_AACJRY zhang_y_Page_060.jp2
8be5b314ddaeeafe63241c3ca06e378d
1b89c0c4e33a31831b769c564c07811936f0c767
8024 F20101219_AACKWE zhang_y_Page_152thm.jpg
83211a34e6512f39879924e9e4e046d0
92cc81cfc9cc6e0355cd07ca3a26965c4df55987
36669 F20101219_AACKVQ zhang_y_Page_138.QC.jpg
f38a2bc31da65f8e327e8326bfeb8213
dc8ba742f945c91da1220e137760e0110cc31557
127648 F20101219_AACJTC zhang_y_Page_024.jpg
4d240a52a64496d5bee5b01ce05e77ee
bfb663908d2f897be4e3506a2fe05d22bd4c9877
4000 F20101219_AACJSO zhang_y_Page_003.jpg
386ad3a75f7408aeb9959c7c1ff8be63
4809676732dedae9bd88081423c66891334312a4
124367 F20101219_AACJRZ zhang_y_Page_017.jpg
d5b5e3ce138d31853247187d37335d0c
071a7b77cb35cc0f8d4028ac25f76d0d7cdfab81
36405 F20101219_AACKWF zhang_y_Page_154.QC.jpg
9d1bbb9640f0c563bb3a59117e571f9a
36dffddab3a7d1c5c3d44bbd857c17c0aa37f1a0
35724 F20101219_AACKVR zhang_y_Page_139.QC.jpg
6c8e1db4a4e7d9c7dd70d9de128528e3
84e55c10cde8e3741de2d11bb1a82485a1f73bd4
122532 F20101219_AACJTD zhang_y_Page_025.jpg
4e6c373c685e849c7e53106f478505a1
7f7f517c5f637d9f916d3a2f7ebea07b8b2ef4d6
67309 F20101219_AACJSP zhang_y_Page_004.jpg
ee47f5b6a225b0f56cc76cb452c8901f
36bb268a1835c0b4642bed1ad718018b8df44d70
2746 F20101219_AACKWG zhang_y_Page_155thm.jpg
fc998635266df30ae8decbcb908e2c85
8dcedf9e4e1fb14be065722ef00e6fdc3974cbaf
8002 F20101219_AACKVS zhang_y_Page_140thm.jpg
03fef405960b89019d911535ee6e5ab9
be9dd283478879e9b719ed164fccb6cff178c76f
125866 F20101219_AACJTE zhang_y_Page_027.jpg
384d83e99de89d352f0f15f2bdbd856f
00c7a1fd41c4aee916c99f135e88802386f171ea
103980 F20101219_AACJSQ zhang_y_Page_005.jpg
4ac9af9be863725d2a79fb24ac54b00c
3c5e28acef09e6857a1eba43a01cd11c7b055088
4418 F20101219_AACKWH zhang_y_Page_156thm.jpg
eaf61321cc02142da5d30f6c0e7ace6d
55177a7710a33af12207cd690bf9b272e7d6ea82
33252 F20101219_AACKVT zhang_y_Page_141.QC.jpg
cbe547b23552ccdc9fc5dc8cfb32a524
341ebff2cfe0d4360ed1385e8c36da710e8b6f6e
130264 F20101219_AACJTF zhang_y_Page_028.jpg
947be1305e96921c9ac6ecb9532b9e86
bc6e2e5a0c49b243107e089b0cf92b32842211d1
140878 F20101219_AACJSR zhang_y_Page_006.jpg
b0314132792cc5b32621e77784999ce3
7a3d40259bce8b5799c66c7313a06cdc9d53bad7
31617 F20101219_AACKWI zhang_y_Page_157.QC.jpg
8eb2492bab51cdffbbcdb95d1703a2a7
3be6f26b82e91e08c7ce725cbad48a8f9f827863
8055 F20101219_AACKVU zhang_y_Page_141thm.jpg
0fe51b29fc98fd7848e81992e1511a02
0b5319d42feda4deb2ac99605d9e4b2ec2f18b13
131475 F20101219_AACJTG zhang_y_Page_029.jpg
d1af410ca47c05aef8500e0694123f2d
2fcb6444bdeea5c6504d53385c49d8039ed9ac0f
124851 F20101219_AACJSS zhang_y_Page_007.jpg
74f664e47cc0d7025dba7c6ae341c775
4531cda0826d31fba07fc4ed2276e637ffbb85f5
36952 F20101219_AACKWJ zhang_y_Page_158.QC.jpg
09ce35654b366d46bb28a5f2312625b1
0bad4e2c6a3c9b45093a2018de31e691d9fde056
33491 F20101219_AACKVV zhang_y_Page_142.QC.jpg
d5adfe77568dae8196968936a6b3f7ec
889ffba7d31514e5cb20cb1d7e3d8b647bfbccc3
124201 F20101219_AACJTH zhang_y_Page_031.jpg
aecf1d7a6d75fc7a1bbe8c44c943cfc3
30eaa17fbf4ee79a71d3221b449de241a96c0799
100947 F20101219_AACJST zhang_y_Page_009.jpg
ee2faedc6284665f67ff4599f6ac64b3
d30b72a917ca19ab6972a3334293bba334a02cb7
8839 F20101219_AACKWK zhang_y_Page_158thm.jpg
0c75d2cbb298e7419bf35c5cbedb5d6b
5b68b42cd908d0153b949dd55f912b97a3356aad
8137 F20101219_AACKVW zhang_y_Page_143thm.jpg
9361b28570f1f5633d85c85291dcb33b
95d96248c890f5a83d92e483e3a9170d3d2f3d0e
125934 F20101219_AACJTI zhang_y_Page_032.jpg
a40e88e9eff82fc4e62980d4dec155da
12b9fdcd52969270b1a2e97cb004b788a95733d5
92032 F20101219_AACJSU zhang_y_Page_010.jpg
53b67d7bc77421bf8487b1fea92740a7
d5c35f12f09ae916cab038f7c25f72c07b932018
35568 F20101219_AACKWL zhang_y_Page_159.QC.jpg
2c3b228be92d04c96e0a1ee910e99372
6e93ad0e30288ee410af6a3fcf73624ac8da8b0d
8334 F20101219_AACKVX zhang_y_Page_144thm.jpg
bc31e9ca0bb3a8cde380353f283cc2a7
defc35f1d7c753db170dbb428940a564ac4818d3
116848 F20101219_AACJTJ zhang_y_Page_035.jpg
59503e6b195f961ecd67e30b6f74311d
fd9849e0635230f7154c41048b23bcdf988671ea
130248 F20101219_AACJSV zhang_y_Page_012.jpg
0461cf4d8f4b3fbc432efff21012ea5f
9cb4ddb71e6df97d9af1e0064f74da2d990fbc7b
8464 F20101219_AACKWM zhang_y_Page_159thm.jpg
458c05bd059fbed4b36c3c32f578470a
fbdeead1ce45ef1c909612f6cbe2446e5a796065
8929 F20101219_AACKVY zhang_y_Page_145thm.jpg
09e2205d7cffd31807ae7ff66b4e848a
a2d6b804d29da6423f5bb166bc67bd26f1f8cd89
129160 F20101219_AACJTK zhang_y_Page_036.jpg
ee8aeee758661e2aafadd96d0ebb4f58
e417f8b613a4a1d0e9a0eac2db3b450752eee4f3
131310 F20101219_AACJSW zhang_y_Page_014.jpg
1f89e68e0caea06b4b5a216d474747e7
678c7b09758ce40686fe99e1093371b19e460bbf
8710 F20101219_AACKWN zhang_y_Page_161thm.jpg
bfadc0b7bbbd275179dee9f4bdbea46f
a976eed106d4fc0db1820c03bd2d9b1ec4d78b7e
34662 F20101219_AACKVZ zhang_y_Page_147.QC.jpg
9cd51188dde3067b909ead79fb965a80
2cd48f06b21f5021c70da8f80110d0ddadfda9be
119066 F20101219_AACJTL zhang_y_Page_038.jpg
66d292cd6178d1229a64fe49e9f5aba9
9c495291b5e2b361a1ae1c883eaf3a4fe2edcd8b
19504 F20101219_AACJSX zhang_y_Page_015.jpg
b52dc15ef00f5ce442e8b6646f409c92
c704d37efffba60b0c7bf23633b4a4b22356d070
8466 F20101219_AACKWO zhang_y_Page_162thm.jpg
a677ed94016c76603c70bbe95c92dba6
599865dd9378fa3a3e02d625970dee5b36f350d0
127543 F20101219_AACJTM zhang_y_Page_039.jpg
0a3e2de900d62fe599dca6cce5de8111
361bd40fd07648a7543749e2893fa5efc619f67b
114689 F20101219_AACJUA zhang_y_Page_058.jpg
32e575feefc4c3e3e2595a5f198a5c98
0ed58d22eedec417a842bcf977efcf7514688035
35356 F20101219_AACKWP zhang_y_Page_163.QC.jpg
afcad9590538c3cbad7b3a82f3570f5e
15c642b574939237ee22293a1029d187634c6727
126597 F20101219_AACJTN zhang_y_Page_042.jpg
210972df81a136298c866f2fce3183cb
98e515cb0f487465a9e69bcd2603b9ac91b2fb3f
95535 F20101219_AACJSY zhang_y_Page_019.jpg
bf8497cf37a6800d0cc0f19092057b92
b74bf623a683773663bd9753e7e9e0ead79a1c75
113449 F20101219_AACJUB zhang_y_Page_060.jpg
89ae6f748d14ca9a7568a2faaef3ef91
91e574f104e6c7ad78254e598e969d28d69d6015
36660 F20101219_AACKWQ zhang_y_Page_165.QC.jpg
aaed9f0941bce291e6c9dee8a1e7ed67
f0eead7b10927c73a6ec892a0f9d04d8899b5c12
123441 F20101219_AACJTO zhang_y_Page_043.jpg
beeb8051646240575f0dd51cd8dd4c28
077524974a5846606f43a93e00d3c2c2da0785ae
110349 F20101219_AACJSZ zhang_y_Page_020.jpg
8c6a2533d169fbe1babfc888dff45236
019a1385c34914ce178b4c4e7c1db920521c6b82
116281 F20101219_AACJUC zhang_y_Page_063.jpg
d740e4f51a513dd45ec9f9b068277da0
375aa525c161dc52523627f73c1910e4a90af186
8613 F20101219_AACKWR zhang_y_Page_165thm.jpg
0935e878781a267350c17d4746cf4ded
96e87e05cc8d744feb0fb7b0138fd9e80eb4b1ec
68682 F20101219_AACJTP zhang_y_Page_044.jpg
1fa6955e35a31419c6c082369d5421c7
942221f6c0d733a831315bf012a423a15c1751ef
100592 F20101219_AACJUD zhang_y_Page_064.jpg
06e33b560cb34c2c472e6a30193713e4
e5d052fa7c7390cc8109f3f18a231010fbafc54d
13089 F20101219_AACKWS zhang_y_Page_166.QC.jpg
2468efaf9bf34c8b26ca3ea9bc1d913a
c3e55ba157392f3ff06dbc6af867a660826a8f92
124221 F20101219_AACJTQ zhang_y_Page_045.jpg
4df743c197acace59091fffbcfb4e55a
a836f03825a09b1515b346f10ad1107529ebd8b8
105603 F20101219_AACJUE zhang_y_Page_066.jpg
1d43ed32cfaf7ee798bdd8d4d462c7ab
edc9fa9d13e2bbcf4b4f32bb6701d0f3815f60c6
3244 F20101219_AACKWT zhang_y_Page_166thm.jpg
05342a546c1945d7766eb167d5c675e9
768ca9a96744bbb9193ce7c0f8b1507060acc7b3
135757 F20101219_AACKAA zhang_y_Page_119.jp2
b2e961dec3c03b89c2621dc09e908387
01fff5f2f22a35999e60d5895b69b658e2be6c07
121212 F20101219_AACJUF zhang_y_Page_067.jpg
c0d1dde76d76cf508509f91957987ebb
8c16553ca0b1ef34b99a1224da8bcb1e4ce93adf
122988 F20101219_AACJTR zhang_y_Page_046.jpg
f56056e345756136e5e20d35c665fd96
53cc77c3985758020d42320de202fafdea5f1434
12617 F20101219_AACKWU zhang_y_Page_167.QC.jpg
21ee6f352ee413ef504a9f11a6511573
9c5fcdf8eb6a6203e660ef2fcc5df55b4bd6b613
F20101219_AACKAB zhang_y_Page_120.jp2
d19272a698bc9fd2df22cdb1e8a6feb9
892dc28aba479858cb659bdb8a291adbf3eb90a3
96103 F20101219_AACJUG zhang_y_Page_071.jpg
cc7431456ecb30c21199a702d48d69e0
e8ede41dfe746cf2d8b6d38981e4d894bf66db11
121108 F20101219_AACJTS zhang_y_Page_047.jpg
18a3df4edbecf2f040a184c42db5e29f
8ba07b0d29c8ede7ad6bdf30fc5050df4cc1dda4
1087998 F20101219_AACKAC zhang_y_Page_124.jp2
4cffcf26fc6f10d4e5d7f9d83ddfa42b
77498e91fa0914ac7882f18bf6b241515972e6ad
103289 F20101219_AACJUH zhang_y_Page_073.jpg
28d7040288b5b65714e1c813f604a73b
e0c6f393c8421bc0b8aec6c189b5a0d8966788f4
115413 F20101219_AACJTT zhang_y_Page_048.jpg
55a8694e8539cb843c889ad4c26aacb6
86290a7baf1ad5e283c16051b6283cda3ec5b4ab
F20101219_AACKAD zhang_y_Page_125.jp2
d80c1d49c1519f2c54e3e381034305fb
b75f1c364031834680b5adaad21e0850d6dfac0f
92387 F20101219_AACJUI zhang_y_Page_074.jpg
7783a52e119da7113f7f82bb4c00b28c
b7c30d3d6e5b91494d148aedfdef82d008396cf7
111409 F20101219_AACJTU zhang_y_Page_050.jpg
55318e29c1e54e3fe4533eed8484b7b3
0d83aad227271a18c48a182a8e238eb1e1a49208
F20101219_AACKAE zhang_y_Page_130.jp2
cec47008476a61e958c4ecf2b33c5ee2
82427d100300e6a1380579fc7f7f19b1a691694d
120118 F20101219_AACJUJ zhang_y_Page_075.jpg
d0b75682b59d593965ad8e8803d47eaa
0c5a8984675bdf1f4d3abdbbc2ed0c9468213626
120796 F20101219_AACJTV zhang_y_Page_051.jpg
490de7249e625f4bb179b9f4a0eebc3a
81d6fe3ce8445829a06ab4ea6da280e7dbd44474
118203 F20101219_AACJUK zhang_y_Page_076.jpg
7e7b33d3f18bab92264001cf096c9b1f
05e65ab01f1560ea6b05218694153f07ed498f2b
121463 F20101219_AACJTW zhang_y_Page_052.jpg
da4a58655a3228279af82e0bb73e4041
a3eec419534a4d6e8244c9bd94395e157cdb92ab
1021743 F20101219_AACKAF zhang_y_Page_132.jp2
1e9cbba78bc195bfcf50d8cbfacc8d5c
8458160bedd51818d1f6f488a6fef7df33205d77
F20101219_AACJUL zhang_y_Page_078.jpg
379f036a6a79c4de592daf150548c8fb
926e78b3a91cbeae6a30cc0abc5077aeab060c6a
98743 F20101219_AACJTX zhang_y_Page_055.jpg
9e192fd6bfb96f9adb1817a7e242db21
dd4a0461eafca99b6db66a0b30397d11e432b64f
F20101219_AACKAG zhang_y_Page_134.jp2
47bd9996ebbd0c195667b0b31440aea9
3e74b2cfde98491b77c1be5f903195903196c032
106603 F20101219_AACJVA zhang_y_Page_101.jpg
357c98281ef02dca9eaa5e93e0396362
5111d18010b5b6293400d005aa845f989a7ffad0
130147 F20101219_AACJUM zhang_y_Page_081.jpg
0a1a8a1d5976aaa9b59566edb1ab5192
84ee174f3e9ca79eb3139a2a9ef5258f22af72bf
123505 F20101219_AACJTY zhang_y_Page_056.jpg
88b3ce0d68f86a18320b94e0d9a57bd2
0c0721f32ffd4f47f9ea40c6245bd816035baf62
122697 F20101219_AACKAH zhang_y_Page_136.jp2
960e514041259251ef80f01d0e57d276
5d96954b71763bbff809931c6f77f365c300bd29
117325 F20101219_AACJVB zhang_y_Page_102.jpg
c1d54cd8cf9ab2a8048ab2669df90083
960a9d75146f3f780123c9cb398d6eb752597b1b
119946 F20101219_AACJUN zhang_y_Page_082.jpg
bafee7361ed2052600b7f4e14ca3c20d
667ffae7500c7f7eb9683dae0ba019ffa6ca4f1a
903033 F20101219_AACKAI zhang_y_Page_137.jp2
0025527fbd2db6c849d7850e2669d19d
f94a1125cff1efcd2fafcdffde81d5169606ff4c
100411 F20101219_AACJVC zhang_y_Page_104.jpg
2e44d25b2b60359c8da6dce4a5be824b
7bcf398780fb30e4bd3b62d052a52cfb729dae65
127679 F20101219_AACJUO zhang_y_Page_083.jpg
f45db1529b54379527c92c0425218916
b7917ba5f8b2e104a87c5616fe8bc386523624cf
97749 F20101219_AACJTZ zhang_y_Page_057.jpg
9f324c47d1385583c3cf80e851521614
bc338448ca67dcb0a85602c07597bd0ee4f5a397
F20101219_AACKAJ zhang_y_Page_139.jp2
2b5121b2b2e44950d6effde136c51543
54f0174353908e8af475b843663890092c260121
93364 F20101219_AACJVD zhang_y_Page_105.jpg
17cc714bc33aad139576fca78256e1f7
d496460d87bb5c85d245f239590974f27715bac4
33163 F20101219_AACJUP zhang_y_Page_084.jpg
7b95529271cf67699d4b5a5a291ce523
1e9ea4751948fa96b5ee23f9cab170374d0948f7
1088018 F20101219_AACKAK zhang_y_Page_140.jp2
745eb6922be24e37ab13fdf8553510fc
c299455f5059cb33a63560da0c7994ea29aadfcb
127384 F20101219_AACJVE zhang_y_Page_106.jpg
0ab11c9bc5ec552ed859ef676443c59b
2e2d2ccf0fcc9753360883d6f532d6197e2b991b
109816 F20101219_AACJUQ zhang_y_Page_085.jpg
91e82c28d1e5b87cb70b57c563c3f608
bc6743944f44aa607101ed9c5f09fda06a13c110
1088027 F20101219_AACKAL zhang_y_Page_141.jp2
e0cf6f2b12f366e11fad7ec99632abb4
0af046c5b382c9769550fdac34e8ad41033c2b30
117883 F20101219_AACJVF zhang_y_Page_107.jpg
911223f839fb2ca08ddf5cdc5d4511a3
724e0769284b49eb390ba3f748050a21d1820f71
116616 F20101219_AACJUR zhang_y_Page_086.jpg
985c6d06ba9e4c4124af9c8437f55666
dfe43dcbd75823575f1a7a250d47df85cbfa1a39
139286 F20101219_AACKBA zhang_y_Page_161.jp2
96565a8afa2918c18255615acd405d3b
eda2fe07176b1fb2ea0d098b129977b08feec6a5
1088002 F20101219_AACKAM zhang_y_Page_142.jp2
41982bab99ea097d2752756f675cb3b8
f632137ba8ced2f49207338be1cb0c74a6652ab5
90188 F20101219_AACJVG zhang_y_Page_108.jpg
feef3c3f92e84d70b31fef0e7179194f
a7db713a3a061eaaadcafee09b12e07cc012e4fd
105763 F20101219_AACJUS zhang_y_Page_087.jpg
349218f7813add2daa046f806d57e0c7
f207050d051f8725d8e473a58dfcaf928e55799a
134511 F20101219_AACKBB zhang_y_Page_162.jp2
3234265e168d4f8710a1c8f4675b9685
ea8f6dae1504fe4828cf84a01dda1a73f3a985f3
1087980 F20101219_AACKAN zhang_y_Page_143.jp2
324ab15efbcf9cd458f9f88335ed0f76
2be7c91318353ee0fcda103c36c4c61560b1912c
107881 F20101219_AACJVH zhang_y_Page_109.jpg
57e1ac317811da6da392a8cf7f314735
6dc9297b87fbc0d7e950cf4dba23ccef7244b5a5
112524 F20101219_AACJUT zhang_y_Page_088.jpg
57552eea4fe9318ad7e97f89534874c5
ce70895f2695f42475ddd2c7bc2e53bce983c5fc
141688 F20101219_AACKBC zhang_y_Page_165.jp2
23b9e1bd1df803f93ee68ee341a33637
7bd2aed88928cfca49af402e555f3306bd8280c1
91136 F20101219_AACJVI zhang_y_Page_110.jpg
413fd1f5b4168f36ee7dfd2d56f9d112
560aea59382312cef934698df414c9c6c4369281
93163 F20101219_AACJUU zhang_y_Page_091.jpg
54673ff90b3d2f01356a7cd5f88d2bef
f13955b7583b3425581b688d375da33557d89953
50448 F20101219_AACKBD zhang_y_Page_166.jp2
8600e27ddf557cc7a448690787ed6801
1179b191948cd1c804c0c4b40b316d540632bf3d
121323 F20101219_AACKAO zhang_y_Page_144.jp2
a9ca58c2253a225f660b46f0cda1f84c
e6b3c5692378153552a1b9e007c4ca37e00e09a8
122838 F20101219_AACJVJ zhang_y_Page_112.jpg
3459b9595993fd264f12ab235809a573
31d804f49cef02912063d28887c3b5e278ca471d
123540 F20101219_AACJUV zhang_y_Page_093.jpg
1db676e4964456a9d2f59efbb8e124bc
ef0719c1644503fb9088380a69fbfd5dc7a7e991
43135 F20101219_AACKBE zhang_y_Page_167.jp2
7f9c974b7e5c3e6f01d674a9bf146f19
ee4a51553c83637853d9429ef5eaac4643c0d51f
994458 F20101219_AACKAP zhang_y_Page_146.jp2
d2df137db1762b62af36c01fb904d1fc
4029647c8f85249e3f0633d16e703c52e33c7bff
128989 F20101219_AACJVK zhang_y_Page_113.jpg
57810026fbcdf062c18d5bfe1481a979
a1fe7bb6d55713a0d02c895f04a977eb427f0ca9
F20101219_AACJUW zhang_y_Page_094.jpg
5cb36a57cd5a1541c9741d7378240966
52694c9256a5105db7c1c67102b9b75290bc41bc
F20101219_AACKBF zhang_y_Page_002.tif
fcbf11f5c4efdad3dcdf7b4922ef35ad
6adfc9cf61b907567b22e7567bbf710a2e7c08d8
1088029 F20101219_AACKAQ zhang_y_Page_148.jp2
b4d89fd036fd75e3d7591f7023815890
3ece09b221d79d135da02b383f2e0b472ae3a31a
123475 F20101219_AACJVL zhang_y_Page_114.jpg
186f6484a3bf25df9ed5e6aa862ccabb
204aae4c87b25efce7d12ffcd12d2d1a23015e44
114426 F20101219_AACJUX zhang_y_Page_096.jpg
84d3604fcd6863824865a32d6cc3cc0b
5c1a1e705967063e923752cdd80479577ce00eaa
124560 F20101219_AACKAR zhang_y_Page_149.jp2
665e2d04280574f2336e9977bfa0af50
818ff75df1429ddc93138024eb69f50ddf6b37a8
101812 F20101219_AACJVM zhang_y_Page_116.jpg
72e6a5ff85822e12c1331ffb93982a4f
56d994563a7633552a480651e699d5c18e307ed8
102994 F20101219_AACJUY zhang_y_Page_099.jpg
8c5ab99e8c04bdd997114818169d98e4
6e8550bef0898fc12e9ee30f48ffcfa79f6aec93
F20101219_AACKBG zhang_y_Page_004.tif
c854fc308d2fbcbc49d9085d7ce8b96f
cd8550e5cea0fc7675da375a2237cc918053f084
115604 F20101219_AACJWA zhang_y_Page_140.jpg
bcec5550073f8c71e60628bdc2675d17
124ecd467fd6885c69c8d259e68a5a815c2183a9
1088007 F20101219_AACKAS zhang_y_Page_150.jp2
83fc02615c1715691128f5e7e706de0b
ebb423d050172ee418ad9d56c8e038c921c0bbc2
94379 F20101219_AACJVN zhang_y_Page_117.jpg
dee609feeb14c4fcf76fb878adaaede1
cca255e0de2133c200798d8d732a6cf31e07149d
117591 F20101219_AACJUZ zhang_y_Page_100.jpg
0c73f7dce5bf82711d3e7e785d0ef4da
5de9fc162f500bf44bfd7bc02db80567dfad21ea
F20101219_AACKBH zhang_y_Page_005.tif
232e6ab5e5136cbf4c95836338c85e6a
aa5c1848fe66dcdb83cccd579cdb6f9ce3ef1ef1
107213 F20101219_AACJWB zhang_y_Page_141.jpg
e3c3adba533643557d224e3a56cb2d8d
c3b039000ce9ebb210c0ba928b2b5151ce579595
116287 F20101219_AACKAT zhang_y_Page_152.jp2
e283ffd0f8fdcd509c17a9e17c4cabec
7a422d2498ea377837bb3161bd7ce48eb191af73
123615 F20101219_AACJVO zhang_y_Page_118.jpg
5cd5e5a83e8cb38367c050b787fd3b9f
f7550fcc4e3b389e364646cb697572d25f979337
F20101219_AACKBI zhang_y_Page_006.tif
5856c94c45f323e833f27e4a56e525d5
c399aab537c80f53886543be083ab777d2b5540a
108024 F20101219_AACJWC zhang_y_Page_142.jpg
cace8e75aa5cf54732de73b632a9b733
dba20a49caa5e010fc60f151e8c94df94c3b86c4
1087952 F20101219_AACKAU zhang_y_Page_154.jp2
aa543659871ca6dd15a5638b959c7b32
96e5d91a27db9458efd01ff48d4a41c537506ce2
114693 F20101219_AACJVP zhang_y_Page_120.jpg
5ae3655b4817be2fdd47cf29c10444fb
b20bc1b71f8a0a72f1b4406ec7929d416f8bd0bd
F20101219_AACKBJ zhang_y_Page_007.tif
3251f2dac6fcae7f64710c2ee537f306
d37e5ac65e8f0bc53ed3e11293c4c662b3fffbae
112119 F20101219_AACJWD zhang_y_Page_143.jpg
057b4adbbc2845366b0e1607bbb2873a
0b4943857fc1d6d63eec0ef969137b87ec67eecd
39097 F20101219_AACKAV zhang_y_Page_155.jp2
2b346a88ee3a45e39e6172dd10e8f63e
780864511e6f859866fdd6accf444523e8e56ded
102449 F20101219_AACJVQ zhang_y_Page_121.jpg
f889caddf1e6076c7cb5a944208cd34b
19fd6a609a9739460f150cb3899cb3a93066db87
F20101219_AACKBK zhang_y_Page_009.tif
89c39b9379931db1f58c4d645412569f
65348a554d26bcf0e61542e73c901177287c64eb
117379 F20101219_AACJWE zhang_y_Page_144.jpg
fbde7c3339d37ee411bcbfd87e0ccebc
1d34d3189935afc164feb173480b331bb25954df
116220 F20101219_AACKAW zhang_y_Page_157.jp2
9948dd672703f1fb0edfe23e2526737c
6c62728885fc31e3c4712caaee21656fa660429c
109764 F20101219_AACJVR zhang_y_Page_122.jpg
2e90fc2c0fab1837a3978b938a210cca
9f8833bc5a1960f63580495cee0d71a2c80f4c27
F20101219_AACKCA zhang_y_Page_031.tif
5e07b6401ba7c4b43805a52f1ff08140
4dd2dc5f31dd7f0dcd0be9a1977be244b6a14d9a
F20101219_AACKBL zhang_y_Page_010.tif
286be9f06841349f3e8e783ac9a895bf
6822a9bfd571ab7c3f4b2e8a30e54984c8218161
129562 F20101219_AACJWF zhang_y_Page_145.jpg
93627db15efda7044fb580bee61b7e7c
a71ab5affa11064375e9a4a03647dadd99c812b8
142628 F20101219_AACKAX zhang_y_Page_158.jp2
7ebc9951146b83596c50d8145317f975
f72820888befb18946c2d35528d8f89992df15e2
115988 F20101219_AACJVS zhang_y_Page_126.jpg
35f2ba4446d25ac64aef5c58db2b39f1
48359985a43ed160790d6ec3279ba4fb14c955d7
F20101219_AACKCB zhang_y_Page_033.tif
b905ac3570c192eb6d5882cb9cceb0c2
c0586f2293cb763e2d895bd5433c699977b9558e
F20101219_AACKBM zhang_y_Page_013.tif
530b9b7d58d1c629615c28f80c81bdda
01cb2c69147f7969b777f6fdeb172d8b1553e96c
131064 F20101219_AACJWG zhang_y_Page_148.jpg
b5e00f11369d67b7745e883b6220f1d6
371cc61005bc68ab819aa37b7cfd9742dc3b060e
139824 F20101219_AACKAY zhang_y_Page_159.jp2
646b41dc7ca1dd4fe44595d7af760d03
9629cdadcd426d76f51ec38bda8f5d38ef5cdd46
97067 F20101219_AACJVT zhang_y_Page_129.jpg
9ef6b943e4f6fee6142609ebbfec214e
e3f60b5e77210c3c214ea65b5f643d5725e82522
F20101219_AACKCC zhang_y_Page_035.tif
b111a17f34b1e1a890858079f0e24fc3
d5f5568b46bc483aea8bc93628dfed7b11aed6b3
F20101219_AACKBN zhang_y_Page_014.tif
7d7efe083d870778bb59e429f078478c
6fca881ce4810a39ac9ece86901979ec90f1c5d3
117511 F20101219_AACJWH zhang_y_Page_149.jpg
aa9fc5d306278b6644743d82c5a74634
c3b85d1b1f8d96b7676349c53857023b6e9c1d30
142206 F20101219_AACKAZ zhang_y_Page_160.jp2
917c03e889a13ed35941b1e916e92f73
c3e0641cb7fc56932339842996aec4befb42742f
103153 F20101219_AACJVU zhang_y_Page_131.jpg
73ef0f8d13a46993ba12bf251efadcc7
5925bf6dfae176fad2cf4c67e4bed6f45f6dce68
F20101219_AACKCD zhang_y_Page_036.tif
d862400410f129cfcb85faebbe1732f7
1120a11be990e3bd2c21a614a75c448f0b3d7ebc
F20101219_AACKBO zhang_y_Page_015.tif
7f8b5c4ce7c0dbec48b7b1ff5833e83c
e672e9275649d49264692845e5fe13d1c543969f
114373 F20101219_AACJWI zhang_y_Page_151.jpg
e865d21985822f8f967a4efc250aec2d
95011efeaaddf92d2e2b18097289345ccdc3225c
112989 F20101219_AACJVV zhang_y_Page_134.jpg
b8fea83d9bf2f39df3bb0f0527573c7f
f93f3e6a2ac82841413dd77831cf9f08ab6bce0b
F20101219_AACKCE zhang_y_Page_037.tif
e3f6367bb5fb1c681133206c1daf585c
c8a6debae446ffe2361b50e1bf8c66a7b3339f6f
F20101219_AACKBP zhang_y_Page_016.tif
a14664f1c65c5a31513008fd117fd47d
5cc2049afaef2eb5d08e5655a684a85d9c5347ef
108495 F20101219_AACJWJ zhang_y_Page_152.jpg
f2558e12ed6becfe77190c69c70ecf20
d6ac4db4a7c8c0574cbc81ab7f103288be5e2317
120405 F20101219_AACJVW zhang_y_Page_135.jpg
902319b6f18334c98d248cb7ec242e03
3832c7de6aa13afa6789e0b530e08bf155025d18
F20101219_AACKCF zhang_y_Page_038.tif
c036e6c005cfa39ac2ab66071b302d4b
02ea1cd8e57758d63c475d58a8ea316acb8766d5
F20101219_AACKBQ zhang_y_Page_017.tif
99f95f4e0dc3b516e501ec479489b475
97a100a4f7e3e3f6d935fd7da7689b5af0898d5a
100954 F20101219_AACJWK zhang_y_Page_153.jpg
3583f08f22414b8c9078f4284d028ebd
c6b95dd4572b05c7e8341982d6599c76f163451c
86511 F20101219_AACJVX zhang_y_Page_137.jpg
6070f08ae05e150da711140dcf431473
1f8fb06adb3b0484be85ad0b024bd5e6b1dfc483
F20101219_AACKCG zhang_y_Page_040.tif
e136b4149f2bf6dd48cc1b68dcd0e9ab
e374c7334d8350b018b7290f1d0af3855364ebdc
F20101219_AACKBR zhang_y_Page_019.tif
5f92cd3decba5eaaa83a4c4bf43dc206
613e299a5bc475ac8d41509a51f19b6e1b1c6535
117554 F20101219_AACJWL zhang_y_Page_154.jpg
18f9bde1a4f378cbe7f4bdaea36c8384
46db0a8f260b26becffca1af0d915f2fa23ba6bb
118901 F20101219_AACJVY zhang_y_Page_138.jpg
01707a5a99ab61bcbf5b38ce312f6e7a
e393801e71b6895ddc01d059003e50530352d0eb
1087995 F20101219_AACJXA zhang_y_Page_006.jp2
479aa587e18cdd6c89c011507c02ab59
5420438997129e49b27421ce7952f635700d1665
F20101219_AACKBS zhang_y_Page_020.tif
2b52c97ae8151b4cf5d81a0a0b5686ef
0a69a96b2b4ea1baf58014b43d42345f0657f25a
37258 F20101219_AACJWM zhang_y_Page_155.jpg
d657c10d2023da1d5557c6a8d78c5c60
898cd65394c432a3a877419317e8933c408722e1
116187 F20101219_AACJVZ zhang_y_Page_139.jpg
a4f119f4cce41c9a7eedd627e199b05d
76ee3b23abbe9cbb3021e7beb13d8e1fd958dbd0
F20101219_AACKCH zhang_y_Page_041.tif
f9b9818fcb61a20764e608301ec1dd96
74da28f4ccecebfadc106beb0499afd9ca359eab
F20101219_AACJXB zhang_y_Page_009.jp2
eee17cb43c542dde28a123b771f14e02
aad9b88b1d54e722630e0956a57b01b6c2a0d895
F20101219_AACKBT zhang_y_Page_022.tif
7459ccbadc77ded38f918cd2f253b65c
903fbfcf5161984f5a217dc278820747f810b6ae
60696 F20101219_AACJWN zhang_y_Page_156.jpg
a4ec6a399c47af02ecd6f3327da71924
2f153337769449119fc4331c4598d1840dfb8c79
F20101219_AACKCI zhang_y_Page_042.tif
fd8938f8392f33351cc8673365129806
39dc5f2b0d03125fd9f65b6d2afd93cfb1201f8b
96505 F20101219_AACJXC zhang_y_Page_010.jp2
97b7209cca947fb3baeb1a7d88626fcb
5c59b523fe93d260f7086b064dd1aafcde56c89e
F20101219_AACKBU zhang_y_Page_023.tif
11e47370fbf65cca26bef315a54cf819
475cea1cbe68a4c01cc626c3331dafa37e3ec369
109946 F20101219_AACJWO zhang_y_Page_157.jpg
19d2f4008d58c658088115445cc0654a
a25ffa4d2042f4c1914a724f2391d57596078179
F20101219_AACKCJ zhang_y_Page_043.tif
5082dff7650ebc9c682a1bb6f48e9310
caee0c1dcdb5ecd1939c4183a683d821e8b180c3
1087969 F20101219_AACJXD zhang_y_Page_011.jp2
2ea3a9009d432d79f5a89e53dc876252
93fafa851dcf24c763d1fe21bd4b67703a8a0014
F20101219_AACKBV zhang_y_Page_026.tif
8217bbce7a9895168cc49326f7dfe87a
d383082ce2d282d83b905dd2b3ec453e42e42aff
128686 F20101219_AACJWP zhang_y_Page_159.jpg
033a822325ddb82061e6d50cefd6ee47
eb8ab86d9434e82d51bc4961bbec1568518bec88
F20101219_AACKCK zhang_y_Page_045.tif
c9be78c5cb77a8eaa7a648a305ef5af5
0879d0027f3744aba26e7ebe54d4b07abeabd7bb
1088003 F20101219_AACJXE zhang_y_Page_012.jp2
e0ddcf5ed5c1d2d82e996d4be8d30358
4c7af3a18832206da1e4635d87819fb37d2ea37d
F20101219_AACKBW zhang_y_Page_027.tif
96c616e18aa3df34b934101e4890b3df
9f6f8427e969bc84c08c688782153d5af8a45ed9
131227 F20101219_AACJWQ zhang_y_Page_161.jpg
8dfea78dfffb0ca1e1c4341003d5852f
7cd325796046b6ae727879730d532b32dfa73625
F20101219_AACKCL zhang_y_Page_047.tif
af8cc453242da65a1ad194cf2585ac5e
f6215b4e1d26124a49f0304a6e18690cd7cc4fb7
1087944 F20101219_AACJXF zhang_y_Page_013.jp2
a895a8de0ed3daeef5d317539e7c829b
777ee1bc4b1bdc3d89ac75c0331f52f504b288f9
F20101219_AACKBX zhang_y_Page_028.tif
e8ba280f79d3ed4f82695b086a75cf89
0360fd5255c54b8909108b3eac67cb221fb3626c
126781 F20101219_AACJWR zhang_y_Page_162.jpg
cecdc3aef527a7d64f1c15db11e783f6
7f1f8fc761c99f22c0a3068f32f40d22f91f0386
F20101219_AACKDA zhang_y_Page_069.tif
6291cd29508c10fc0027a18b1dac5d32
059e6bb9bdf0558dbf443d654df5f5f79bd44080
F20101219_AACKCM zhang_y_Page_048.tif
b4374d3c5a6da76a4e02d5d6fec17b8a
cbaac686171fbd0ef4ccb23d4bf053dbc58458c2
1088013 F20101219_AACJXG zhang_y_Page_014.jp2
82d27511a67f9e619ca29fb195d4954e
a45e7310551c0a2f8192b5adf94bba3d01502704
F20101219_AACKBY zhang_y_Page_029.tif
f9195ada235e50395d80f95f87181308
39fd38bbe4b142fb81ae4984263b9d1bcab63ba4
126821 F20101219_AACJWS zhang_y_Page_163.jpg
42a10f3c9e9ccee2f89d000098e3d9a0
812cdd272e2c0b3a067bfbf3f944da434718ef0b
F20101219_AACKDB zhang_y_Page_071.tif
fde826a7f37f6f5ce17bf0d92752c480
645f37bac8cc036e65fe66543b8aaae75b50b3d4
F20101219_AACKCN zhang_y_Page_049.tif
c964c4b8fef5a278f86c5d809f3414f3
74407265b0b3250bf2678aa80ada45b3329bea36
941837 F20101219_AACJXH zhang_y_Page_016.jp2
abaafe590c7fe57b5e3b35c6d09b63e6
28798dd3f465eb811b7472a1ab42accdc64520bf
F20101219_AACKBZ zhang_y_Page_030.tif
c31d4f713bb8284e637979157432ceeb
1f811a38bfe0d98e716a94e29813b62a6a7dfaac
131502 F20101219_AACJWT zhang_y_Page_165.jpg
bf5d86b31e9ccd0a08a6f9caa0edea19
5c722b4721049008b91b476b82cb81cc792615a1
F20101219_AACKDC zhang_y_Page_072.tif
b571e2e5e2157746ff82f080ef426f2d
164d32801b03bf44d2f67fb39f3e82945c272402
F20101219_AACKCO zhang_y_Page_050.tif
54b1c3cd7a3cb0c197ae293a62e30a76
e3fb43d92d2f2b7fa9b7f552869d80f2e6018953
1087937 F20101219_AACJXI zhang_y_Page_017.jp2
adf18cc44ca641562ac2a2d8157de979
f1bcf703c84ed508bdef1c1412f5cf7c5220c2ea
47886 F20101219_AACJWU zhang_y_Page_166.jpg
cff04a5d9f09b3263e95a097b028b293
fad28d9afe381634e55b72994e972415f0207635
F20101219_AACKDD zhang_y_Page_074.tif
2d6335384083a881c611a184883e4836
9a38b9f4a3182ab15497434cb709a460e1eb1670
F20101219_AACKCP zhang_y_Page_053.tif
787eab42dc79abae609b8434aa88bd83
9d1ed8ea8091aa9432e31986e509e15639b49b62
1088004 F20101219_AACJXJ zhang_y_Page_018.jp2
9ebd3a9e045ffe41d23f0a4b45854516
540dfef0ecdd5f6a9ca8404c5a1126778591d522
41812 F20101219_AACJWV zhang_y_Page_167.jpg
ee1c09792dc439ab94188d9319fc0baf
0be235381999ca1686f6e7bd1d3fcc42567b2781
F20101219_AACKDE zhang_y_Page_075.tif
b5bfd3bc6a32ccf68cf8724a161278b6
2a14d4abadf7a0238ae9ea23900e065541ee8fcb
F20101219_AACKCQ zhang_y_Page_055.tif
a321519ad74bb2e5966b32fe75676541
2bcaec79dd64ee2e23ab514fe20d6cfee595a338
1031287 F20101219_AACJXK zhang_y_Page_019.jp2
fc5e63a10569326eb5cb62fb6d5c8883
767e5568e859ef6879fc7a97461594b890ae06b0
23083 F20101219_AACJWW zhang_y_Page_001.jp2
012a7052b07391b6b7833d9c0e24457a
c04b75f7a4398962b90ddf0a34fa5452d58a8edd
F20101219_AACKDF zhang_y_Page_076.tif
27d98fabfdcc90b640c826caaf8b4e53
83a49834260b354d18d4c0227094c288298e016f
F20101219_AACKCR zhang_y_Page_056.tif
403596dcd38648ffc6235e1f9cdb7868
ab78cafdd1cbb03a1abb5773fb4235c040130c9c
1088016 F20101219_AACJXL zhang_y_Page_020.jp2
28b48c01659e1a3f553d93511a761092
cda0cda7e9ec3a931c0797653544cc1b5bd1b792
4859 F20101219_AACJWX zhang_y_Page_003.jp2
4886b13f369fee5a60f432fbda4c0e0e
4e77eec231bd457b181f7b8b42bce4c04d3ed1c9
F20101219_AACKDG zhang_y_Page_077.tif
d972750bb5d76cb46dd8b2d97508fb1b
df89ee863fbfc63546fc555b4e477411aa320046
F20101219_AACJYA zhang_y_Page_039.jp2
0d25540a904fdd85807050c3db09a404
623f61d490223fe36c8129b8cd80035db78a9538
F20101219_AACKCS zhang_y_Page_057.tif
33fd28b5ef9854c8b393c96dae05caab
2fd8ce76ba28679427d99180cfd76e5272f8a299
F20101219_AACJXM zhang_y_Page_022.jp2
0d3e23245b4ee19df2e6d36be1c86a3c
b443043f1c7a7c785a9ae15fa6f5b466919bc22c
71669 F20101219_AACJWY zhang_y_Page_004.jp2
4dfe29b5eca2bef0f7fcbaae04c46c64
27330f3d572a75d6e767c5a78f061b3303ad7f02
F20101219_AACKDH zhang_y_Page_080.tif
07b1ecec682a2fd4614e4b53dddafb9a
38b2075d81cc8c986bbe718f684adae49d2055fc
385947 F20101219_AACJYB zhang_y_Page_040.jp2
8e6aa6839eb1079b851a1e612d8a8a6d
b0c49cbdd3c20e43448fc6bd95139c3a132a377d
F20101219_AACKCT zhang_y_Page_058.tif
ff06a80685c5115e9b1016361369c8c5
f75c68ab4eb0b4464082f2cf247ec4ff46ce051a
114001 F20101219_AACJXN zhang_y_Page_023.jp2
6ed63d7fea89e5a88923c1067d2ebc6a
9ee7bdb39b6de6961b0b1ec66409eadfb6f69302
F20101219_AACJWZ zhang_y_Page_005.jp2
514299d15f45471361754412661ae60a
da672579e259e729e6c928dd4bb565c60592a440
F20101219_AACJYC zhang_y_Page_041.jp2
0be37041ee0d3ca4e0bb6c0a68f1c919
81f80959cb352a825a80b9b92e4f6dd06a49419f
F20101219_AACKCU zhang_y_Page_059.tif
574737b26b2255a087bf8350e542f592
f6ab47494222e28f0e0063b6ccee8c9dab45efd6
1087987 F20101219_AACJXO zhang_y_Page_024.jp2
19e0e54904f8bb62ca07c63c347c07df
93f99f22f08581a5fbf4a7ea9757324b987fb4ee
F20101219_AACKDI zhang_y_Page_083.tif
1099ee5c7070cb80c1837e94ca2b88e1
228faf5cceb379f60477854eccfecb4cdffab41c
F20101219_AACJYD zhang_y_Page_042.jp2
7dd0364e866d0fadf52b9551d294aecb
13f02bb4cfbf2ad624336c1e0c6d8fda4a71778f
F20101219_AACKCV zhang_y_Page_060.tif
bb75ba94c76889e33e10b108cccbf657
2b8b7344addfc17fbdbdee9ab23cebd46043fd1f
1088028 F20101219_AACJXP zhang_y_Page_026.jp2
ac0e0dfd3aa5b59432d20352af9918b0
1f6c753212da1de8803441211eb65427c1a7b3b0
F20101219_AACKDJ zhang_y_Page_084.tif
e875d95865bc4805bccc89727c895526
5774b543d93d1e0464a2fc42e80b48e5cbd6b15d
648188 F20101219_AACJYE zhang_y_Page_044.jp2
97dc3ecd4f175db0fc2f4b0e3b3ae0af
4b792eb36d7364ae1f4b73ac3897870365eed3c3
F20101219_AACKCW zhang_y_Page_063.tif
2c08c9cf7b824d344bcebf405fb2d8e5
84b5ccb8e794dfcc18dc0124b7b975b068c5d2b7
1088009 F20101219_AACJXQ zhang_y_Page_028.jp2
4488680c5b96e3790b33ecaeaf9be698
aba7b3308b70d41eabc509c4c017c292e8064917
F20101219_AACKDK zhang_y_Page_085.tif
ec0d51868f7afe46916367e5b03ed0aa
1a474cdebe7471197206855e6ed17ecc61fb3815
1087985 F20101219_AACJYF zhang_y_Page_047.jp2
1b5167ff83902d41154dc6a42e1657ba
b45d8536c0e0ff9e3404648f69b09c6daf2bd492
F20101219_AACKCX zhang_y_Page_064.tif
0df02246a53d74957876136c1937a629
c2a28c44f309aba06aa6b18f7fbe263d80e99e42
F20101219_AACJXR zhang_y_Page_029.jp2
5e25c6226910e008336e3b463d06125b
06e25b7ab56861ec3956fbd0ddddb10a1664c1b2
F20101219_AACKEA zhang_y_Page_106.tif
8fb327898938ec57eaeaaa6a9643ca69
04a49279f0950482239922afa321fd165299e69f
F20101219_AACKDL zhang_y_Page_087.tif
2b35564997746db3da4a46b13eac6577
44d11819a7ce10e3c2ca44637c58bd2c72492a9c
F20101219_AACJYG zhang_y_Page_050.jp2
ad0066672e7d2da1951b2bb38e54659e
b19a7c355f3936bc33b739884df9587f98f76b8c
F20101219_AACKCY zhang_y_Page_065.tif
66759bcaf05ac5d6c06eddb6616a29b7
3ffec1ffd31fe97e0740dbd28931407273884943
F20101219_AACJXS zhang_y_Page_030.jp2
82793a37a5524693799e9aae254c77e9
23d0dccd7ed2ad441ec1d5d48c0ba8bc3603d010
F20101219_AACKEB zhang_y_Page_107.tif
f5dfe1711c57f788c06556f45ad5ba34
3cafc9b00240c727f9601cc1f09fe5d683566ada
F20101219_AACKDM zhang_y_Page_088.tif
a3bcbdcec0ec27d3baf02ce77c56559e
f7466024de0edd07eddac3b149e393536b0ee6d1
1087917 F20101219_AACJYH zhang_y_Page_051.jp2
b2c849796ebb2263514868bcc5657ec5
86d59b2aa1478cc6ede359efa1aa46d1ab33c4d2
F20101219_AACKCZ zhang_y_Page_067.tif
e7c7a7884b76e5afa5890df3e5eefd70
18e382844b00c0c9030d2ae5e7fdc6e612761473
1088022 F20101219_AACJXT zhang_y_Page_031.jp2
4d615522a31d5db73818252ec72f203f
805760f6ea70ed9bc2fa1b0d8fe57d0394daf7c3
F20101219_AACKEC zhang_y_Page_111.tif
bc8ddb03f68348135cd798fa09563063
9379f1607d7ce52f0dda8949e70256894ea30226
F20101219_AACKDN zhang_y_Page_090.tif
ef0875d0eef83d8be127becfc49eaa39
dd0394e7ef0c819f45eb50308feadd53a18053e3
133078 F20101219_AACJYI zhang_y_Page_054.jp2
0c1b9ed4698a4fbe5055a28306284b5d
99e779836de923d49b8f5f2847cc7017a283ce4a
132403 F20101219_AACJXU zhang_y_Page_032.jp2
d054b12ffe48a304076b0978f470ee97
ff8da107f69ee44ad6f37c126d933c60d93abe03
F20101219_AACKED zhang_y_Page_112.tif
07572ab75baf13743191b13650c67cf5
7f9445878efd814a63fc67c68cd8849c1ecbe80d
F20101219_AACKDO zhang_y_Page_091.tif
86ba67fa1c5bfff599360b763c35edf4
11cb716537d44e9cc5c63313a076d896f213eb2d
1048172 F20101219_AACJYJ zhang_y_Page_055.jp2
f313af749f450308f0573e4d24015351
ea7dbb6d95d5ceff963fdefa80d4aa8fe35a730d
1087968 F20101219_AACJXV zhang_y_Page_033.jp2
dc3ed611fc7764b41108583f1fca80a6
b0ef74b8702be5d9e9363bebedcad3576b004050
F20101219_AACKEE zhang_y_Page_113.tif
ebbe0c866887891294b0c928089eb4f6
82dce946916106809d8c7711112c69e22dc76b9d
F20101219_AACKDP zhang_y_Page_092.tif
47c83a792a5e32df9e2a77a5251e24a5
f625b6c86ead93de232c0b786a1f2d11bea74141
1087942 F20101219_AACJYK zhang_y_Page_056.jp2
9abc7252c7996b679f2d50ea2a57f85a
9eb6d925d988517b6f60761d662cae7aa9f6ea89
F20101219_AACJXW zhang_y_Page_034.jp2
de8af98c517bdf075bf2209e26c9b9b2
fca3f65f9f84159657e7c966a119d343a9169c7a
F20101219_AACKEF zhang_y_Page_115.tif
27de619f56ec9ba4906a61008a90a199
24cc8bd02108365ab24012177206b90a5064b393
F20101219_AACKDQ zhang_y_Page_093.tif
7780886ff42477d25284b2719327806a
e380e2e79f5fe4bdb212241bdde26d988212f1e2
F20101219_AACJYL zhang_y_Page_058.jp2
c125ffb62f85fbe24433b1ad2397c28d
8ac251c03c59a448832026b8e347133a7f6fba16
F20101219_AACJXX zhang_y_Page_035.jp2
83bccac12cdf72526b6f5d3c0bb50d6f
645908251e20016c32eb157206f457580e7ebbd2
F20101219_AACKEG zhang_y_Page_119.tif
397ac5e69322060a7056f5b070b4f841
1b3b37e47c4c5f9a315a8cdf92dfa158c7168fe2
F20101219_AACKDR zhang_y_Page_094.tif
5ab39cefd24b205881bb12828497f379
42465d3f72777703479834262380d5bc535e88c2
F20101219_AACJYM zhang_y_Page_059.jp2
9c1df889b3d3aaedf65e317335cb9240
2511cc0b486fea79ca8f87624b0addc06ae02736
1088005 F20101219_AACJXY zhang_y_Page_037.jp2
094d1b3edd3858692ac06cf54fab6326
519c8b42482da58278817cae3abd01436edca053
F20101219_AACKEH zhang_y_Page_120.tif
637ada13f02d15e9726d9e66500c09ee
a02cc78d8e616e1f7c8ceb162a036d027d7e5d7c
1074893 F20101219_AACJZA zhang_y_Page_079.jp2
99afeee03dfc9b48f252f392c7f34e83
cf34ab0b234284a90f4c941972978a9c7addfcb9
F20101219_AACKDS zhang_y_Page_095.tif
612233b33e90dafad18de2ceb6331437
39fd34bb24800ab70d7f91710377373ddf1e9ce7
F20101219_AACJYN zhang_y_Page_061.jp2
fed3ace3b903a739e6d2863f4588d22d
f900becba6d33512b1afc78921177aeef7ab8e8a
1087977 F20101219_AACJXZ zhang_y_Page_038.jp2
b3958eb78108520e2afa15371545fcf4
d541998a617120556bab09b7d10a1284d9697711
F20101219_AACKEI zhang_y_Page_121.tif
8e64e640af70ce4f02f0e42d0dee7da9
628de3722b27165740e613223ed6219741142b05
F20101219_AACJZB zhang_y_Page_081.jp2
2a756f9b4fafa09c5c2c1729fcc7c76d
26970fe5918a63c2fc7dfd2e930884dae1826609
F20101219_AACKDT zhang_y_Page_096.tif
6f1315c15d677a77e15be51e2f144e82
3972d78b7212ad2386d0bd58c434327a8f9e2af6
126973 F20101219_AACJZC zhang_y_Page_082.jp2
738e57e0aaa6d0ac30d3f5fcc0a0cb3d
d52b1be7b75f54978fa20ccda560224802a55b5e
F20101219_AACKDU zhang_y_Page_097.tif
1004ab34ddba4528f0d6fdd11a4a7c89
ff14c0cab5da39f7b0968de7ad5ac16044a82d3c
1087978 F20101219_AACJYO zhang_y_Page_062.jp2
249a1327290bbee4735784bcf5afcdbf
b839fc70cf07b4d91b725130d4a706801930660a
F20101219_AACKEJ zhang_y_Page_123.tif
1142fb5db8de3e172559f36b0132579b
56588af975ed1d9e3db92092cba571512088aab5
F20101219_AACJZD zhang_y_Page_083.jp2
f1e290feda774676625699a703e57292
59dea992bf43d3018ec90242cd2e4a8ad8feaaf1
F20101219_AACKDV zhang_y_Page_099.tif
e90393bb04c48cad1b8a17cc665f51af
27d89b7961cb152b27ff89de6428bb27c3748b6f
1088015 F20101219_AACJYP zhang_y_Page_063.jp2
ebcbce35d6a2deee641e562d8912d86e
e50a82a21881ca98b67e287e76ac7bb6a38cb428
F20101219_AACKEK zhang_y_Page_124.tif
01d8cdc38b76fc9a762700e2727abc07
332eb324e8cb8e9984bb4b0b9f2bb359b2814491
1087910 F20101219_AACJZE zhang_y_Page_086.jp2
55f8a14eb7bc0b40d0dfc052dd3fb0e8
02f6a7ee2fa72665a099fc54772bb82d60f1fafb
F20101219_AACKDW zhang_y_Page_100.tif
414d6dd46eec4d2e552847848bd48e6f
01a522182e34aa38fc55721e5e16577d04a21e93
1017750 F20101219_AACJYQ zhang_y_Page_064.jp2
de4968c8fcaf13ead317b0b816323721
ac6a79ee002dbc482a8c1626f0287fdef80b3610
F20101219_AACKFA zhang_y_Page_148.tif
1251711dde8b4e03b586b8e588a0df3f
942933955a0cc90c7867c6b559a6458e9a135494
F20101219_AACKEL zhang_y_Page_125.tif
0e6936e08fc37ba542bff234fbe6b1b0
4482c36d01bd5f5931ca8c9097874b43b0e7beb3
1087984 F20101219_AACJZF zhang_y_Page_087.jp2
027bc647286108126c5f443d4fc1c19b
48c58e1fbf0d117d0b250f1dfc952e04ad87dd7d
F20101219_AACKDX zhang_y_Page_103.tif
80e29a6e1d6de8b3abd0bc4421ef7450
25e86c6f3068913964e29a705015c53e09fcf698
1087988 F20101219_AACJYR zhang_y_Page_065.jp2
f4fbaabb60f56e0848cdf59992f31de4
d3ce520d035d3173d6c37cf3602e9036c4f20d46
F20101219_AACKFB zhang_y_Page_149.tif
75638701ba4cce69725654f4c0750f13
a2b8ad204fae4a885d5193608cc5e0b823d715a5
F20101219_AACKEM zhang_y_Page_126.tif
a80d77bf208490bd66b9780c92e3bec3
e3575dc3a98f72752401afd8ec8cf846b5b780c6
F20101219_AACJZG zhang_y_Page_088.jp2
b0611b513acc0c4e465b4ebbc106cba1
19c999dff14315034a769f51c8d5ab274b49c65a
F20101219_AACKDY zhang_y_Page_104.tif
c0140a2dafe81f246762cea57595f122
45b506515bd608efda29a122af41c0d7c3cb0ba2
F20101219_AACJYS zhang_y_Page_067.jp2
6e3d3490fcdf0c474ad48b86011b4c89
0de354ea7e42174170ef722731f0e6ed44cc2d2d
F20101219_AACKFC zhang_y_Page_151.tif
afad0f2225e5730f74363987e2f8d34f
10385838f6b4152e4fae8e977f5be6880d2f3e3c
F20101219_AACKEN zhang_y_Page_129.tif
3005ea940ec0dea6e0ea3aae1f9c57f2
e8e2c62a267e497430797443d3565c909f5fb960
F20101219_AACJZH zhang_y_Page_089.jp2
8db44f625a407a11911caf9a6a32cbd4
c9ba731a91b2884a7a2eed92dd04907478afcbf1
F20101219_AACKDZ zhang_y_Page_105.tif
5be2011f4d46d849ce617048a5a0a491
a5ffd4ac0dac4036e5150ba187b3644134931b08
1062304 F20101219_AACJYT zhang_y_Page_068.jp2
ab610952daba92c52881dca73b5a7500
66b6ffad41e5cf6d39483a90fa25e1395210fb4b
F20101219_AACKFD zhang_y_Page_152.tif
b3c83dd9fb244cbe51842e90edcf53cc
b26fc77c7c6a654365e02bfe251fc8602ef006cb
F20101219_AACKEO zhang_y_Page_131.tif
3d62a6e36e0c4bfb1bef907037434314
92e806601a695bf2aef50efb1f64f19880de8d8e
F20101219_AACJZI zhang_y_Page_090.jp2
9ea7527a2f48bb3bae3aa3fb39849522
3fdf9cd109320e36371a82979c725318f1ce0bea
1031791 F20101219_AACJYU zhang_y_Page_071.jp2
2923068f113c4496df7d38d375f6fc09
0799f8eb3745dc40305c5dbbf16cc6856d51b4e2
F20101219_AACKFE zhang_y_Page_153.tif
928990d0d687fc26f72be68eb0e9809d
f6bf80f6fb2852e408fcf89ac9d9e4c31209c357
F20101219_AACKEP zhang_y_Page_132.tif
ca1eaf1219dd0d9647318a077d6c0c61
e72eb3535b0b53a8f3cf0c346189fee516870495
F20101219_AACJZJ zhang_y_Page_092.jp2
026ebded2620118016f91cf5656586a5
8401676b6994142bd74aeb5d0c3c92999d93479c
1087947 F20101219_AACJYV zhang_y_Page_072.jp2
965e79f2f6ae99579553aeea00794ca6
110b3e7c76940a3db55afa889fa89ed951c1f4cc
F20101219_AACKFF zhang_y_Page_154.tif
669abb8e6cdf688e56f60271469e6c6a
9e38b41557bfb5f2214e05fbafe0afc4fa70cb60
F20101219_AACKEQ zhang_y_Page_133.tif
76b930cb6fc11f6317e3954d6af6b42f
512e2810ca19beeb7e2122e998250e62a366078b
1088023 F20101219_AACJZK zhang_y_Page_093.jp2
aef2b07696474f2d941fbef557c3e0bb
c10a736f97bbf6fded5cd8149e8235083ccbd340
950496 F20101219_AACJYW zhang_y_Page_074.jp2
4fe58099a75e3ac576015e0c6fc8c388
307d0613175ba948c33c0713f76a0ef451e69a6b
F20101219_AACKFG zhang_y_Page_155.tif
4f1ea853dc4a3b874d56172519fcf748
999f46209c0f113efeadc6789cfdc4617e481c78
F20101219_AACKER zhang_y_Page_136.tif
5534543fa21f3a446cebac77e17cd836
542a1798d160d3aec7c5b5335495e5060778f35c
1058099 F20101219_AACJZL zhang_y_Page_095.jp2
e61050b4fd98875f2a731a2db8cf1f5f
3a8349e5cfbc49d9265e3711a572efa1e686a4ed
F20101219_AACJYX zhang_y_Page_075.jp2
2b860e5159521d6c797bd623262190e7
8418ccdc73c7ec48df4e8f8ba7ecefec644ce819
F20101219_AACKFH zhang_y_Page_156.tif
a5457b6d36c55e1fdf63efc8f41992d2
910c119538ec3125d1009293a32c0e3def40ee09
F20101219_AACKES zhang_y_Page_137.tif
89cd97adb78fd40be0955929b422a6d5
093f35463b7c1de7f1cefff7f1850d8a01a8896c
F20101219_AACJZM zhang_y_Page_099.jp2
e5fe6fe2ac861f1471aca8cff715b1f9
961c365e6717c70cf5f542df6ba811b1e7905dee
F20101219_AACJYY zhang_y_Page_076.jp2
3290c3fe04524b3390ad74b8b65655b2
b39e74b1696e4006c524907087c0ea3595a52b94
F20101219_AACKFI zhang_y_Page_157.tif
87924e43c109230d1cf44f86049c0984
9357fe05d2808e81645763aeec4bcc6f6dac0da2
F20101219_AACKET zhang_y_Page_138.tif
8ffb1abecb8cefbfb74d59beebb4d03a
00c8090596e02c15fc2c6613655f86b29c57c60d
F20101219_AACJZN zhang_y_Page_101.jp2
9989b979b462b5a7dd9d55b642088b5d
1c54b0bef252bd00b495e91ff956445c821262a0
F20101219_AACJYZ zhang_y_Page_078.jp2
d407f70473837593cad45d31d2bdf9d7
e6d529e3bd738f774f73333027bfefb836bd7e7b
F20101219_AACKFJ zhang_y_Page_158.tif
e3b18062718cef647b4a0c9aa866fcf1
934710953c61af3082d238920bbb0e0e48bdddac
F20101219_AACKEU zhang_y_Page_140.tif
5637dc6e00bd125bb379bf9e0a1c07fb
5bcc8d114b3c07105441e74ab72ea14cdfe15f1f
F20101219_AACJZO zhang_y_Page_102.jp2
e6897ec0af8c3ade878de4bb3ab8f901
e6acf862552789a101b093a385c1490c78d73866
F20101219_AACKEV zhang_y_Page_141.tif
2a7633eae7e83779f3fb9412bb11e6be
207634a5030fea03523173aa2eddc1ee1d8cd0de
1073496 F20101219_AACJZP zhang_y_Page_104.jp2
8829f14a4c6c8fd706d03a529f259bce
0e40e8d6096419cf356e9a601361f79b6f6bd666
F20101219_AACKFK zhang_y_Page_159.tif
746cf78a531186d2d1a18dd632744cbc
9aa65ca7c981932a7e4902c25b59b59288c57c37
F20101219_AACKEW zhang_y_Page_142.tif
cd35bf5413e12bc507d9f8f2abf60f1c
7262d3eac5968b6aacf9ea8c48d43e13a66bb972
1059902 F20101219_AACJZQ zhang_y_Page_105.jp2
8125dd36330ed017245b261dc1d860c5
fd069181ad5e8316d7e6a1b953802e05be7b5285
F20101219_AACKEX zhang_y_Page_144.tif
d9c5acb0aea7d5ec4f5634343cebd223
0dabcea470074a55bef7665462d2953364336f57
F20101219_AACJZR zhang_y_Page_106.jp2
a61632f534ea3560bcbfc2095cefc209
0647c255cfe5aed86382795d2f25070ca2090e3e
44258 F20101219_AACKGA zhang_y_Page_016.pro
ee1ae647efeba428187928517ccb2059
79916b482323dcf002839fff1bb212925d75c145
F20101219_AACKFL zhang_y_Page_162.tif
92a06a573c6921072f06bf4767926195
3a038c1c36d226634ddb9a7bf6b65654eb7c6025
F20101219_AACKEY zhang_y_Page_146.tif
ee8b81a714ba4e1dd0dfdb9b352bb44c
94bbdbfa8cb58e5af38b47c87f8cc6b6323d2679
1087970 F20101219_AACJZS zhang_y_Page_107.jp2
8173644bff425136a2ee1e35e21095da
660360d803cdbd972d75d5ea345fe0fa1a01b127
62828 F20101219_AACKGB zhang_y_Page_018.pro
b57a9862b6835ab646b900fa6bc433c4
0e67988e0d6f0e77037d354bb54702d2eccf3bed
F20101219_AACKFM zhang_y_Page_163.tif
1ea9e197851f460def72da64ddfa1a14
b447ce435f1bc7906d6e557180564d0f64de3356
F20101219_AACKEZ zhang_y_Page_147.tif
a0ddb5f56b18ed7d3e4ee5ccc7e7436d
d48cbc0df7b9358614a8140aee2a017a42c13830
933343 F20101219_AACJZT zhang_y_Page_110.jp2
7f1a4bcba4565e926010dc410c9abb91
ace1f34d98a28858cffea7a08290b545e16f66fa
49902 F20101219_AACKGC zhang_y_Page_019.pro
68f1602cadcec17a6fa50389ed229a37
39d78e40ac3479d731b17aeec8defb3048b0a66a
F20101219_AACKFN zhang_y_Page_165.tif
81f3dcc8c8d6f9bd2b5d23e7048516f3
146456bb4e1b78ffe73a90c1968ba5fc7d46a370
964632 F20101219_AACJZU zhang_y_Page_111.jp2
9b938d5faae368624c81f9874e5b7d13
17a8533d922782f22c660dee20f849becf0f0542
59214 F20101219_AACKGD zhang_y_Page_021.pro
1783cb1166069ac358c0f1740362c3d2
ab589e723f336fed6df50d35fd6532e3ec0f4409
F20101219_AACKFO zhang_y_Page_166.tif
09c762c81890c77dc621679870efc1d4
f71856adef01c8c1e764d67883154baab1873096
F20101219_AACJZV zhang_y_Page_113.jp2
c85ff6b15c5023679875029b688b320f
bdf7439004ffb28c68bd584dff5cdd9241f1ffe2
57714 F20101219_AACKGE zhang_y_Page_023.pro
1dd43100ec7546fcda58eec5ea728809
5143c4c36b00f0ad1c28e285c0c283928b357e47
F20101219_AACKFP zhang_y_Page_167.tif
564450d1149da4b2d11bc58c2c293470
87138a2381a4935bc2d49744e73d4888d1ddb3f7
F20101219_AACJZW zhang_y_Page_114.jp2
5e2f9fb2c3574b5d165fc5bd17c29da7
86982bbdd1e1b716285c8b2c9ee7b52c5e116ff1
64182 F20101219_AACKGF zhang_y_Page_025.pro
2fa2aa14ec3b0befe5c50b6bb07d814d
8daf05ba35caa7f5596a618811dc469132daf564
33576 F20101219_AACKFQ zhang_y_Page_004.pro
56c7cd5a02ef62fea4b55d0c02eaf79d
8161510ce11961ab4c4a754e4a1a32336ebf34e0
F20101219_AACJZX zhang_y_Page_116.jp2
52074bcb0a910abb37c05944b5ac2914
c3628be3fb4a88c68be23ab44e0b1f93ff705874
58698 F20101219_AACKGG zhang_y_Page_026.pro
d904caed62708d6c211bf6a8a1f04421
f647522ef535a7be21f4f62654288ae8aca4be54
46295 F20101219_AACKFR zhang_y_Page_006.pro
dfdb87926b11115c65dfea742dca4b03
4e210d38f66ea90f8fcbddd3bbabe2a52d6ea424
1021544 F20101219_AACJZY zhang_y_Page_117.jp2
dd6e27dd8227ee572dce4737567e48bc
0d3ee2b60fe0e97552e3f7c8850a0711573abdfc
66954 F20101219_AACKGH zhang_y_Page_027.pro
06f39649789054b9658e4a3d9973d55f
5d762403c2ae403977f424eb02361f338266203c
40503 F20101219_AACKFS zhang_y_Page_007.pro
0be1f002450659f424a1994f50250cac
d9aaf0c70c90bf385cf4c91898abe47ec51852de
F20101219_AACJZZ zhang_y_Page_118.jp2
c889d6bbb24f305d1434e9909cb551fd
7c207fc7a43dfb1404cd0f7dcb33027ee92a794f
68528 F20101219_AACKGI zhang_y_Page_028.pro
dbfc5229338989c1dcbe84293fab1872
c9485e5d6765088b4d70a6ac3350b23d81eec2bb
14942 F20101219_AACKFT zhang_y_Page_008.pro
e4245f99e9eb0cdafe100d509a569724
c1e42194decfa9957c82079707ab8a9871f9523c
69378 F20101219_AACKGJ zhang_y_Page_029.pro
b4475b860b1e8a12b9586e38f114dff2
df1c2e4aa9643e6edf71114296435563017b9cea
47307 F20101219_AACKFU zhang_y_Page_010.pro
06f880c11953870d1c8d0d7033cfecb9
0f3b62a991f8ea54eea0b7b7c3243dd91cd7d0f7
34756 F20101219_AACKGK zhang_y_Page_030.pro
25b2cc94e4d050f7dcc19fe6962b70d3
745d950b98daeaf8fd8aa837be036dfeea143bec
58266 F20101219_AACKFV zhang_y_Page_011.pro
6d4e90c8269a86c9eafa5b232d16a26b
69a503eff0a9b4a482fc3cad352a08c6d3d5d494
71740 F20101219_AACKFW zhang_y_Page_012.pro
043356c0f257c5f733f3db1a758cb8d6
79886d89e1a2003f86e06094d0eff19d0d74e28f
62326 F20101219_AACKHA zhang_y_Page_052.pro
4e54851e97b740a74aa0b43e049a6104
7b0a07269b3cf091925b32d45fc888e1bd9a9aaa
64031 F20101219_AACKGL zhang_y_Page_033.pro
c62dda00236600a5fadcb719cac041ca
aa51c51ec7fd1d33bfb09ac0b6895659b58eb6a6
67055 F20101219_AACKFX zhang_y_Page_013.pro
25fa25c30006edd39999e5f2d6a7e1b6
f53d142422a7143507f699855f498f70efd59015
65801 F20101219_AACKHB zhang_y_Page_054.pro
cb03b9c5ec620a9cb59d2c3363940979
ef4dcc59beaf53fbd9827c26ea4ee6d6abea5a00
62277 F20101219_AACKGM zhang_y_Page_034.pro
db31f5ff1515b9aec0f9c9d2e0e19677
513cb3b9124f5978ade1798b096b906a7141023e
69197 F20101219_AACKFY zhang_y_Page_014.pro
8eac626969b79f3002c47a5cebe03256
be0efac048071c7a9721cf9656c7d61146b24854
107199 F20101219_AACJEA zhang_y_Page_030.jpg
800acf3295c8cc42f6a6efeed46c04bc
b2cd234b33e81a9842ae04b74f02ad3f5d40b3ea
50714 F20101219_AACKHC zhang_y_Page_055.pro
c30197d2c2145787bd249658b0ca3170
1356a83b342932589ff0f4a82abdec258e9783ad
67845 F20101219_AACKGN zhang_y_Page_036.pro
7d02fe8e8f324719c7930f3d543be557
a5d46911724c6d3e70ea40f57f9a5242c0fd3058
9217 F20101219_AACKFZ zhang_y_Page_015.pro
c8d486c3ea8008aacffbc6ff43feb0c2
2eb2af475f0dcabe72ae6e66a5a7d7503565f3ce
8642 F20101219_AACJEB zhang_y_Page_027thm.jpg
4d488854174e485b7d9d528ff6403f0f
634ebad7c035d5c3d543819dcfe975f2ceac9796
65182 F20101219_AACKHD zhang_y_Page_056.pro
8629a9748a51483d5329c70511bb09e5
f4757f70186166dca843f089dee9c7bb55b742eb
63047 F20101219_AACKGO zhang_y_Page_038.pro
d3fe57d75b12a78f489657f16270e107
63e9af4964bf413113c7ed532a840b450f013c69
8677 F20101219_AACJEC zhang_y_Page_083thm.jpg
91fc17ee90c72370c563bf231e920131
bbdb2ef43aa9d9a8d121937947be4bf292234bc7
58425 F20101219_AACKHE zhang_y_Page_058.pro
00586c726d5821a2688e42d75219d514
d75763d0e995e070fe949dd0282fb86917ba2e20
68415 F20101219_AACKGP zhang_y_Page_039.pro
c847c33845290eb8773d8d10f4590a9d
7693c15e82137af572e510c604f68311be8a7464
7659 F20101219_AACJED zhang_y_Page_011thm.jpg
1cfe41404a39b1fa83b538a68c97b2a7
f0bbc493e9879d61a88650b8cee0aff00cd9797a
67850 F20101219_AACKHF zhang_y_Page_059.pro
1a7a12441235e1671c04a42e805c08b9
462e5b997f2bd6a587639ba080f1e35ab0b903ee
18965 F20101219_AACKGQ zhang_y_Page_040.pro
ae3671382fa45c622790ee16d5811526
de94caa6d1eea3fe044f5ab4041bab6f1dcb94d6
F20101219_AACJEE zhang_y_Page_061.tif
14942830bfd57fa8f2aabb4abacc52eb
e4af554ea36395e9544dd21ae916187e7a9c2225
59838 F20101219_AACKHG zhang_y_Page_060.pro
ec72f39dbcaaeae654ad0e8afc277e00
a09688a47adbf66cb485dc644e29ed9ebcb22b4f
56492 F20101219_AACKGR zhang_y_Page_041.pro
01cc6fb0422a9344d3826a73e48cc46d
676848b56484208602b2d060053a053a404f4dbb
109569 F20101219_AACJEF zhang_y_Page_011.jpg
436d2629f3bd39506ed75d1f2bd9b963
7ee4c5e1d9115c03aed05dc5f9670d2274216ccb
61702 F20101219_AACKHH zhang_y_Page_061.pro
69e3baa5962cd26520c5d69dd4f7988c
a6fa8de43d2d8527a23435425150ff88f859d092
65253 F20101219_AACKGS zhang_y_Page_043.pro
32ad71ad284b4dca713036051222c9f8
ec17abc497c6eede9546ce85baa4161cecf38b77
112128 F20101219_AACJEG zhang_y_Page_121.jp2
a3407f5f3a84ba401898c3f63bb02b3e
bd06bfcd2cb356488228fe1dc0918fd5c72de6c3
63118 F20101219_AACKHI zhang_y_Page_062.pro
970e18a1b9ce3c156cf6081ff805b141
60b89571c5fa1c01fbc506176ff1ec93f8a251be
28501 F20101219_AACKGT zhang_y_Page_044.pro
4b1efbca66f7fb817a8d379a2c457e1c
c350cc7225139a1e115192d96b0049e8718b5ebc
101537 F20101219_AACJEH zhang_y_Page_094.jp2
5026fb97c44c8d1272a90a7f83feb16b
979a5df88e50aebe659c653a002cd55666304669
49199 F20101219_AACKHJ zhang_y_Page_064.pro
26437e7bb9bc6d7b17cd6ae4468202ab
8cd7f1b13ddda857870590df522b4ed5a24d5ae9
35364 F20101219_AACJDS zhang_y_Page_063.QC.jpg
8d7df81bd6b0e7b844b540ab86c77968
b9362b503f35b9cc014f888d0d3410c9fe540736
66247 F20101219_AACKGU zhang_y_Page_045.pro
06eb76d4c1abd1fcf78c5054b124cd6c
0564b106fa79f5699ea1105ce9e521ea15ee6b07
2347 F20101219_AACJEI zhang_y_Page_021.txt
5e3ad194c8af579768fd8388210a1b95
dffddf769d314e325b834754f0b969c56c7dd234
61980 F20101219_AACKHK zhang_y_Page_067.pro
f33e19607f739026645406c0e3d62ffa
eed948fb3714099478709b6730bfd0aa42edbf36
37938 F20101219_AACJDT zhang_y_Page_093.QC.jpg
8097bcb2303a575dd02d10cbc730c0b2
a83156b858501903044ae0850147eb0261c551fa
63964 F20101219_AACKGV zhang_y_Page_046.pro
f4799bf5e8afccee1866c3602d52475f
0c84e306ae1094f8a122e2cb5a6a2bde44c7329e
40153 F20101219_AACJEJ zhang_y_Page_148.QC.jpg
9fa807af4a42842a28af87dc22ae5d11
796d80700018b48958b0e9366832c04b02a1c1b4
50131 F20101219_AACKHL zhang_y_Page_071.pro
92692240ffea62d6d029e672c3fe74f9
545679b07be933073a91d2181421abe20a075346
2613 F20101219_AACJDU zhang_y_Page_093.txt
bd4c9f03b5df7b8faf078e6971cb6b5b
8905a8b07b238988e823c92b16fd8a2aab483ff1
63295 F20101219_AACKGW zhang_y_Page_047.pro
2737324e9a2afdd9c9f92ebe9755b1c9
fad2c7ab83c8becfcaaa003f23b013ad3ac1cddc
55816 F20101219_AACKIA zhang_y_Page_092.pro
1a14472d604f3c58fc4fd03a5203ba5f
db9e63843b6205e78fc9c9d2aad45500065db84e
95654 F20101219_AACJDV zhang_y_Page_146.jpg
3824fcd43de865578aefd46cd061bdbb
f749d2cb278cee6443e67f1c00578570e7e58aac
61552 F20101219_AACKGX zhang_y_Page_048.pro
d62095f1f20491cd0d17290902af081e
062db9d2d8a16117a66daf1358bb2f247072ff75
66349 F20101219_AACKIB zhang_y_Page_093.pro
8196e3593876a99cb9f014fbd301deb7
caefc5ad643586bbd18929fba7329fd0aa5d6ede
127158 F20101219_AACJEK zhang_y_Page_119.jpg
566bd0dce41d8f4a13581b82d4c15cbc
3b90cf4e6aaebdfd2e1c59db67a9b3d51095f3e8
57121 F20101219_AACKHM zhang_y_Page_072.pro
cd8dc0e670cc3e8e52f3af6726a8fa9e
c33fd0936be48195fb6a2f3ad34948eb0287ba7f
115041 F20101219_AACJDW zhang_y_Page_018.jpg
e15249a13c75f27aeee9affd2f8cad9a
d2f904f515d63b7983eeafc527714f89ab4a8538
65571 F20101219_AACKGY zhang_y_Page_049.pro
fd175f388303a79708d6ec47ed518f00
e16c7ff18707325c18fb256410f7f68b932a7372
51377 F20101219_AACKIC zhang_y_Page_094.pro
4b0dde769cea3ef041af6a402a9ac7eb
0ce31cc8409636c53fb68196465b948138019009
66622 F20101219_AACJEL zhang_y_Page_031.pro
783112e68cdd38e8a29b3830c142dd29
1c4ffa9e055c5bd21b97372b7ba3da45c8722023
48463 F20101219_AACKHN zhang_y_Page_073.pro
e4d8f2ec1d7dfb87edf15de284fe7c46
d3a70fe64d0c43abceae1cda9f2a86afab862443
7006 F20101219_AACJDX zhang_y_Page_068thm.jpg
0a9500d08a23112df20aab901eda08ff
5036e1830fb151830bfb4ab76fe65ca4b8fd75af
62008 F20101219_AACKGZ zhang_y_Page_051.pro
94355d9c9ceafae845b6325318fde46d
e397c436a5097432ece39112435c5b893848a6aa
1304 F20101219_AACJFA zhang_y_Page_005.txt
64b526b605e356ce95da6d5d3a0a391e
11ff7bede7a91647ed1e5581a0e7b395199bc00e
51635 F20101219_AACKID zhang_y_Page_095.pro
2c629a24a359b86e985028566fe7e548
0e898577a83648cfece7faea7e9fec734599c7a9
8559 F20101219_AACJEM zhang_y_Page_034thm.jpg
b77d3889c1dfb7de1a47733a024b8688
e781124132019d8ad0c0f7578632f9a55b8874f5
44471 F20101219_AACKHO zhang_y_Page_074.pro
c725757c7a42d762b4c875c619139cf0
a5196333b07af8ee449cf4848cbca966f284e645
2414 F20101219_AACJDY zhang_y_Page_157.txt
6370a1066dfaa7ce04773796a8dc172e
a1c0b8b437c32420b4a5b2e2f1450ce1138ec51c
125933 F20101219_AACJFB zhang_y_Page_054.jpg
316ccf2e1f99304516b0aa1008f9c768
7c888ab0d52a8b9850d84b0a571c51d1a5a0aef3
60599 F20101219_AACKIE zhang_y_Page_096.pro
6b8696844e31f04b3d01caffe50ff1c2
1ca0854fb62ee6f35bbefdbf2f9ce02a35bd5985
8114 F20101219_AACJEN zhang_y_Page_050thm.jpg
c10cb46e4cbb782995bd08ed484f0f1e
70aaee1d6e7151a82f2bddc8dfab244125dbd89f
64357 F20101219_AACKHP zhang_y_Page_075.pro
e1fcfffb892a02c9141bd4884c87e382
3298b4d92a716c68024a260d918ed903cc97e510
57088 F20101219_AACJDZ zhang_y_Page_050.pro
5da5e30496859f019330f6298f2b3788
d39658e41e50a83388e84d3eaeb4f2f949c222b0
114642 F20101219_AACJFC zhang_y_Page_037.jpg
b59a9dd40e12f08f1d681d3b083c9f95
383997d02325f8aecb1c2dd419186ca521dce47a
66781 F20101219_AACKIF zhang_y_Page_097.pro
4c0d0e95881956d7af340224da5514b9
1a0b8ac58ac42bb83d06b07155d9fcbce284a62c
F20101219_AACJEO zhang_y_Page_085.jp2
38eb53b8cb73758480fb0b9aee658b75
5d8d71cb966ab2abf4553ebd48e2e0b24b10d4cc
62986 F20101219_AACKHQ zhang_y_Page_076.pro
cd34e173b903f539f76ca1a4ddb1e98b
750b37943aa7d65806b13acbfe7d0e5beb2c1d70
67821 F20101219_AACJFD zhang_y_Page_149.pro
585a2525dfe90eeef09baf91a6aa07e5
0deab089b6342a3d6cbbf0aa6cd1ef971982c606
37005 F20101219_AACKIG zhang_y_Page_099.pro
cda4713e076477fa2a71305d42600b6d
ae21d1637d69ac5e165d53af29c5c25fd105a9b2
F20101219_AACJEP zhang_y_Page_051.tif
a8cfe9375d8d51560fb90db200147f70
192779c08416d381564c0cf1e26bc9aa6be10c63
15576 F20101219_AACKHR zhang_y_Page_077.pro
7bc860b160f55a8ed877fa88aa0ad261
b27ef185d912b8c49b05d2b015fa795595cc2c49
96791 F20101219_AACJFE zhang_y_Page_068.jpg
bd48208711e9d819e8da65b308adbc6a
059d154dba1bdceae5fd64ca0094a727ce740dc8
61641 F20101219_AACKIH zhang_y_Page_100.pro
c788a07324988611d4ea1f557deda4b8
760b3b0319556a7833f344f443390810c0c8da3c
29824 F20101219_AACJEQ zhang_y_Page_132.QC.jpg
72c508962b55bcd2842a0b980ac07297
f2efcccbfb5d632078e09bae3429df9b02787702
25392 F20101219_AACKHS zhang_y_Page_079.pro
89fcd22a31e3a73d3ba692b66f73629d
e677dbac56af5308a1c584f03e9f42f4f59a292c
2462 F20101219_AACJFF zhang_y_Page_107.txt
ed5d808708147023fdfb9d1b2968d9fd
ab179ea4796c31f214d644fb8ee371ee3f8ded89
56225 F20101219_AACKII zhang_y_Page_101.pro
f13b819af1628e939fd0cdeb3ba2a1ea
7bcddbca240a75ee2c25481dfc53fcc9f0920951
114735 F20101219_AACJER zhang_y_Page_127.jpg
b2fa937c689cc5eba2df5b09db5f0d45
1cddad79b3d02310f8f6011ff576aa61898c580c
53912 F20101219_AACKHT zhang_y_Page_080.pro
bec9e0c21be5e84e3e71702d51f36db6
c2449a7091cf17f2213c6475f19ed8ebd60a2077
36008 F20101219_AACJFG zhang_y_Page_149.QC.jpg
49ea9e5a3ac4006527dade81848303d5
ee5a1c0c45cec1b1b61eca6d4cb995fdb849f7be
62059 F20101219_AACKIJ zhang_y_Page_102.pro
113240cad8abc1369ebf422e636b6c0d
539bbb03ad3221ffced71718fff50d9cf42c2cf2
2443 F20101219_AACJES zhang_y_Page_022.txt
217b6e6e171cc27b07b0fb02085ad727
e103fce2702da2d344fe17f2587a7cfe9f12cfa4
70514 F20101219_AACKHU zhang_y_Page_081.pro
325e9751085ed2690c31ca05829dde82
8197bc1d6bda649f2183500d82b977f99d05ffe4
F20101219_AACJFH zhang_y_Page_054.txt
9494182a3a2b572220267d8acba57b2d
d5cfa7b065d9865d2671fcf8776a067d42f3667e
52970 F20101219_AACKIK zhang_y_Page_103.pro
3d967fb0dd31634b4c3852aca6e67fb8
8c56a8e3e9d846b09b1130a885b053242b3187fe
31888 F20101219_AACJET zhang_y_Page_080.QC.jpg
e87cded3bcfcb0649508ed247ae8684b
2929f2bb880c0b6a5e38dcc165f2665fbe6751a0
65490 F20101219_AACKHV zhang_y_Page_082.pro
6cff078e26d28a3173ec8296d768b697
e244fd0233d76430d7f3cc9e1f124159e24c325a
34920 F20101219_AACJFI zhang_y_Page_058.QC.jpg
e4d0644b44bbe0faf5c98cb37042a657
b866eb14e3414a443930c2774c907c82a12c8025
50826 F20101219_AACKIL zhang_y_Page_104.pro
0c05ef2f84261b5a4da8f078839b5153
b7ad43fb8127530428f31c7d714f1cd79921641d
107768 F20101219_AACJEU zhang_y_Page_072.jpg
ae9a0da99c76fa8cc8e7662a140a9084
530361116811e5d7ad630776044ae560f93f8ca6
16232 F20101219_AACKHW zhang_y_Page_084.pro
555f0d2b7eca8e4662c644f9b733ab8e
e4e3dfd457ab8c7824f5b366c3a0830f262b753f
36269 F20101219_AACJFJ zhang_y_Page_034.QC.jpg
98b56fe5093f1287126c23cac342aa8a
272aa9e68008f3bc5690c18743e1453756d55bd2
59619 F20101219_AACKJA zhang_y_Page_126.pro
1c752d886f3be2d2f82fdc7c61fc682c
1f09243fc611fc37ae2153590c42d6ce57e02945
69178 F20101219_AACKIM zhang_y_Page_106.pro
c874f044467f48c8a60184a3569cd487
2b54089b7b0ceeea346ddc9f15d0a3c6a2746c07
35599 F20101219_AACJEV zhang_y_Page_086.QC.jpg
6a7322fcd5ebf2f123cba83e3b7410a5
727641e5bcc85e886359e6ab0cc19d179de9fa9b
55742 F20101219_AACKHX zhang_y_Page_085.pro
69e57ccbed4f239e35dd3e68d6409d4a
17283c251c7f6008f66c846895795b9651c31f19
F20101219_AACJFK zhang_y_Page_126.jp2
db6d547e15cb0e084fe062eb9afdbf3a
faf70a0972f5527488dec45b2d8ef5766cfbec61
61528 F20101219_AACKJB zhang_y_Page_127.pro
90c30015f01c7d393d564be872c36e3f
3fdead935b8b2e7d31cae5e2030649b131158b42
60849 F20101219_AACKHY zhang_y_Page_086.pro
dd363a98cbbef8638404e2be6a1b5626
4bae79f94c487abcb75a9d6e433e6f9f2e74b56a
37190 F20101219_AACJEW zhang_y_Page_017.QC.jpg
301000261c2144b5b86a8a08ece9ff70
e7483841c139def5a3a30808f7c46e134badf8b0
61887 F20101219_AACKJC zhang_y_Page_128.pro
23a07c24ba49f48a5658c60c6bf38570
2597e63a648d4fc9fddece997f1c7a0a8348639f
62391 F20101219_AACKIN zhang_y_Page_107.pro
96407cb8281b7ff6c30142d65375945f
4198046a595eca0d582513435244e92adfc51040
56355 F20101219_AACKHZ zhang_y_Page_087.pro
4176dffca6ba448ebcc0d2bcbbaae6fd
65cac3ddb6dece1fe8dce7c196469d13f987158a
43629 F20101219_AACJEX zhang_y_Page_117.pro
12e3c160e1dc89fa1eb1e430a5b76fa4
0654451a121bb9e55f9f816c0ef7d81c3274a9fa
F20101219_AACJGA zhang_y_Page_101.tif
d5a358c35be9b7fa25042c3bb295b8fe
01a5b0893c0ed85a506524399da317b65e7e49f5
122298 F20101219_AACJFL zhang_y_Page_089.jpg
3638b10613680cee46125041b772da6c
9c2f85501852e110180900f578cb229a4787f441
48401 F20101219_AACKJD zhang_y_Page_129.pro
79e808d345df305a293709d3bff34336
13a932a117283d04af8a9d22481de46c263b065c
44568 F20101219_AACKIO zhang_y_Page_108.pro
8ec0ffc89f5243e3c50293dcde66ff2b
501548b3707992029bf97f233e634f5e1ab8f68e
2350 F20101219_AACJEY zhang_y_Page_134.txt
de0b540d434bb6a014e44f627ade74d8
208966dfc85c8b3c8f7244b31ae9b4c7af674c04
2333 F20101219_AACJGB zhang_y_Page_072.txt
db60d37606201e4adde3ccd2db3c8342
c364ac5d2786795bb0a6f41049dd615f9541e33d
36087 F20101219_AACJFM zhang_y_Page_100.QC.jpg
f23f43a7fd503008d592b11322dadf95
c991b055dd274ed31f38e23c45416d80c7af393c
62522 F20101219_AACKJE zhang_y_Page_130.pro
a63394283a1f7e89d675cb66ed45bc5e
94222f57421528a0b9e9ba576aa97d3520ce9e91
55494 F20101219_AACKIP zhang_y_Page_109.pro
b225c47f7f6f1efb6dd7b73c67c733a0
b8264c2bd67434fdc7f45872cee65e1bd7613092
2665 F20101219_AACJGC zhang_y_Page_043.txt
e8c1d1192151664b308323e9aa38a59b
064c42c2aad8c61538155eaac3f6d1ca1f359c50
67556 F20101219_AACJFN zhang_y_Page_042.pro
c5e51454e3f14993d35482cf999bb2bd
9c1999e22cad0a5621044c41d451ca5c8da1da0d
64828 F20101219_AACJEZ zhang_y_Page_098.pro
38c1a3d823f5bee3f452748f1251d1cd
2a574c00f0beb55aebae0124b7116b08584228d1
49593 F20101219_AACKJF zhang_y_Page_132.pro
cf83178f2bddb8a50996b9bbbd8b6b0a
e4d24ed8ffc39a27a6c9e9214dd60e7cc10244d7
44605 F20101219_AACKIQ zhang_y_Page_110.pro
2e32f46daf0347411f389444ceed2680
f2613189be0f0fcf0b7ae4de4561defcef9e5e7d
F20101219_AACJGD zhang_y_Page_049.jp2
976296c2431e4e42bf6f44eb76a37e14
e4952ffa71d52b5fdad5ccdb39bcd31e890f5d3e
11586 F20101219_AACJFO zhang_y_Page_155.QC.jpg
115be44c12c1ab1c508f07656c8bef00
bfc022302e6681482c4cb2220b7b62d0847dc022
65753 F20101219_AACKJG zhang_y_Page_135.pro
50401578887843238b8d40d747f9ea86
f85f5806630513014c946533fed2d830708912b5
64884 F20101219_AACKIR zhang_y_Page_112.pro
6dafdd319d367aa93955a5ed9d1930ff
702e9d20a46af1f51eb1c8fbada189380da6da88
1087996 F20101219_AACJGE zhang_y_Page_048.jp2
074ffd2a9516b229ca16a0abfc09c499
aaa49fa68e6cd4c8b37c48ba32918b3d8a8c7611
F20101219_AACJFP zhang_y_Page_098.jp2
ea2a1e650399f382641b043927210f5e
c963953f96de00b9a4359d68b966a77728394261
62738 F20101219_AACKJH zhang_y_Page_136.pro
479f29ee2c1d441e1aa0b41bea24086f
6e1a645f9e6f65737bc5aba5110a32966aadc182
68337 F20101219_AACKIS zhang_y_Page_113.pro
a489475507b98d85b1aab4a33853a487
6c6573ff20fad779d08328d55968b38510343d94
122265 F20101219_AACJGF zhang_y_Page_098.jpg
9b477d2f53a50008224e5c81024ba523
a9b198269a21c956429234efa43fe9aa0f66bddc
7859 F20101219_AACJFQ zhang_y_Page_030thm.jpg
144b69c0c02f3b85f55c508ca5c6d396
ac08062bd645a3964eb490ebd24ade4619f026b1
42940 F20101219_AACKJI zhang_y_Page_137.pro
54a0e7cc42dc42629225e72c431ec948
badab8ef5925a27848b1aa2d4201fe13dbd4a7b8
64720 F20101219_AACKIT zhang_y_Page_114.pro
a3921ff8e945c0d0bba15de7acd63b2a
9d712b48b7a072fe5a35e2403bf56fda184c59e9
7471 F20101219_AACJGG zhang_y_Page_157thm.jpg
1284056ab49dacd90c2a9d8fd3ee112e
425d008d511621efa3038caac397441db08f7b24
106166 F20101219_AACJFR zhang_y_Page_092.jpg
094edbe07565ba658b7b57a9d34d3938
75d6e8d4ec41c703aacaa40962ce62b85750f744
61839 F20101219_AACKJJ zhang_y_Page_139.pro
eba7951c59d715ac7ca458251c0cbbfd
28a0384b8e677d24ef0336ea9e3430fc05ac6f7c
56208 F20101219_AACKIU zhang_y_Page_115.pro
8acaef38c6f1a345ba1cfe191678e099
3117026de7a8c24ef3d068683d701585ff6d57d4
2681 F20101219_AACJGH zhang_y_Page_017.txt
fb6fdb742afc5fa3b1f75c61bb75693b
b4311722804437d3372b579484252778b857868a
61544 F20101219_AACJFS zhang_y_Page_140.pro
b226f22ccf7d539092ad4de0764937e0
7f69b3aa248e4e202f715e0a5a5717bbceb03dad
58183 F20101219_AACKJK zhang_y_Page_142.pro
9dfceaf72ca54657621813d39873d12c
bfdb543b21af492a6b2b5b2f3aa5f549af70e1b7
66204 F20101219_AACKIV zhang_y_Page_118.pro
64bf3e0c04319df7cc953f47b1cc0237
96b7b4f5b77c4c173e95ae8aebf1842bf4e6679d
8390 F20101219_AACJGI zhang_y_Page_119thm.jpg
e3b68d04acbe89a28700a1f9b51d30af
59c7baff5e950fac0e30255b331473cfe8dad565
1087997 F20101219_AACJFT zhang_y_Page_027.jp2
1ec1a46b17fae139cfd68d2aad3ef3b3
7c93f150bb1da5ab31969ef410a8f00a7b4df4c4
60149 F20101219_AACKJL zhang_y_Page_143.pro
9059beed267a945d2cb888d3b5aa4086
b69e5d01fc0e4d617f11a6b71fe2e2bcb280fc23
61944 F20101219_AACKIW zhang_y_Page_120.pro
7200719170557de98bd10e7f859aa20d
271f86ce70ffc32a4f3b81b6aff75625036ae373
49976 F20101219_AACJGJ zhang_y_Page_091.pro
13687f7f5f5f6346439d1013ebfa3c5c
0dca9e15eba5f597ba46012b65fcf8e09685d3ab
F20101219_AACJFU zhang_y_Page_043.jp2
e12af11d5cbacdd062a3d3ddbed8a75b
f4be69a878f94b60573b5d9213bd14811331d42f
1935 F20101219_AACKKA zhang_y_Page_007.txt
148a5e493245fb8e9146fd3cd5764ce0
cd87ad4e782745004e9d77c9aaa587951a0afc43
64596 F20101219_AACKJM zhang_y_Page_144.pro
371c92bfb0faebb75fa1c4f90c744492
6967c238d1898538b215c5df668a068d8883aa9b
58774 F20101219_AACKIX zhang_y_Page_122.pro
1f24b62a91fb2135b2a67e032dfb5aa8
59a3e54f799d4f65c5debb3d301978237f29e56d
6935 F20101219_AACJGK zhang_y_Page_094thm.jpg
93582cc7ae46d9e9bbac492653219d84
6ceea3a27995e8aa683a21400add7b121cb595f0
1088014 F20101219_AACJFV zhang_y_Page_096.jp2
805b63b3f4c67546cdf88fc1e24e2d6a
5c843392dacb839b2a912f5e13f039e9f26c68e9
2062 F20101219_AACKKB zhang_y_Page_010.txt
83601aabb34a7397fe7986bca296c19e
bac844d70e6ae4d59272e63b116bf513580d8e9a
69884 F20101219_AACKJN zhang_y_Page_145.pro
44ffca4564f5527fa748731052ea7002
ff59920a68dc408c09ce008dbb04794cc62d37be
63223 F20101219_AACKIY zhang_y_Page_123.pro
a8436dc961600bb4bba62f3a622b7c6a
59d565f1ad45ea08a534636e37dd138c383c7504
F20101219_AACJGL zhang_y_Page_079.tif
e72da3cd6a2cc68def0d5b44a5e80ee5
7b8d55785841c445159a1ae93a2598b7b05b4773
F20101219_AACJFW zhang_y_Page_112.jp2
fca7ddffd069060ef788941f1d0ae1f0
7830be36211e3cbdf40948414e9ade0d4b311fb4
2372 F20101219_AACKKC zhang_y_Page_011.txt
f5d94bc21d85bd0938d1b6eecc6088a3
f4e43cd37b6e7b102aa7109f334eead6a6e4eead
65254 F20101219_AACKIZ zhang_y_Page_124.pro
c39650b938d98161a7d45e181d906876
e2e8c5ae8c3cc891ebfb0795d18d96bd7fb35c31
67441 F20101219_AACJFX zhang_y_Page_164.pro
5009c914272675bcd68a3173f672744f
329cd47a6e224d2d09b7768052c30ca8a0e788ae
8376 F20101219_AACJHA zhang_y_Page_046thm.jpg
b8d9d0c79ec7bd8eb57d319582b7fba3
936bc3058e26c6e30fd6580e910f9172cbb61689
2634 F20101219_AACKKD zhang_y_Page_013.txt
fef0f8f103aab35a7fcd938bea288134
cb0e756ddd8cc21ad288760f06fe3d5901d65941
49803 F20101219_AACKJO zhang_y_Page_146.pro
3edebed19d41e5fe6c7255df92272d8a
99e06b124b95fc807842a9c220f7d40c56a37edd
8741 F20101219_AACJGM zhang_y_Page_160thm.jpg
6c72ed689f1e316294006c724dbd6500
5117a192629b87da2f98711b650d246cd2c92404
123634 F20101219_AACJFY zhang_y_Page_049.jpg
e3c1ccb7e1e2302e5096f1cb81e89a0c
3bfa64900944a43bd7e3a7773e739ed35b9d658c
65226 F20101219_AACJHB zhang_y_Page_138.pro
580fe3c3a97edc434a57a5c142d364e5
a439689938efdc7182f0379158fbabd67e40575d
2708 F20101219_AACKKE zhang_y_Page_014.txt
d2bafd20e937052fc29d797e633a627b
4e5e8d5ca299b98dd3fbd2fd6a529341b67dbd28
62954 F20101219_AACKJP zhang_y_Page_147.pro
2efcc6f62f35125bb276373899ec21db
04fff3f790557faa041fd5781962d528fb8db776
8545 F20101219_AACJGN zhang_y_Page_054thm.jpg
ebea93786ba722571b77ba5485a11a41
f8e3d053607d9add3e51d3a301174022f39031b5
F20101219_AACJFZ zhang_y_Page_032.tif
5b20123d764fcd98ea387520e95d4f66
9bc9acdec2ea451103998f66991d724a6c6eb577
8757 F20101219_AACJHC zhang_y_Page_017thm.jpg
cb9bcc820c664c98fa4026c050310066
45707c1fcdd490cf722c4dc63e60624b4892d9b6
375 F20101219_AACKKF zhang_y_Page_015.txt
b013d4e9ee3e5a563dfbced513f99aee
de0f7a3ab32695128f8f3195b6c36a4e903f3f60
63910 F20101219_AACKJQ zhang_y_Page_150.pro
8f9944e4df3cf295653f7c5a64bcfc4b
a42031c2f083230d35933727bcb2934b8ef56623
7612 F20101219_AACJGO zhang_y_Page_142thm.jpg
1f0d4eb9cc6bf4a0dbb444aa677410e1
dbbc897ca5c269d8397f7a84afb3be2ca3efab71
51576 F20101219_AACJHD zhang_y_Page_116.pro
1c1e402a75166352d3733cb0ba054b08
8394cf1eb9e87116870ad0d53d34ac0898689d3d
2079 F20101219_AACKKG zhang_y_Page_019.txt
8a638a3e3dd170efb3953530858d7560
8a153711190251ff30c4635f08dedb4a2441e317
56057 F20101219_AACKJR zhang_y_Page_153.pro
f62aec7ceac80358cbdbe002bc68bd2b
273387a19b764a192966df38d5af4211fc544146
58515 F20101219_AACJGP zhang_y_Page_134.pro
aaa66d2eff8c85e452b065d7185e6cf6
a116c9db81a8608050b1d6e6e156ae2c3956c899
106251 F20101219_AACJHE zhang_y_Page_026.jpg
f54afb7c61ec80d60ed801eacae252f5
674b47fb0afdfd3ad39bfabf43eaa79b444933de
2297 F20101219_AACKKH zhang_y_Page_020.txt
1fcdc1f25589d3143352f2553103fc2a
676ba24177901191556f4e00050b6bec30407db1
18411 F20101219_AACKJS zhang_y_Page_155.pro
fe2ccbcb4d3945ea21215281ac35814f
aca0447a82760524a46e6ced8c4cd3d25bc848f6
71697 F20101219_AACJGQ zhang_y_Page_161.pro
c4b3aadbf752501750e05de634239c51
3978e24ca27cf1868ad7b58a4c48502903bc9e98
95649 F20101219_AACJHF zhang_y_Page_070.jpg
873c4f79cc4dc0cb553543248b98e0a0
d89a41342c5c2c8e27d2995c8986de99a1da34c3
2370 F20101219_AACKKI zhang_y_Page_023.txt
2cb85f0ab6d305d7b066890cdc467e5f
4cd8a1321df407d632bd55fd08d5bcafd2527916
59172 F20101219_AACKJT zhang_y_Page_157.pro
b53954811aaf0121015f7055701dc07f
45eb90375d331f67e70d108b22df9be540a019e3
60814 F20101219_AACJGR zhang_y_Page_022.pro
fdca2c7ce5618ccf3a9d7944c83b155a
7612c1d554f5c9058cfb3f88a0b361f7b4054bee
53723 F20101219_AACJHG zhang_y_Page_125.pro
761e5b4071b992d76690a1e118dbfd77
b27cbb5e30e689353af74b96ceff7150525eadc4
F20101219_AACKKJ zhang_y_Page_024.txt
4fc0f06d8fa3b4a21137c0920eb6c634
49e5237621cef914083d7eae47db8022aade187c
72963 F20101219_AACKJU zhang_y_Page_158.pro
384563372ed32f3922898d1305819660
3a8e5e0a5367c8f1fabf83094edbddadb84410f4
703 F20101219_AACJGS zhang_y_Page_008.txt
bc1184f64441e78043a0cca3ffc57b2f
aceac8719629fd1ca7ed2d12511693608c18ed6c
131869 F20101219_AACJHH zhang_y_Page_160.jpg
dec52ff6b95bc50f8bf8fe2107044c07
87846a75466e441727d2ac148226c83398a96f01
F20101219_AACKKK zhang_y_Page_025.txt
c6b8fba24e50b47e108c14da5ffe64b8
7f1410974d4c0cd36aca7289e72fd2cd42484f78
67478 F20101219_AACKJV zhang_y_Page_162.pro
4d028daf0523a064651b9e8259843d32
8d95d8becda15e2842c40b4906ac52db6ee599c1
8663 F20101219_AACJGT zhang_y_Page_031thm.jpg
cd372ec3292337658c72242205ebd130
8e652149d269ecb851eaacbced92413c10a9ced8
115596 F20101219_AACJHI zhang_y_Page_136.jpg
b982264229d587a7b4201aba4d4d3831
3af13da638be77d5ee3337cf7a94db8461cb539b
2492 F20101219_AACKKL zhang_y_Page_026.txt
77c139fc794437e6fd84c567f4376dbf
211b69dde808a388927f5b9a6e2d9441fa4c6ab0
68099 F20101219_AACKJW zhang_y_Page_163.pro
567ec62bd80a8a7f661c025e1c716c7b
d1c6f524e2699b1b59b027b5ed466751c7db01eb
30759 F20101219_AACJGU zhang_y_Page_057.QC.jpg
9be36b76ea3344f891c9049ec660ffa0
0c73496eb5803d0c2242d0d476448fe486909ecb
2575 F20101219_AACJHJ zhang_y_Page_114.txt
1d4f0d319ef3cab83fa1cd953f1ca93e
e16dfff2554da24a1e21c9441d654a99496f8649
2538 F20101219_AACKLA zhang_y_Page_046.txt
ce7350ba8d2913f351fe1f8f7f846b6c
dc0841ac4e7c4e04475283b3dc4cb8e60f87ba20
2636 F20101219_AACKKM zhang_y_Page_027.txt
ede0b9b88eee619b6400640e5f898a0a
5c15b1ca9ffacd1c058bd307bedb59fc343e4d9f
23565 F20101219_AACKJX zhang_y_Page_166.pro
5cf90a14bd7a6bb2bd0f34029555d9c7
e49ec8d424952057f99838b66130194fdb1d0a8c
1087999 F20101219_AACJGV zhang_y_Page_131.jp2
e1366e65cdfe7346abe4f55378357c65
86f80dcc3e895f1af4b658ef9d7bbb80b75dd1f1
71444 F20101219_AACJHK zhang_y_Page_159.pro
6bf14329758a08ef20e7584defcffcce
e57fd1783ee4ea7d6ca99a2f205fbded202701a8




Permanent Link: http://ufdc.ufl.edu/UFE0015609/00001

Material Information

Title: Security in Heterogeneous Wireless Ad Hoc Networks: Challenges and Solutions
Physical Description: Mixed Material
Copyright Date: 2008

Record Information

Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.
System ID: UFE0015609:00001

Permanent Link: http://ufdc.ufl.edu/UFE0015609/00001

Material Information

Title: Security in Heterogeneous Wireless Ad Hoc Networks: Challenges and Solutions
Physical Description: Mixed Material
Copyright Date: 2008

Record Information

Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.
System ID: UFE0015609:00001


This item has the following downloads:


Full Text











SECURITY IN HETEROGENEOUS WIRELESS AD HOC NETWORKS:
CHALLENGES AND SOLUTIONS
















By
YANCHAO ZHANG


A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL
OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT
OF THE REQUIREMENTS FOR THE DEGREE OF
DOCTOR OF PHILOSOPHY

UNIVERSITY OF FLORIDA


2006



































Copyright 2006

by
Yanchao Zhang


















To my parents and my sister.


















First and foremost, I would like to express my sincere gratitude to my advisor, Prof.

Yuguang F~I!:_. for his invaluable guidance, encouragement and support with my years in

Wireless Networks Laboratory (WINET). Prof. Fang has guided my path in the past four

years not only with his intellect and knowledge, but also with thoughtfulness about a young

man's personal growth.

Also would like to acknowledge my other committee members, Prof. Shigang Chen,

Prof. Jose Fortes, Prof. Pramod K~hargonekar, and Prof. Sartaj Sahni, for serving on my

supervisory committee and for their help in various stages of my work and career.

Would not be a sane graduate student without a group of great friends. There are

many whom I would like to thank: Xiang Chen, Wei Liu, Byung-Seo K~im, Jianfeng WZ I!!:_.

Shushan Wen, Hongqyiangf Zhai, Xiaoxia HuI I!!:_. Yun Zhou, Chi 21! 1!!:_. Frank Goergfen, Pan

Li, Rongsheng Hul .I!:_. and Feng Chen. I would like to specially acknowledge my former

WINET colleague and good friend, Prof. Wenjing Lou in Worcester Polytechnic Institute,

for her help and encouragement in my journey.

Finally, I owe a special debt of gratitude to my beloved parents and sister. Without

their love and unwavering support, I would never imagine what I have achieved.

















TABLE OF CONTENTS


page

iv

viii

ix

x


ACKNOWLEDGMENTS ..........

LIST OF TABLES ..... . ...._. .

LIST OF FIGURES ..........

ABSTRACT......

CHAPTER

1 INTRODUCTION.

2 ANONYMOUS COMMUNICATIONS IN MOBILE AD HOC NETWORKS .

2.1 Introduction.
2.2 Preliminaries
2.2.1 Basics of ID-Based Cryptography (IBC)
2.2.2 Adversary Model
2.3 MASK( Design ......... ......
2.3.1 Network Model
2.3.2 An....!-, us.. ..s MAC-Layer Communications
2.3.3 A!!...-, usualsI Network-Layer Communications .. ....
2.3.4 Countermeasures against Attacks .. .......
2.3.5 Replenishing Pseudonym/Secret Point Pairs .. ....
2.4 Performance Evaluation
2.4.1 Simulation Setup
2.4.2 Simulation Results
2.5 Related work
2.6 Summary

3 SECURING MOBILE AD HOC NETWORKS WITH CERTIFICATELESS PU
LIC KEYS.


B-


3.1 Introduction ....
3.2 Preliminaries
3.2.1 Notation ...
3.2.2 Related Work.
3.3 Design Goals and System
3.3.1 Design Goals
3.3.2 Network Model
3.3.3 Adversary Model
3.4 IK(M Design .. ..
3.4.1 Overview ...


Models










3.4.2 Network Initialization .
3.4.3 K~ey Revocation.
3.4.4 K~ey Update.
3.4.5 Securingf D-PK(Gs against Pinpoint Attacks
3.4.6 Cis.. .. -!!!; Secret-Sharingf Parameters
3.4.7 Security A!! I1-, -is
3.5 Performance Evaluation
3.5.1 Simulation Setup
3.5.2 Computational Costs.
3.5.3 Comparison in K~ey Revocation
3.5.4 Comparison in K~ey Update
3.5.5 Comparison in Secure Routing .
3.6 Summary


4 SECURE LOCALIZATION IN WIRELESS SENSOR NETWORKS.

4.1 Introduction.
4.2 Vulnerability A! ll .-, -is of Two-Way Time-of-Arrival Localization
4.3 Mobility-Assisted Secure Localization for UWB Sensor Networks ..
4.3.1 Network Model
4.3.2 Overview of SLS
4.3.3 K-Distance: a K-Round Distance Estimation Algorithm
4.3.4 Location Validity Test
4.3.5 Discussion.
4.4 Related Work.
4.5 Summary

5 LOCATION-BASED COMPROMISE-TOLERANT SECURITY MECH-AN I~ils
FOR WIRELESS SENSOR NETWORKS .. ........

5.1 Introduction.
5.2 Preliminaries
5.2.1 Adversary Model
5.2.2 Security Objectives.
5.3 A Location-Based K~ey Management Scheme .........
5.3.1 Pre-Deployment Phase.
5.3.2 Sensor Deployment and Localization
5.3.3 Location-Based Neighborhood Authentication .. ....
5.3.4 Immediate Pairwise K~ey Establishment .. ......
5.3.5 Multi-hop Pairwise K~ey Establishment .. ......
5.4 Effieacy of LBE~s in Attack Mitigation.
5.4.1 CI1** *16 !:- Altering or Rev1~1 I,~in:, Routing Information .. ..
5.4.2 The Sybil Attack
5.4.3 The Identity Replication Attack .. ........
5.4.4 Wormhole and Sinkhole Attacks.
5.5 Location-Based Filtering of Bogus Data
5.5.1 The Bogus Data Injection Attack ..........
5.5.2 Generation and Distribution of Cell K~eys ........
5.5.3 Performing Threshold-Endorsements of Data Reports .. ..











5.5.4 Probabilistic Enroute Filtering of Data Reports ......


5.5.5 E~fieacy and Security A!! 1-, -is .. .. .
5.5.6 Performance Evaluation ......
5.6 Related work ......
5.7 Discussion ......
5.8 Summary ......

6 ATTACK(-RESILIENT SECURE AUTHENTICATION
LESS MESH NETWORKS ........

6.1 Introduction.
6.2 Preliminaries
6.2.1 Security Requirements of WMNs ..
6.2.2 Attacker Model.
6.3 System Models and Notation
6.3.1 Network Model
6.3.2 Trust Model .........
6.3.3 Notation ..........
6.3.4 Trust-Domain Initialization
6.3.5 Pass Model
6.4 Authentication and K~ey Agreement (AK(A) .


.. 94
.. 97
.. 101
. 104
. 105

AND BILLING IN WIRE-


Inter-Domain Authentication and K~ey Agreement
Intra-Domain Authentication and K~ey Agreement
Client-Client Authentication and K~ey Agreement


6.4.1
6.4.2
6.4.3


6.5 Security Enhancements .. .......
6.5.1 Location Privacy Attack .......
6.5.2 Bogus-Beacon Flooding Attack
6.5.3 Denial-of-Access Attack
6.5.4 Bandwidth-Exhaustion Attack .. ...
6.6 Incontestable Billing of Mobile Users .. ...
6.6.1 Billing Basics
6.6.2 Payment Structures .. .
6.6.3 Making Payments .........
6.6.4 Redemption of Payment Records
6.6.5 Security A!! .1-, -is .........
6.7 Discussion.
6.7.1 %.1\ 11 11i-,i Management
6.7.2 Public-K~ey vs. Symmetric-K~ey Cryptography
6.7.3 Incremental Deployment .......
6.8 Summary

7 CONCLUSION AND FUTURE WORK .. ....


REFERENCES. .......... .........

BIOGRAPHICAL SKETCH


















LIST OF TABLES
Table page

2-1 Processing timings of cryptographic operations. .. ... .. 25

31 Notation ......... . .. .. 34

3-2 Timings of primitive operations . ..... .. 54

3-3 Comparison of key revocation time ...... .... . 54

3-4 Comparison of key update (t = 5) . .... .. 55

3-5 Comparison of key update (t = 10) ...... .... . 55

4-1 The K-Distance algorithm. ......... ... .. 67

4-2 Testing if a point is inside a |B|-vertex p..El~:_on. ... .. .. .. 70


















LIST OF FIGURES
Figure page

2-1 An.....us.... sII route discovery with a route reply generated by the destination
A.4. ............. ........... 16

2-2 A!!l..!.. !!!sual hop-b-, -1!s .p packet forwarding from A.1 to A.4. .. .. .. .. 20

2-3 The comparison between MASK( and AODV. ... ... .. 27

3-1 Average route discovery delay. ....... ... .. 58

3-2 Average data packet delay. ......... .. .. 59

3-3 Packet delivery ratio. ......... .. .. 59

3-4 Average routing load. ......... .. .. 60

4-1 An exemplary two-way ToA localization process, where anchors A, B, C are
determining the location of sensor S. ..... .... . 63

4-2 The topology of an exemplary distance enlargement attack. .. .. .. .. 64

4-3 The time plot of the challenge-response process. .. .. .. .. 67

4-4 Location validity test with three anchors. .... ... .. 69

5-1 Node deployment model. ......... .. .. 89

5-2 The p.. .1 .1 il i ,i p, of filtering one bogus report as a function of the sampling
probability p, and the number p of hops a bogus report travels. .. .. 95

5-3 The comparison of Esum and Eium, as a function of the bogus traffic ratio p,
where ( = 50 and the optimal p,'s are used. ... .. .. .. 98
5-4 Th omaiono Eu ndEu as a function of the bogus traffic ratio p,

where ( = 50 and non-optimal p,'s are used. .. .. . .. 100

5-5 The comparison of Esum and Eium, as a function of the average path length
(, where p = 2 and p, = 0.2. . ..... .. 101

6-1 A typical three-tiered wireless mesh network architecture. .. .. .. .. 107

6-2 An exemplary 5-by-5 hierarchical one-way hash chain. .. .. .. .. .. 127

6-3 An exemplary p~ I, !!!. !!r structure (m 3 3, t 3 2). .. .. .. .. 136
















Abstract of Dissertation Presented to the Graduate School
of the University of Florida in Partial Fulfillment of the
Requirements for the Degree of Doctor of Philosophy
SECURITY IN HETEROGENEOUS WIRELESS AD HOC NETWORKS:
CHALLENGES AND SOLUTIONS

By

Yanchao Zhang

August 2006

Chair: Yuguang Fang
M .iI..r Department: Electrical and Computer Engineering

Wireless ad hoc networks have been widely accepted as an indispensable component of

next-generation communication systems to facilitate ubiquitous network access. Although

offering significant benefits, they also provide unique security challenges over their wired

counterparts. Of note are the issues associated with the open network architecture, shared

wireless medium, stringent resource constraints, high network dynamics, lack of trusted

authorities, and so on. In this dissertation, we aim to address a number of challenging

security issues in heterogeneous wireless ad hoc networks, spanning mobile ad hoc networks

(MANETs), wireless sensor networks (WSNs), and wireless mesh networks (WMNs).

Our contributions are mainly fivefold. First, we propose an I!!...-, !!!a ..s on-demand

routing protocol (j!.\sl() to deal with malicious eavesdropping and traffic ..I! I1-, attacks

against MANETs deployed in hostile environments. Second, we design a secure, scalable

ID-based key management scheme for MANETs to enable flexible public-key services with-

out reliance on conventional public-key certificates. Third, we devise a secure localization

scheme to ensure secure location estimates in WSNs despite malicious attacks. Fourth, we

develop a suite of location-based, compromise-tolerant security mechanisms for WSNs. Last,

we present an attack-resilient secure authentication and billing architecture for WMNs.
















CHAPTER
INTRODUCTION

Recent years have witnessed a surge of research and development for wireless ad hoc

networks. Unlike conventional infrastructure-supported wireless networks, wireless ad hoc

networks feature rapidly-deployable, self-organizing, self-maintaining capabilities and can

be formed on the fly without relying on any existing infrastructure. In such a network, each

node functions not only as an end host but also as a router forwarding packets to and from

other nodes to enable otherwise impossible multi-hop communications. Wireless ad hoc

networks are naturally well-suited for application scenarios where fixed infrastructures are

often not available or reliable, while fast network establishment and self-maintenance are a

must. As such, they have been widely accepted as an indispensable part of next-generation

communication systems to facilitate ubiquitous network access.

In general, wireless ad hoc networks can be classified into two categories, mobile ad hoc

networks (MANETs) and static ad hoc networks. The former comprise network nodes that

are free to move about randomly and organize themselves arbitrarily. Exemplary application

scenarios of MANETs include tactical military operations, homeland security, emergency

disaster relief and rescue, and so on. Most recently, MANETs have been extended to general

civilian contexts and are often referred to as wireless mesh networks (WMNs) [1], where

mobile users can access the network either through a direct wireless link to a wireless access

point (AP), or through a sequence of intermediate users to an AP that is too far away to

reach. By contrast, static ad hoc networks mainly consist of stationary nodes, that is, fixed

at where they were deployed. The most significant example of this later type is wireless

sensor networks (WSNs) [2], which have attracted extensive attention in both academia

and industry for their broad potential not only in military and homeland security scenarios

but also in general civilian settings.

While offering significant benefits, wireless ad hoc networks are also vulnerable to

unique security challenges as compared to their wired counterparts. Roughly ;1t Ilne:_










risks in wireless ad hoc networks are equal to the sum of the risks of operating a wired

network plus the new risks introduced by weaknesses in wireless protocols. Some of the

major security challenges that a wireless ad hoc network faces include the following:


All old threats to a conventional wired network apply to a wireless ad hoc network.
The shared wireless medium facilitates passive eavesdropping on data communications
and active bogus message injection into the network by attackers.
Early protocol design for wireless ad hoc networks all assumed a friendly and coop-
erative environment. As such, many wireless protocols have inherent security flaws.
Mobile devices are subject to phs!- -i I1 theft or loss, leading to insider attacks launched
by attackers harnessing confidential information extracted from stolen devices.
Intrusion detection is far more difficult, mainly because it is hard to differentiate
anomalies caused by characteristics of wireless channels and those caused by attacks.
There is often lack of an on-line centralized authority or administration.
Mobile devices usually have stringent resource constraints and thus cannot afford
resource-hungry security protocols.

How to model node misbehavior is an essential component in any security protocol

design, as a decent solution designed under one misbehavior model may be less effective

or even completely invalid under another one. In this dissertation, we classify misbehaving

nodes into two classes: malicious and selfish. The objectives of the former are to attack

the proper network operations without consideration of their own gains. Adversarial nodes

often existing in military ad hoc networks are typical examples of such malicious nodes. By

comparison, selfish nodes can be characterized by the intention of maximizing their own

gains or collective gains with collusive nodes from the network community while minimizing

their contributions to it. Selfish nodes are less likely to exist in single-authority-like ad hoc

networks such as military MANETs and WSNs, but are very likely to be present in general

civilian ad hoc networks where nodes may have conflicting interests. For example, in a

WMN, nodes may be reluctant to forward packets to and from the AP for others in order

to save their own resources such as battery life, CPU cycles, or available network bandwidth

[3, 4].

This dissertation contributes to developing novel solutions to a number of challenging

issues in heterogeneous wireless ad hoc networks, involving either malicious nodes or selfish

nodes or both, which are either ignored or not well addressed in the literature. The rest of

this dissertation is structured as follows.










Chapter 2 considers passive eavesdropping and the Illllille~llin~ i:_ attacks launched

against MANETs deployed in hostile environments. To deal with such attacks, we propose

a novel.l!!. ...-, us.. .sI on-demand routing protocol, termed MASK(, which can accomplish both

MAC-layer and network-layer communications without disclosing real IDs of participating

nodes under a rather strong adversarial model. MASK( offers the .... ...-, un!ir-,i of senders, re-

ceivers, and sender-recipient relationships, as well as node unlocatability and untrackability

and end-to-end flow untraceability. It is also resistant to a wide range of attacks. Moreover,

MASK( preserves the high routing efficiency as compared to previous work.

Chapter 3 studies key management, a fundamental problem in securing MANETs. We

present IK(M, an ID-based key management scheme as a novel combination of ID-based

and threshold cryptography. IK(M is a certificateless solution in that public keys of mobile

nodes are directly derivable from their known IDs plus some common information. It thus

eliminates the need for certificate-based authenticated public-key distribution indispens-

able in conventional public-key management schemes. IK(M features a novel construction

method of ID-based public/private keys, which not only ensures high-level tolerance to

node compromise, but also enables efficient network-wide key update via a single broadcast

message. We also provide general guidelines about how to choose the secret-sharing param-

eters used with threshold cryptography to meet desirable levels of security and robustness.

The advantages of IK(M over conventional certificate-based solutions are justified through

extensive simulations. Since most MANET security mechanisms thus far involve the heavy

use of certificates, we believe that our findings open a new avenue towards more effective

and efficient security design for MANETs.

Chapter 4 explores secure localization in WSNs. The proper operations of many sen-

sor networks rely on the knowledge of ph!~-il II sensor locations. However, most existing

localization algorithms developed for sensor networks are vulnerable to attacks in hos-

tile environments. As a result, attackers can easily subvert the normal functionalities of

location-dependent sensor networks by exploiting the weakness of localization algorithms.

In this chapter, we first ..I! I1-,... the security of existing localization techniques. We then

develop a mobility-assisted secure localization scheme for WSNs.










Chapter 5 introduces a suite of location-based compromise-tolerant security mechanisms

for WSNs. Node compromise is a serious threat to WSNs deployed in unattended and hostile

environments. To mitigate the impact of compromised nodes, we design a few location-

based compromise-tolerant security mechanisms. Based on a new cryptographic concept

called pairing, we propose the notion of location-based keys (LBE~s) by binding private

keys of individual nodes to both their IDs and geographic locations. We then develop

an LBK(-based neighborhood authentication scheme to localize the impact of compromised

nodes to their vicinity. We also present efficient approaches to establish a shared key

between any two network nodes. In contrast to previous key establishment solutions, our

approaches feature nearly perfect resilience to node compromise, low communication and

computation overhead, low memory requirements, and high network scalability. Moreover,

we demonstrate the efficacy of LBE~s in counteracting several notorious attacks against

sensor networks. Finally, we propose a location-based threshold-endorsement scheme, called

LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of

bogus data into the network. The utility of LTE in achieving remarkable energy savings is

validated by detailed performance evaluation.

Chapter 6 presents a secure authentication and billing architecture for WMNs which are

finding ever-growing acceptance as a viable and effective solution to ubiquitous broadband

Internet access. This chapter addresses the security of WMNs, which is a key impediment to

wide-scale deployment of WMNs, but thus far receives little attention. We first thoroughly

identify the unique security requirements of WMNs for the first time in the literature. We

then propose UPASS, the first known secure authentication and billing architecture for

WMNs. In contrast to a conventional cellular-like solution, UPASS eliminates the need

for establishing bilateral roaming agreements and having realtime interactions between po-

tentially numerous WMN operators. With UPASS in place, each user is no longer bound

to any specific network operator, as he or she ought to do in current cellular networks.

Instead, he or she acquires a universal pass from a third-party broker whereby to realize

seamless roaming across WMN domains administrated by different operators. UPASS sup-

ports efficient mutual authentication and key agreement both between a user and a serving

WMN domain and between users served by the same WMN domain. In addition, UPASS










is designed to be resilient to a wide range of attacks. Morever, the incontestable billing of

mobile users is fulfilled through a lightweight realtime I!!i !**..:.. ni !! protocol built on the

combination of digital signature and one-way hash-chain techniques.

Finally, Chapter 7 concludes this dissertation and points out some future work.
















CHAPTER 2
ANONYMOUS COMMUNICATIONS IN MOBILE AD HOC NETWORKS

2.1 Introduction

Mobile ad hoc networks (MANETs) are infrastructureless, autonomous, stand-alone

wireless networks that are receiving growing attention from both academia and industry.

In this chapter, we are concerned with MANETs deployed in hostile environments, such

as those facilitating large-scale theater-wide communications or relatively small-scale com-

munications in MOUT (Military Operations on Urban Terrain). It is obvious that robust

security support is indispensable for the proper functioning of such MANETs.

The shared wireless medium of MANETs introduces abundant opportunities for passive

eavesdropping on data communications. This means that, without ph1-, -il I11-, compromis-

ing a node, adversaries can easily overhear all the MAC frames "flying in the air," each

typically including .l Although end-to-end

and/or link encryption can be enforced to prevent adversarial access to data contents, for

any observed frame, adversaries can still learn not only the network and MAC addresses of

its local transmitter and receiver, but also the network addresses of its end-to-end source

and destination. Such MAC and network address information is currently left bare with-

out protection in the de facto MAC protocol IEEE 802.11 and existing MANET routing

protocols such as AODV [5] and DSR [6].

The leakage of MAC and network addresses may result in a number of severe conse-

quences. First of all, it would facilitate adversarial traffic I!! I1-, -is run to infer network



SWe use the terms p~ II 1:- I" and lI I!!!, s" interchangeably in this chapter.










traffic patterns and/or traffic pattern changes.2 In a tactical military MANET, an abnor-

mal change of the network traffic pattern may indicate a forthcoming action, a chain of

commands, or a state change of network alertness [7]. Its disclosure to adversaries would

thus lead to the failure of urgent military actions. In addition, adversaries are able to

trace any packet backward to its original source or forward to its final destination. This is

also undesirable because in many cases packet sources are critical nodes such as captains

or majors, while packet destinations are nodes commanded to carry out certain military

operations. Moreover, adversaries can locate individual nodes and track their movements.

This is extremely dangerous in that adversaries can easily identify critical network nodes

and then launch directed attacks on them. Most previous proposals such as Ariadne [8] and

ARAN [9] aim to deal with active attacks, which usually involve the launch of denial-of-

service (DOS) or other more i; !-!1.h ," Iooressive attacks on the target network. By contrast,

the aforementioned attacks belong to the category of once-passive-then-active attacks, or

passive attacks for short, which are more subtle, n oi l-!1.1. ," and difficult to detect before

severe damage actually occurs. In this chapter, we seek efficient solutions to such more

dangerous passive attacks.

For ease of presentation, we use the notion "network ID" (or simply "ID") to indicate

both the MAC and network addresses of a mobile node, which should be understandable

from the context. We also define I!!. ...-, !!!!I-,i" as the privacy preservation of network IDs

of mobile nodes and their group membership information, e.g., belonging to nation A or B,

or affiliated with battalion 1 or 2. Although less intuitive, the privacy of node affiliations

is as important as that of node IDs in many security-sensitive environments. For example,

suppose a coalition force of multiple nations is dispatched to carry out a common military

mission. Soldiers of the same nation can form an exclusive MANET among themselves

and thus there would co-exist multiple MANETs in the battlefield. In this case, each node




2 A network traffic pattern consists of triplets rate>, each describing one flow. A flow can be an end-to-end network flow, then the
address fields are the network addresses of an end-to-end source and destination pair. It
can also be a local link flow, then the address fields are the MAC addresses of a local
transmitter and a receiver.










may want to avoid unnecessary exposure of both its ID and nationality because adversaries

or terrorists may perform selective directed attacks according to not only IDs but also

nationalities. As demonstrated in Section 2.3.2, conventional cryptographic techniques such

as Diffe-Hellman key exchange [10] cannot satisfy this I!!u al-, !!!r-,i requirement and thus fail

to withstand passive attacks.

We observe that passive attacks are feasible for two reasons: (1) each node can be

uniquely identified by its network ID, and (2) each node uses the invariant network ID

in both MAC-layer and network-layer communications. Motivated by this observation, we

propose to thwart passive attacks by designing .I!!...-, !!!a .IIs communication protocols. The

fundamental purpose is to realize both efficient MAC-layer and network-layer communi-

cations, while I!!...-, !!in i. 11. all the involved nodes, therefore effectively defeating passive

attacks.

The contribution of this chapter is the design of a novel .I!!. ...-, us.. ..s on-demand rout-

ing protocol, called MASK(, which can simultaneously achieve .l!!....-, us.. ..s MAC-layer and

network-layer communications. The novelty of MASK( lies in the use of dynamic pseudonyms

rather than static MAC and network addresses. MASK( offers both sender and receiver

anonymity as well as sender-receiver relationship anonymity.3 Specifically, although ad-

versaries might observe a packet transmission, they cannot determine real network IDs of

its sender and receiver, nor can they decide if (or when) any two nodes in the network are

communicating. In addition, MASK( ensures node ;, ii/...~rilleilul and :,,,ir,;. 1,;&////.:I:. meaning

that, although adversaries might know some real network IDs and/or group memberships,

they are unable to decide whom and where the corresponding nodes are in the network.

Moreover, MASK( guarantees end-to-end flow :n,,;I~~~I.:.;1I//;. which means that adversaries

cannot trace a packet forward to its final destination or backward to its original source, nor

can they recognize packets belonging to a same ongoing communication flow. Furthermore,

MASK( is as efficient as classical routing protocols such as AODV [5], which is confirmed by




3 For a given packet, a sender can be its original source or local transmitter, and a receiver
can be its final destination or local receiver.










detailed simulation results. It can also withstand a variety of attacks, e.g., message coding,

flow recognition, and timing .l!! II, -i-

2.2 Preliminaries

2.2.1 Basics of ID-Based Cryptography (IBC)

IBC [11] is receiving extensive attention as a powerful alternative to traditional certificate-

based cryptography (CBC) and serves as one of the cryptographic foundations of this dis-

sertation. The main idea of IBC is to make an entity's public key directly derivable from his

publicly known identity information such as his email address. IBC thus completely elimi-

nates the need for public-key distribution realized via conventional public-key certificates.

Although the idea of IBC dates back to 1984 [11], only recently has its rapid development

taken place due to the application of the pairing technique outlined below.

Let GI denote a cyclic additive group of some large prime order q and G2 a cyclic

multiplicative group of the same order. Assume that the Discrete Logarithm Problem

(DLP) is hard4 in both GI and G2. For us, a pairing is a map 8 : G x GI G2~ with the

following properties:

1. Bilinear: V P, Q, R, S E GI,


8(P + Q, R + S) = 8(P, R)8(P, S)8(Q, R)8(Q, S). (2.1)


Consequently, for V a, b e ~, we have


&(aP, bQ) = &(aP, Q)b = 8(P, bQ)a (p, )ab


2. Non-degenerate: If P is a generator of GI, then 8(P, P) E F*, is a generator of G2-

3. Computable: There is an efficient algorithm to compute 8(P, Q) for all P, Q E Gi.

Note that & is also symmetric, i.e., 8(P, Q) = 8(Q, P), for all P, Q E GI, which follows

immediately from the bilinearity and the fact that GI is a cyclic group. Modified Weil

[12, 13] and Tate [14] pairings are examples of such bilinear maps for which the Bilinear


4 t is computationallyi infneaible to extract the integenr ae Z {a|1 4 a 4; q -1}, given

P, Q E GI (respectively, P, Q E G2) such that Q zP (respectively, Q P")










D.:TS -Hellman Problem (BDHP) is believed to be hard. That is, it is believed that, given

< P, zP, yP, zP > for random z, y, z EZ~ and P E GI, there is no algorithm running in ex-

pected polynomial time which can compute e(P, P)"Zy E G2 with non-negligible probability.

We refer to Boneh and Franklin [12, 13] and Barreto et al. [14] for a more comprehensive

description of how these pairing parameters should be selected in practice for efficiency and

security.

2.2.2 Adversary Model

We assume that adversaries can collaborate to passively monitor every radio transmis-

sion on every communication link. In addition, they may compromise any node in the target

network to become an internal adversary. However, we postulate that passive adversaries

cannot compromise an unlimited number of nodes. Neither can they have unbounded com-

putational capabilities to easily invert and read encrypted messages and break the BDHP

assumption. Otherwise, it is believed that there is no workable cryptographic solution.

2.3 MASK Design

In this section, we elaborate the design of MASK(. We start with describing the net-

work model and then discuss how to achieve single-hop MAC-layer communications. Sub-

sequently, we present an on-demand routing protocol to realize !!..... 1mun IIs network-layer

communications. After that, some countermeasures against attacks and a security enhance-

ment based on the secret-sharing technique [15] are introduced.

2.3.1 Network Model

We consider a general case that there co-exist multiple MANETs, each comprising

nodes of the same group. For simplicity, we use a capital letter, such as A, B, or C, to

indicate each MANET and the group it corresponds to. The concrete meanings of groups

may vary across different application contexts. For example, each group or the related

MANET may be related to a troop of a different nation, or a different company or battalion

in the same brigade. Hereafter, we will utilize network A as an example to illustrate our

MASK( design. We denote by A.i the ith node of A for 1 ( i ( NA, where NA is the

number of nodes in A. We assume that each A.i has a unique non-zero network ID IDAi.i










As discussed before, both IDA~i and node A.i's membership in A should be well protected

from adversaries.

Prior to network deployment, a trusted authority (TA) who himself/herself does not en-

ter the network first determines the pairing parameters (q, GI, G2, 8) along with a group-wise

masteI~rL key gA eZ ,. The TA then chooses two collision-resistant cryptographic hash func-

tions: H1, mapping strings to non-zero elements in GI, and H2, mapping arbitrary inputs

to fixed-length outputs, e.g., SHA-1 [16]. Public --, -r. ill parameters < q, GI, G2, 8, H1, H2

are preloaded to each A.i. By contrast, gA should be well safeguarded from unauthorized

access and never be disclosed to ordinary group members dispatched to execute dangerous

military actions.

In MASK(, nodes substitute pseudonyms for real IDs in communications. If a node

uses one pseudonym all the time, it will not help to defend against passive attacks we have

in mind, because the pseudonym will be I!! I1-, .~ .1 the same way as its real ID. Therefore,

each node should use dynamic pseudonyms instead. For this purpose, the TA furnishes

each A.i with a sufficiently large set PSA~i = {PS |,1 ( k ( |pSA~i|} of collision-resistant

1.-'''i ...lun !!-T A pseudonym can be any type of string and collision-resistance means that

all the pseudonyms are different from each other. In addition, each A.i is armed with

a corresponding secret point set as SpA~i = {SP),}) = {gAH1(PS~, ) e Gi (1 ( k (

|pSA~i|). Due to the difficulty of solving the DLP in GI (cf. Section 2.2.1), given any

< PS~,, SP~~ > pair, it is impossible to deduce gA with non-negligible probability.

2.3.2 Anonymous MAC-Layer Communications

In this subsection, we discuss how to achieve .I!!...-, us.. ..s single-hop MAC-layer com-

munications through an .I!!...-, us.. ..s neighborhood authentication protocol.

Anonymous neighborhood authentication. A h ae-s..--:....s..

authentication allows two neighboring nodes of the same group to identify each other se-

. c. He in the sense that each party reveals its group membership to the other only if the

other party is also a group member. This notion bears similarity to the concept of secret


5 If X is a set, |X| means its cardinality.










handshakes introduced by Balfanz et al. [17]. As an example, node A.i might want to

authenticate itself to a neighboring node z, but only if a is also a member of group A.

In addition, if a does not belong to A, the authentication protocol should not help z in

determining either the real ID (IDA~i) of A.i or whether A.i is a member of A or not.

As mentioned in [17], realizing I!!...-, us.. ..s authentication (or secret handshakes) requires

new cryptographic protocols since it cannot be easily accomplished through existing cryp-

tographic tools. For example, authentication techniques based on public-key certificates,

such as authenticated two-party Diffe-Hellman key exchange [10], may inevitably disclose

either real IDs of mobile nodes or their group memberships or both, which are either im-

plied or explicitly embedded in public-key certificates. For instance, for its certificate to be

verified, a node has to tell the other party the authentic public key of the CA (Certificate

Authority) that generates its certificate. Obviously, this would cause the exposure of that

node's group membership, i.e., from which CA it obtains the certificate, no matter whether

the other party belongs to the same group or not. In the following, we illustrate a pairing-

based .I !!. ..-, us.. ..s neighborhood authentication protocol, which is an extension of the secret

handshake scheme introduced in [17] to MANETs.

Without loss of generality, below is shown the authentication process between nodes

A.1 and A.2, where || denotes message concatenation.

A.1 A.2 : PS)7,, ni

A.2 A.1 : PS~, .2, V2 21 = H2(n I1 n2 || 0 || K2,1)

A.1 A.2 : V12 = H2(n I1 n2 || 1 || K1,2)

A.1 starts the protocol by pulling out from PSA.1 an unused pseudonym PS) and locally

broadcasts a MAC frame including PS)~ and a random nonce nl. Upon seeing the request,

A,.2 alsoV drawsY1 anI unIusd, pseudonym PS1 .2 from pSA.2 and then generates a master key as

K2,1 = 8(H1(PSi,), SP).2). After that, A.2 locally broadcasts a reply frame consisting of

PSi2,, a random nonce n2, and a value V2,1 shown above. Upon reception of the reply from
A.2, node A.1 calculates a master key as K1,2 = (H(S 2) P)7)a wllad hek

Gi2,1 H2(a I1 a2 || 0 || K1,2~). According to Eq. (t2.1) and the symmetric property of b, if










and only if both nodes are affiliated with the same group A, could they have

K21= 8(H1(PSi z,), H1(PS 2,))9A

= 8(Hi(PSUA.2), H1(PS x1))9A =K,

As a result, if the verification succeeds, A.1 knows that A.2 must be an authentic group

peer. To authenticate itself to A.2, A.1 returns a value V1,2 shown above. If V1,2 = H2(n I1

n2 || 1 || K2,1), node A.2 can rest assured that A.1 belongs to the same group A as itself.
Notice that the source and destination addresses of the three involved MAC frames should

both be set to be a pre-defined universal address such as all 1's instead of their real network

IDs (MAC addresses in this case).

After a successful three-way handshake, A.1 learns that there is a trustable group

peer in its neighborhood, but has no knowledge of the real ID except one of the public

pseudonyms of A.2. So does A.2. If the authentication fails, which may occur for instance

when one of them is an adversarial impersonator, the legitimate one reveals nothing but a

pseudonym to the impersonator. In addition, an adversarial eavesdropper learns nothing

more than some seemingly random numbers from the protocol execution.

Since A.1 and A.2 have established a shared master key K1,2 = K2,1, they can proceed

to calculate E pairs of shared session key (N/. 0 ) and link identifier (LinklD) as


kf,2 = H2(l n1 112 | 2sq||K1,2)

LZ,2 = H2 81 82 || I2 sq+ 1 ||K 1s,2

where E is a design parameter, and k and L 1(7(F)idct he7hSe n

LinklD, respectively. The collision-resistance of node pseudonyms, H1 and H2 enSUreS

that such < Skey, LinklD > pairs are also collision-resistant meaning that no identical pairs

would be generated by different pairs of nodes or two same nodes with different pairs of

nonces. In addition, each pair is only known to the two nodes which

established it and there is even no apparent relationship among the pairs

generated by two same nodes under the same pair of nonces. Such < kf,2, LZ,2 > pairS are
to be used in an increasing sequence for subsequent data communications between A.1 and

A.2, as will be explained shortly. Whenever established F pairs are used up, A.1 and A.2










are required to automatically increase both nl and n2 by one a~nd generate new F pairs

using the computationally efficient hash function H2. Of course, A.1 and A.2 should have

a simple agreement so as to synchronize the use of such pairs.

Similarly, each node can achieve .I!!. ...-, us.. ..s mutual authentication and establish pair-

wise shared pairs with all its neighboring nodes. Notice that if multiple

nodes simultaneously answer the same request, possible MAC-layer collisions may occur. In

this chapter, we assume the reliable transmissions of authentication requests/replies, which

can be achieved for instance by using a. ra~ndon1 delay for which each node has to wait before

answering an authentication request.

In our design, we leave the decision when and whether a node wants to initiate the

I!!. ., usua lsI neighborhood authentication to the node itself. Ideally, a node should keep

track of its neighbors at all time and should perform the authentication whenever it moves

to a new place or finds new neighbors. In this case, a neighbor discovery/nlaintanence

niechanisni such as the "Hello" messages used in AODV [5] will be necessary. Notice here

that although the "Hello" messages are transmitted periodically, the authentication is done

only once for each neighbor. A node may also choose not to do the authentication while

it is on the constant and fast movement. Another option is that a node only initiates

the authentication on-deniand, e.g., when it receives a route discovery message from an

unauthenticated neighbor. Authentication purely on-deniand could reduce the overhead

caused by running the neighborhood authentication protocol, while at the same time it

would introduce extra delay on the route discovery process.

We would like to point out that I!!...-, us.. ..s neighborhood authentication would incur

additional computational overhead in contrast to other on-deniand routing protocols such

as AODV and DSR, which do not provide either security or .I!!...ar, !ily gua~ra~ntees. How-

ever, mutual authentication between neighboring nodes is indispensable in MANETs, only

by which one node can reject accepting messages front or forwarding messages for unau-

thenticated neighbors. Otherwise, adversaries can easily inject bogus messages into the

network to deplete scarce network resources as well as interrupting proper network fune-

tionalities. In addition, any two neighboring nodes only need to perform authentication

once and subsequent coninunications can be encrypted and authenticated using efficient










symmetric-key algorithms based on established shared Skeys. It will be shown in Section

2.4 that I!!...-, us.. ..s neighborhood authentication can be implemented efficiently without

much degrading the routing efficiency.

Anonymous MAC frame exchange. Based on established shared

pairs, two neighboring nodes can easily realize ........ -,! li.IIs single-hop MAC-layer commu-

nications. In our design, we replace the transmitter and receiver MAC addresses in a

conventional MAC frame with a single LinklD. In fact, we will see later that the same

LinklD also eliminates the necessity of network addresses. In other words, a conventional

MAC frame changes to in

our scheme.

For example, A.1 sends a MAC frame of format < L:;,2 tak: i >, where {msg}K
stands for a message msg encrypted under key K using any symmetric-key encryption

algorithm such as RC6 [18]. That frame can be heard by all its neighboring nodes, among

which only A.2 will accept the frame because of its unique sharing of L:,2 with A.1. A.2

can decrypt the data with the corresponding Skey ki,2. Similarly, A.2 can reply with a

MAC frame < L ~,2 kcaa,~ >. If the MLAC protocol in use is contention-based, such as
the Distributed Coordination Function (DCF) of the IEEE 802.11, conventional RTS-CTS-~

DATA-ACK( frame exchange is also easy to implement based on pairwise shared LinklDs

to alleviate notorious hidden and exposed terminal problems.

Since real IDs of mobile nodes are kept confidential in u.I s !-, us.. .. s neighborhood authen-

tication and subsequent local MAC frame exchange, we have successfully realized anony-

mous single-hop MAC-layer communications. In other words, local transmitter and re-

ceiver I!!...-, un!ir-,i and their relationship I!!ual-, un!ir-,i have been achieved. Also notice that

our I!!. .!.-, us.. ..s neighborhood authentication protocol ensures both node unlocatability and

untrackability at the same time.

2.3.3 Anonymous Network-Layer Communications

Network-layer communications, most likely multi-hop, rely on routing protocols to find

end-to-end routing paths between any source-destination pair and relay packets in a hop-by-

hop manner enroute from the source to the destination. To realize .I !!. .-, us.. ..s network-layer

communications, we present here an .I!!. ..-, usua lsI on-demand routing protocol, called MASK(,










Reverse route table of A 2 Reverse route table of A 3 Target LinklD table of A 4
dest_1d destSeq ps donmdest_1d destSeq p ho

|IDA4 50 PS'A1 IDA4 50 PS 2




Forwarding route table of A 1 Forwarding route table of A 2 Forwarding route table of A 3
dest_1d destSeq Lin lD Llst Lin lD Llst dest_1d destSeq Link D Llst Link D Llst dest_1d destSeq Lin lD Llst Link D Llst

|IDA4 51 null L62IA 51 2~ L2,3 IIDA4 51 L2, L34 T


Figure 2-1: An..n!-, ne- mI route discovery with a route reply generated by the destination
A.4.


to establish a sequence of pairs between any source and destination pair.

In our MASK(, each node maintains the following data structures:


Forwarding route table: A table consisting of entries of format LinklD-list, next-LinklD)-list>, where dest~id is the real ID of the destination and
destSeq6 is the corresponding node sequence number. The pre-LinkclD-list is the
set of pre-hop LinklDs from which packets destined for dest~id may come, and next-
LinklD-list is the set of next-hop LinklDs to which packets destined for dest~id are
supposed to be forwarded.
Reverse route table: A table consisting of entries of format Ip :,dv ,,:I,>, based on which route replies are relayed back to the source.
Target LinkclD table: A table consisting of selected LinklDs shared with neighbors.
The current node is the final destination (end-to-end) for the packets bearing the
LinklDs in its target LinklD table.

An appropriate timer is associated with each entry of the above tables and an entry should

be recycled when its timer expires.

Anonymous route discovery. Without loss of generality, we illustrate the anony-

mous route discovery process in MASK( using the simple chain topology shown in Fig. 2-1,

where nodes A.1, A.2, A.3, and A.4 are assumed to be using pseudonyms PS) 7 PS),~~ PS".

and PSi~4, respectively, in their current places. To ease the presentation, we further assume




6 The maintenance of node sequence numbers strictly follows the steps defined in AODV










that each node has finished .I!!...-, us.. ..s mutual authentication using the same pseudonym

with all its neighboring nodes and has established shared pairs with them.

Similar to other on-demand routing protocols, our .l!!...-, us.. ..s route discovery starts

from broadcasting route request messages when a node has a packet to a certain destination

but it does not know a path to that destination. An I!!...-, usua lsI route request (ARREQ)

has the format , where dest_id is the real

ID of the destination, 7 ARREQ_id is a globally unique value that uniquely identifies an

ARREQ, destSeq is set to be the last known sequence number for the destination or to be an

unknown flag if needed, and PS,,, is the active pseudonym of the source. To be consistent

with the aforementioned MASK( packet format, a predefined LinklD such as all 1's should

be used to identify the ARREQ, which is not shown for brevity. In the shown example, the

ARREQ takes the form of . When an intermediate

node, say node A.2, receives an ARREQ message for the first time, it inserts an entry into

its reverse route table where this ARREQ comes from, and then rebroadcasts the ARREQ

after replacing the embedded pseudonym PS),1 with its currently-used one, i.e., PS)~.2

ARRE~s with previously seen ARREQ_ids are simply d:!-I !01. 0' This process continues

until all the nodes in the network have rebroadcasted the ARREQ once.

It is worth noting that in the propagation of ARRE~s, the real IDs of the source and

all the intermediate nodes are concealed, while the real ID of the destination has to be

exposed. In traditional on-demand routing protocols such as AODV [5], the destination

itself and any intermediate node which has a valid routing entry to the destination do not

need to rebroadcast the route request message. However, that design allows adversaries to

identify the destination node easily by monitoring the activities at each node every node

broadcasts the routing request once except the destination and/or some nodes having the

routes to the destination. Therefore, in our design, every node, including the destination




SARREQ_id could be generated by *Ii I ll1-,i!:- a collision-resistant hash function like SHA-
1 [16] on the concatenation of a node's pseudonym, sequence number, and a timestamp.

SNote that ARREQ flooding is supposed to be finished in a limited period so that each
node does not need to keep too many old ARREQ_ids.










and qualified intermediate nodes, needs to rebroadcast the ARREQ message once. This

will effectively hide the whereabout of the destination even though adversaries know that

there is such a node, they will have difficulty to match the dest_id (IDA.4 in this case) to

any of the nodes in the network. Note that the overhead introduced by this modification is

minimal in a route discovery protocol using flooding, every node needs to broadcast once

lir-, 1-- -, except the destination and qualified intermediate nodes. So the extra overheard

introduced is only one or a few more transmissions by the destination and the intermediate

nodes which can reply.

An I!!...-, !!nu als route reply (ARREP) can be generated and sent back to the source

at the destination or at any intermediate node which has a valid route to the destination.

Fig. 2-1 demonstrates the case that a route reply is generated by the destination A.4 itself.

Once receiving an ARREQ toward itself, A.4 can generate an ARREP to be unicasted back

to the source following the reverse route established before. In our design, an ARREP

packet is of format , where LinklD is the next

to be used shared between the destination and the pre-hop node from which the ARREQ

comes, and the corresponding Skey is used to encrypt the packet content so that adversaries

cannot recognize that this is an ARREP corresponding to the previously-observed ARREQ.

In the shownl examnpele anl ARRE~P is in the form of < L ;,4 { ARREP, IDA4, 51}kg~ ,4

As noted before, only the intended receiver A.3 will be able to interpret L ~,4 and decrypt

the packet content accordingly. While for a passive eavesdropper, L ~,4 only appears to be
some meaningless random number, and it has no idea of what the packet is about and to

whom the packet is sent. Moreover, A.4 adds L 4P to its target LinklD table. The reason

of inserting L 40 instead of L ,4 is to prevent adversaries from identifying the relationship

between this ARREP packet and subsequent data packets. Later on, when seeing a packet

identified by L4P,, A.4 knows that it is the end-to-end destination of that packet. An

intermediate node can also generate an ARREP if it has one forward route entry for the

dest_id with destSeq equal to or larger than that contained in the received ARREQ. The

node needs to prepare an ARREP packet to be sent to its pre-hop node as well. Different

from the destination, the intermediate node need not modify its target LinklD table. This

case is straightforward and not shown for lack of space.










For a node on the reverse path, say A.3, when receiving an ARREP < L ~,4, { ARREP,

IDA.4, 51}k9. > frOm its next-hop, A.3 will discard it if the embedded destSeq, 51 in this
case, is smaller than that in its reverse route table. Otherwise, A.3 will decrypt the ARREP,

form and transmit a new ARREP < L ,3, {ARREP, IDA.4, 51}k Z~,3 Here is the next to be used pair shared between A.3 and the pre-hop node

"PS).$" (in fact, node A.2) stored in its reverse route table. A.3 also needs to update its
forwarding route table as follows. If it does not have an entry for IDA.4, a new entry will be

created. Or if the entry for IDA.4 has a smaller destSeq than that in the ARREP, the old

entry will be replaced with the new information, i.e., dest~id, destSeq, pre-LinkclD-list, and

next-LinkclD-list will be set to IDA.4, deStSeq in the ARREP, L ~,3, and L ~4, respectively.

If A.3 already has an entry for IDA.4, and the new destSeq in the ARREP is equal to

the old one, it updates the route entry by appending L ~4 and L ~,3 to the next-LinklD)-list

and pre-LinklD)-list fields of its forwarding route entry, respectively. Therefore, MASK<

may simultaneously maintain several next-hop and pre-hop LinklDs for one dest~id (called

virtual multipath f:, .i 11. ,i~ilIlu in this chapter) in the forwarding route table. This operation

is different from that of AODV [5] in which a node suppresses routing replies with the same

destination sequence number. The reason for adopting this design will be stated in the

subsequent subsection. Also notice that LinklDs inserted into forwarding route tables are

I.h-- I-, a next to the ones used to identify the ARREPs so that adversaries cannot correlate

the ARREPs with subsequent data packets. The above process continues until the ARREP

reaches the source A.1. An exemption in the route reply process is that, in MASK(, since

each node is required to rebroadcast the ARREQ message no matter whether it replies or

not, the ARREPs coming back to an intermediate node which replied before may present

inconsistent state information that may cause routing loops. Therefore, we require that

the intermediate nodes which have already replied ignore the route replies with the same

destSeq.

Notice that in the route reply process, all the ARREP packets are encrypted and

identified by the LinklDs which are only interpretable by the intended local receivers. A

passive eavesdropper might see discrete transmissions everywhere but it will not be able to

tell the content of a particular transmission, neither can it tell who is transmitting and who











A. 53 66 Target LinklD table



23,3





soucedueto he ......, us..negbroo uhetcton htitcnler sth Do




Anonymous packet forwarding. The packet fowrigi AKi oelk

vita igrcuit : switching press ByI looking up! ~in thek forwarding froute. tabe thesorc

pics aracivnd. om LinklD rom thverr nt-ikl-ls fipelins th eie en try fr te dersetination A

paucket is to hen formed- and~ settote et-o neighbors ateictin hat shca lare s the hse LinlD

Ahdsinotedbeore, au packt wish ofd format ,ie where the datapatcarries othe


prtool ndmu applcaetio datwa.dng Depenkt ding on diffren aplcainsh data part can


bera ecirypte and atchentircaeds by the keyg corepondn g to thwrdnre LinklD. When seeing


itk toon randomly selected from its next-LinkclD-list field of the nr forwaredesingroute enr

inke wich then eombded LinkD mantcthes one -of teiheo value ine the pr-LnlDlst. LnIt he

re-unicatsd thefo packet tsof thcosennet hop.ID Followinge thispoessa packt canre finally

preachl the destination whic wil terminat the frading whent fpindting the LinklDr ianit



An examypled ofd ...auth licatn packe et forwrdig sdpictd in t h FigkI. 22inwhich setin

ofh forwarding links (dnoted bydirectional solidines thae ebeden established ea chlabgele


LinklD-Lit randol eet fm s next-LinklD-Llist fields of its forwarding route entryfothdeinin










A.4, respectively. As we can see, due to the random selection of next-hop LinklDs at each

intermediate node, MASK( has the nice ',dG.- mining property that packets of the same

flow may travel through different paths to the destination. This makes it more difficult

for adversaries to correlate observed radio transmissions to acquire actual network traffic

patterns. It also increases the difficulty of adversaries in tracing a packet enroute from its

original source to the final destination. The shortcoming is that, MASK( does not I.h-- I-, a use

the best path, e.g., the shortest-hop path, for packet forwarding, so it may introduce extra

delay and/or delay jitter. However, for security-sensitive MANETs demanding ..I!!u a-, !!!iry

protection, we argue that this tradeoff of routing efficiency for I!!. ...-, un!iry is acceptable. In

addition, we will see in Section 2.4.2 that such random packet forwarding can help improve

the routing performance under heavy traffic load.

When all the next-hop nodes for one destination become unavailable due to mobility

or other reasons, a node needs to locally broadcast an I!!...-, us.. ..s route error (ARRER)

packet of format to inform its up-stream nodes, which is again

identified by a predefined universal LinklD including all 1's. Any neighboring node which

has one of the LinklDs in the received pre-LinkclD-list should remove it from the next-

LinklD-list field of its corresponding forwarding route entry. If its own next-LinklD)-list

becomes empty as well, it should also broadcast a similar ARRER packet. When the source

has no available next-hop LinklDs for the destination, it should restart the .I!!...-, us....s~

routing discovery process.

2.3.4 Countermeasures against Attacks

U~p to now, we have described the basic operations of MASK( with a focus on how to

provide I!!. ...-, un!ir-,i in neighborhood authentication, route discovery, and packet forwarding.

In what follows, we describe some security enhancements and discuss more attacks that

MASK( is able to defend against.

Message coding attack. The M~essage coding attack happens when adversaries can

easily link and trace some packets that do not change their contents or lengths during

transmission. Two countermeasures are designed in MASK( to cope with this kind of attack.

First, random padding on every forwarded packet is used by intermediate nodes to prevent

from the attack resulting from the fixed packet length. Intermediate nodes can randomly










adjust the length and content of the random padding. Second, the per-hop link encryption

method through established pairwise Skeys can be used in MASK( as well. The purpose

here is to make the same packet appear quite different across links.

Flow recognition and message replay attacks. The Flow recognition attack oc-

curs when adversaries can recognize packets related to a same communication flow. Notice

that, in MASK(, a same packet bears completely different and uncorrelated LinklDs when

transmitted across different hops. Therefore, it is not possible to trace a packet by its

LinklD. However, if the packets belonging to a single flow I.h-- I-, a use the same LinklD at a

same hop, adversaries may obtain some useful information. Fortunately, the aforementioned

random packet forwarding can partially mitigate this attack. In fact, an intermediate node

works as a multiplexer which takes inputs from multiple pre-links, mixes them together,

and sends them out to multiple next-links. In addition, we request that two neighboring

nodes automatically change their currently-used shared LinklD either on a per-packet basis

or periodically. In doing so, MASK( leaves adversaries a dynamic set of LinklDs for the

same flow and at each hop. Moreover, dynamic LinklDs at each hop effectively thwart the

message ,a Iplan attack in which adversaries replay an old packet repeatedly to reorganize

the packet forwarding pattern.

Timing analysis attack. Suppose adversaries can divide the monitored area into

small cells. They might ascertain that one source or destination exists in one cell by

observing that no packets go into or come out of that cell while some packets come out of

or go into that cell during a certain time interval. In addition, adversaries might guess that

two consecutive radio transmissions belong to the same communication flow. These attacks

belong to the category of the timing analysis attack.

In MASK(, packets transmitted in the air are only identified by seemingly random

LinklDs. When network traffic load is high and every node is busy in transmitting and

r. i~iino_. all the transmissions will be mixed together, which leads to very difficult timing

I!! I1-, -i- However, when the traffic load is light, several precautions need to be taken

against the alleged timing .!! I1-, -is attack. First, when one destination receives a packet

destined for it, it can forge a packet with a fake LinklD and forward it further. By doing

so, it tries to fool adversaries into believing that one observed radio transmission does not










end at the destination. The destination can also use genuine LinklDs to ask its trustful

neighbors to help further enlarge the suspicious area viewed by adversaries. Second, a

packet needs to wait a random amount of time to be forwarded so that an earlier arriving

packet may be forwarded after a later arrival. Last, even without being involved in any

communications, nodes can send dummy packets [19] with fake LinklDs at random intervals

to increase the difficulty of adversaries in determining the originating and terminating areas

of observed radio transmissions. The purpose here is to introduce more randomness of the

radio transmissions so as to conceal the real network traffic patterns, at the cost of increasing

communication overhead.

2.3.5 Replenishing Pseudonym/Secret Point Pairs

In our MASK(, each node is required to use dynamic pseudonym/secret point pairs.

If the network has a rather long lifetime, however, a node may use up the preloaded

pseudonym/secret point pairs sooner or later. If this occurs, a node can reuse old pairs, star-

ing from the first one. This measure can prevent adversaries from continuously tracking the

movement of individual nodes if there are sufficiently many preloaded pairs. Nevertheless,

it may still offer useful attack clues to powerful adversaries adversaries may roughly ascer-

tain the movement of certain nodes by observing that a pre-recorded pseudonym reappears

in certain network location.

To avoid the above situation and ensure strong .I!!...-, un!iry protection, it is necessary

to introduce the TA functionality into the network whereby mobile nodes can get replenish-

ment of pseudonym/secret point pairs. Since using a single TA is vulnerable to single point

of failure, we propose to employ Shamir' secret-sharing technique [15] to enable a more

scalable, secure solution. To do this, the TA executes the following additional operations

when bootstrapping network A:

1. Determine a (t-1)-degree (1 ( t ( NA) polynomial, h(z) = gA CI izi, with

random coefficients ai in Z~ and gA being the group master key.

2. Select n (t ( n ( NA) nodes from A, either without distinction or by considering node

heterogeneity and choosing ph1-, -il I11-, more secure or computationally more powerful

ones. We call these nodes shareholders, denoted by S'F = {SH.k|1 ( k ( n}.

3. Calculate a shares of gA aS 9k, = h(IDSH.k) and assign it to SH.k.










4. C'1!... --- an arbitrary generator We G I and compute a set of share commitments as

SC = {W~l'ub= 9k~let ~|1 4k ~ n}.
S'F, SC and W are appended to the public system parameters known to every node.
An interesting fact is that, although each SH.k does not have the full knowledge of gA, any

t of them can collectively construct gA, while any less than t cannot. For example, based

on the Lagrange interpolation, shareholders SH.1, SH.2,..., SH.t can determine gA:


gA = =1 Xiyi, where Xi = 1 IDSHj H DSH.i.(23

During network operation, when a node, say A.1, almost runs out of preloaded pseudonym/secret

point pairs, it can get replenishment by sending a request including the list of desired new

pseudonyms to each of t randomly-picked shareholders. Without loss of generality, assume

that shareholders SH.1, SH.2,..., SH.t are selected by A.1. For each pseudonym PS),1 in

the request, each chosen SH.i, generates a partial secret point SP~I) = giH1(PS "A.) sent

back to A.1. To verify the authenticity of each SP~Il, A.1 needs to check if &(SP) ~, W) =

t(Hi(PS) zA~),Wj~Ub). Notice that, due to Eq. (2.1), the two sides of the equation are equal
to the same value 8(H1(PS) z), W)gi if SP~I) is authentic. As a result, if the verification

fails, A.1 knows that there must be something wrong with SH.i2. For example, the reply

from SH.i, might have undergone transmission errors, or even SH.i, itself might have been

ph1-, -ih I11-, or logically controlled by adversaries. A.1 can then request a new partial secret

point from another unselected shareholder. Once obtaining t authentic partial secret points,

A.1 utilizes Eq. (2.3) to calculate the complete secret point:


SP) 1 =C;X S iS~il = gA I(PS (2.4)

Same as before, node A.1 cannot deduce gi from S" l nete ani bai AfomS"7

due to the difficulty in solving the DLP in Gi. It is worth noting that all the requests and

replies should be end-to-end encrypted and authenticated to prevent from adversarial access
and modification. How to fulfill them is beyond the scope of this chapter.

In terms of the choice of the secret-sharing parameters t, n, we have shown in [20] that,

when t = [ni/2], andr n is equael to either 2 N -21 lor 2 A+ 1 the maxirmum seculrity
can be obtained. Currently, we are investigating proactive approaches to further improve










Table 2-1: Processing timings of cryptographic operations.
Item Processing timings
Tate paring 8.5 ms
SHA-1 18.980 MB/s
Computation of pairs 2.4 ms (for 1000 pairs)
RC6 7.111 MB/s


the security of the proposed scheme, e.g., by dynamically adjusting the shareholder set and

the values of t, a to allow dynamic node join/leave without changing gA while maintaining

the highest level of security.

2.4 Performance Evaluation

In this section, we evaluate the routing performance of MASK( through simulations.

2.4.1 Simulation Setup
We implemecnt AS in rr: GloMOaim [21], a popular network simulator for MANETs,

and the pairing implementation is based on MIRACL library [22]. The bilinear map e we use

is the Tate p 1 1 1 :_. with some of the modifications and performance improvements described

in [12, 14]. We use two security parameters, a 160-bit Solinas prime q = 2159 + 2"7 + 1 and

a 512-bit prime p = 12qr 1 (for some r large enough to make p the correct size). Such

bit-length configurations of q, p can deliver a comparable level of security to 1024-bit RSA

cryptography. The elliptic curve E we use is y2 = 3 + x defined over the finite field F,

(denoted by E(F,)). Then GI is a q-order subgroup of the additive group of points of

E(F,), while G2 is a q-order subgroup of the multiplicative group of the finite field F*,.
In addition, we use SHA-1 [16] as the hash function H2 and RC6 [18] as the encryption

method used for ARREPs and data packets.

We evaluate the computational costs of critical cryptographic operations in MASK( on

a Pentium III 1 GHz processor under Windows 2000. For convenience only, we assume the

lengths of node pseudonyms, random nonces, F, and LinklDs (also Skeys) to be 8, 4, 2,

and 20 bytes, respectively. In fact, the impact of larger lengths on the results is negligible.

From Table 2-1, we can see that the most time-consuming operation is the Tate pairing

required by.....l!1!- muns~II neighborhood authentication. Since the pairing is a relatively new

concept, we anticipate that its evaluation cost will be much reduced with the rapid advance

in cryptography. For example, Barreto et al. [23] recently announce an approach to evaluate










the Tata pairing by up to 10 times faster than previous methods, the implementation of

which is underway.

Also note that the Tate pairing only needs to be performed once for a pair of neighboring

nodes, and then the result can be fed into the fast SHA-1 to compute shared

pairs. Supposing a node maintains 0 = 1000 pairs with each neighbor,

the computation of such 1000 pairs only costs around 2.4 ms. Hence, when two neighboring

nodes run out of the established shared pairs, they can generate new F

pairs instantly. Moreover, the hop-b-, -1! I I. link encryption/decryption operations based RC6

are not time-consuming and can be done in a very fast manner. Therefore, although we

introduce some cryptographic operations into MASK( to provide the desirable .I!!...-, un!iry

property, the resulting computation overhead and end-to-end packet delay are affordable.

The pi',1. -i 1-1 I-,er path loss model is the two-ray model. The radio propagation range

for each node is 250 meters and the channel capacity is 2 Mb/s. The base MAC protocol

used is the DCF of IEEE 802.11, with some modifications according to MASK( operations.

We simulate an ad hoc network with 50 nodes uniformly deployed in a 700x700 m2 square

field. To emulate node mobility, we modify the random waypoint model in GloMoSim

library according to [24] in order to guarantee the convergence of average nodal speed

within the simulation time. In particular, initial speeds of nodes are chosen from the steady-

state distribution, and subsequent speeds uniformly from the designated speed range. In

addition, the pause time is set to be zero, meaning that nodes are 1.h-- .-, a moving. CBR

sessions are used to generate network data traffic and various number of sources are used to

simulate different offered load. All the data packets are 512 bytes and are sent at a speed

of 4 packets/second. Each simulation is executed for 15 simulated minutes and each data

point represents an average of ten runs with identical traffic models, but different randomly

generated u.1 ili r-,i scenarios.

In our implementation of MASK(, we use a fixed delay of 150 ps into each node to mimic

the encryption/decryption processing of ARREPs and data packets with RC6 for simplicity.

The purpose is to withstand the aforementioned message coding attack (cf. 2.3.4). In

addition, the random delay method for data packets to be forwarded is also adopted in each

node to thwart the timing analysis attack (cf. 2.3.4), where the random delay is uniformly


































distributed between [0, 50] ms. Furthermore, we set the maximum number of next-hop

LinklDs maintained for one destination to be three. We compare the routing performance

of MASK( with classical AODV routing protocol [5] with regard to three commonly-used

metrics:(1) Packet delivery ratio (PDR) -the ratio of data packets successfully delivered

to the destination over those generated at the sources; (2) Average end-to-end 1. IAm: of

data packets -this includes all possible delay caused by buffering during route discovery,

queuing delay at the interface, retransmission delay at the MAC, and propagation delay;

(3) Normalized routing load -the total number of routing control packets i uisl.I

for each delivered data packet. Each hop-wise transmission of a routing control packet is

counted as one transmission.

2.4.2 Simulation Results

Fig. 2-3(a) compares the PDRs of MASK( and AODV under different traffic load.

We can see that MASK( has the similar PDR to AODV under normal traffic load (i.e., 20

sources). The slight difference partly comes from the fact that routing request packets in

MASK( have a higher probability of colliding with and causing the dropping of data packets

than those in AODV due to the simple network-wide flooding of ARRE~s in contrast to the

expanding-ring-search method of AODV [5]. Another reason is that data packets in MASK<

are not 1.h-- .-, a routed along the shortest paths due to the random selection of next-hops

at intermediate nodes, which increases the dropping probability of data packets forwarded

along longer paths. However, MASK( outperforms AODV under heavy traffic load (i.e., 40


0 95




S08
"075
-0-AODV 20 source
0 a MASK 20 sources
--AODV 40 source
--MASK 40 sources
0 65
2 4 6 8 10 12
Amerage nodal speed (m/s)

(a) PDR vs. V.


2 9AODV 40 sources
-A MASK 40 sources


i


0 4 AOV2 ore
0 MASK 20 sources ore
-v OV40 sources
0 2 -A AK40 sources

14 16 2 4 6 8 10 12 14 16 2 4 6 8 10 12 14 16
Amerage nodal speed (m/s) Amerage nodal speed (m/s)

(b) Normalized routing load vs. V. (c) Average packet delay vs. V.


Figure 2-3: The comparison between MASK( and AODV.










sources), where packets are more subject to collisions due to the high level of network con-

gestion. The observed advantage mainly results from the aforementioned virtual multipath

effect in MASK(, that is, MASK( may simultaneously maintain several next-hop LinklDs for

one given destination. If one of the next-hops becomes unreachable due to mobility or colli-

sions or other reasons, a packet could still be forwarded through another available next-hop

rather than being dropped as AODV does. Moreover, the random selection of next-hops at

intermediate nodes acts as a load balancing method for evenly distributing the traffic in the

network. For the same reason, MASK( demonstrates comparable or lower routing overhead

than AODV (see Fig. 2-3(b)) because MASK( conducts the route discovery less frequently

than AODV.

In terms of the average packet delay (Fig. 2-3(c)), MASK( behaves worse than AODV

under normal traffic load as a result of the per-hop random delay, the fixed encryp-

tion/decryption delay, and the delay incurred by the Tate pairing operations. Therefore,

there is a tradeoff between the desired packet delay and the level of I!!. ...-, un!ir-,i. However,

under heavy traffic load, both the virtual multipath effect and the processing delay (in-

cluding the above three) introduced into MASK( can help mitigate the possible MAC-layer

collisions, which contributes to the shown advantage of MASK( over AODV in Fig. 2-3(c).

In summary, our MASK( not only achieves the desirable .I!!...-, un!ir-,i without sacrificing

the routing efficiency, but also helps improve it under heavy traffic load.

2.5 Related work

An....!-, us.. .m communication protocols have been studied extensively in the wired net-

works. Chaum [25] defines a layered object that routes data through a chain of pre-deployed

intermediate nodes called mites. Following their work, Reed et al. propose an interesting

Onion routing protocol [26], in which data is wrapped in a series of encrypted layers to

form an onion by a series of proxies communicating over encrypted channels. The state

of the art of wired networks I!!...-, un!ir-,i can be found in [27]. However, the proposals in

the Internet realm cannot be directly applied to MANETs mainly because the prerequisite

pre-deployed infrastructure such as the well-known mixes is often unavailable in infrastruc-

tureless MANETs.










In contrast, there is little work done to address the .I!!...ar, !!!ily problem and related

issues in the context of MANETs. Jiangf et al. explore the use of mixes in MANETs

[28] by designing a mix discovery protocol that allows coninunicating nodes to choose mix

nodes at run time. As noted before, such mix nodes are either unavailable or unreliable

in MANETs deployed in hostile environments. The same authors also propose to prevent

traffic ..I! II1, -is by using traffic p~ ..1.11s:_. i.e., generating duniny traffic into the network [19],

but their work does not aim to enable !!...... !!!u als coninunications. Most recently, K~ong

and Hong propose an I!!ual!, us....s on-deniand routing protocol, called ANODR [29], to

conceal network IDs of coninunicating nodes. Besides the computationally intensive route

discovery process, ANODR is very sensitive to node 1!!. 1.ilir-,i which leads to a low routing

efficiency, as the authors mentioned. By comparison, our MASK( enables an AODV-like

I!!....-, us.. ..s on-deniand routing protocol with high routing efficiency. In addition, MASK(

addresses .I!!...... us.. .. MAC-layer coninunications, which is left untouched in [29].

2.6 Summary

In this chapter, we propose MASK(, a novel .I!!...... usua ls on-deniand routing protocol,

to enable both .I!!...... us.. ..s MAC-layer and network-layer coninunications so as to thwart

adversarial, passive eavesdropping and the resulting attacks. By a careful design, MASK(

provides the .I!!......un!iry of senders, receivers and sender-receiver relationships, as well as

node unlocatability and untrackability and end-to-end flow untraceability. It is also resilient

to a wide range of attacks. Detailed simulation studies demonstrate that MASK( has com-

parably high routing efficiency to classical AODV routing protocol while achieving the nice



This chapter focuses on dealing with passive attacks and thus there are several unad-

dressed issues in the current MASK( design. First,.s..l! so!- us.. ..s neighborhood authentication

in MASK( relies on pairing operations, which currently have similar computational overhead

to conventional public-key operations. Therefore, adversaries might launch active DoS at-

tacks on target nodes by continuously sending a number of bogus authentication requests,

which is a problem any authentication scheme has to face. Second, the routing information

in the current design is only secured against external adversaries. Once becoming internal

adversaries by compromising certain nodes, adversaries can send bogus routing messages










that are difficult to verify by legitimate nodes. Third, although pairing-based cryptography

is an active research topic 1!n -.-- ..1 I-, -. the inmplenientation on low-end devices is still an open

problem.

As the future research, we will first incorporate some intrusion detection capabilities

into MASK( to defend against not only passive attacks but also active DoS-type attacks such

as those mounted on neighborhood authentication. In addition, we will plan to combine

MASK( with other secure routing protocols such as [8, 9] to ensure both routing~l! ..iso, !!!ily

and strong routing security. Finally, we will seek theoretical proofs to show the resilience

of MASK( to rigorous adversarial crypir .I! II, -i-
















CHAPTER 3
SECURING MOBILE AD HOC NETWORKS WITH CERTIFICATELESS PUBLIC
K(EYS

3.1 Introduction

In this chapter, we are concerned with key nlana~genent, the foundation on which to

build any other security niechanisni for MANETs.

Conventional key nlana~genent techniques may either require an online trusted server or

not. The infrastructureless nature of MANETs precludes the use of server-based protocols

such as K~erberos [30]. We therefore focus on discussing serverless approaches from here

on. There are two intuitive syninetric-key solutions, though neither is satisfactory. The

first one is to preload all the nodes with a global syninetric key, which is vulnerable to any

point of conipronlise: if any single node is compromised, the security of the entire network

is breached. Assuming a network of N nodes, the other solution is to let each pair of nodes

maintain a unique secret that is only known to those two nodes. This approach suffers from

three main drawbacks making it also unsuitable for MANETs. First, it lacks scalability

because it is difficult to establish pa~irwise syninetric keys between existing nodes and

I!, ;-.-1-, -i !.1 nodes. Second, securely updating the overall N(N 1)/2 keys in the network

is a nontrivial (if not impossible) task, as the size of the network increases. Last, it requires

each node to store (N 1) keys, which may represent a significant storage overhead in a

large network. Syninetric-key techniques are also coninonly criticized for not supporting

efficient digital signatures because each key is known to at least two nodes. This renders

public-key solutions more appealing for MANETs, which are the theme of this chapter.

There has been a rich literature on public-key nlana~genent in MANETs, see [31, 32,

33, 34, 35, 36] for example. These schemes all depend on certificate-based cryptogra~phy

(CBC), which uses public-key certificates to authenticate public keys by binding public

keys to the owners' identities. A main concern with CBC-based approaches is the need

for certificate-based public-key distribution. One naive method is to preload each node










with all the others' public-key certificates prior to network deployment. This approach can

neither scale well with the increasing network size, nor handle key update in a secure and

cost-effective way. Another approach of on-demand certificate retrieval may cause both

unfavorable communication latency and often tremendous communication overhead, which

will be justified via simulations in Section 3.5.5.

As a powerful alternative to CBC, ID-based cryptography (IBC) [11] has been gaining

momentum in recent years. It allows public keys to be derived from entities' known iden-

tity information, thus eliminating the need for public-key distribution and certificates. This

nice feature has inspired a few IBC-based certificateless public-key management schemes

for MANETs such as [37, 38, 39, 20]. The basic idea is to let some [37, 38, 20] or all network

nodes [39], called shareholders, share a network master-key using threshold cryptography

[15, 40] and collaboratively issue ID-based private keys. There, however, remain many is-

sues to be satisfactorily resolved. First of all, the security of the whole network is breached

when a threshold number of shareholders are compromised. Second, updating ID-based

public/private keys requires each node to individually contact a threshold number of share-

holders, which represents a significant communication overhead in a large-scale MANET.

Third, except our preliminary result in [20], none of existing proposals consider how to

select the secret-sharing parameters used with threshold cryptography to achieve desirable

levels of security and robustness. Last, there is no comprehensive quantitative argument

about the advantages of IBC-based public-key management schemes over CBC-based ones.

In this chapter, we address all the above concerns by devising an ID-based key manage-

ment scheme, called IKM, for special-purpose MANETs administered by a single authority.

MANETs of this type have long been recognized and will continue to be one of the ma-

jor application categories of wireless ad hoc networking techniques. Typical examples are

those deployed in military battlefield operations and homeland security scenarios. Our

major contributions are as follows:


*A novel construction method of ID-based public/private keys. In IK(M, each
node's public key as well as private key is composed of a node-specific, ID-based
element and a network-wide common element. Node-specific key elements ensure
that the compromise of arbitrarily many nodes does not jeopardize the secrecy of










non-compromised nodes' private keys; common key elements enable very efficient
network-wide public/private key updates via a single broadcast message. We also
discuss enfcient key agreement, public-key encryption, and digital signatures based
on such public/private keys.
Determining secret-sharing parameters used with threshold cryptography.
Similar to [37, 38, 39], we apply threshold cryptography to distribute a network
master-key among some shareholders. Different from them, we identify devastating
pinpoint attacks against shareholders and propose the corresponding countermeasure
based on .I!!...-, us.. ..s routing [41]. In addition, we discuss how to choose the secret-
sharing parameters for meeting desirable levels of security and robustness.
Simulation studies of advantages of IKM over CBC-based schemes. By
detailed simulations, we show that IK(M has equivalent performance to CBC-based
schemes, denoted by OKM,~ with regard to key revocation, while behaves much better
in key updates. Furthermore, we demonstrate that IK(M is able to turn an elegant
CK(M-based secure routing protocol [42] into a much more efficient one.

Since most existing MANET security mechanisms rely on the heavy use of certificates,

we believe that our findings open a new avenue towards more effective, efficient security

designs.

The rest of the chapter is organized as follows. In Section 3.2, we define the notation

to be used and survey the related work. Next we present design goals and the network and

adversary models in Section 3.3, followed by a detailed illustration of the IK(M design in

Section 3.4. Then the simulation-based comparative study of our IK(M and CK(M is given

in Section 3.5, and this chapter is finally concluded in Section 6.8.

3.2 Preliminaries

In this section, we first define the notation to be used in the rest of this chapter, and

then survey the related work.

3.2.1 Notation

For clarity, Table 3-1 lists some important notation whose concrete meanings will be

further explained where they appear for the first time.

3.2.2 Related Work

Here we only discuss prior art that is more germane to our work, and refer to [43] for

a more comprehensive survey.

The seminal paper by Zhou and Hass [31] -11:_:_. -rs using CBC and (t, n)-threshold

cryptography [15, 40] in MANETs. Let N be the overall number of nodes and t, a be two

integers Iri-T-, i!!:_. L 4 n < N. In [31], prior to network deployment, the CA's public key is























Table 3-1: Notation
p, q two large primes
GI1, G2 cyclic groups of order q
a pairing s.t. & : GI x GI G ,6
H1 mapping strings to non-zero elements in GI1
the network node set, |9| N
R the D-PK(G set, |0| n
IDA network ID of node A
t, a secret-sharing parameters
g(x) (t 1)-degree polynomial
Av(x)-s Lagfrangfe coefficients
IDA key revocation against node A
KP1, KP2 two distinct network master secrets
W generator of GI1
WP1, WP2 WPi = KP1W E GI1,WP2 = KP2W E GI1
kA,B symmetric key shared between A and B
pi ith key update period, for1 i M
KCA/ --1 node-specific public-key and private-key elements of node A
Kc,i/KC, common public-key and private-key elements in phase pi
salt unique binary string associated with pi
KCA,Pi A,1 public/private keys of node A in phase pi
KP2 the D-PK(G V's secret share of KP2
*Y revocation threshold
F mapping a given node ID to /9 D-PK(G IDs
h hash function such as SHA-1 [16]
{m~lc message m encrypted under key k, with a symmetric-key primitive
[m]l message m with its ID-based signature generated under private key K:










furnished to each node, while its private key is divided into n shares, each uniquely assigned

to one of a chosen nodes called D-CAs hereafter. During network operation, any t D-CAs

can jointly perform certificate generation and revocation based on their secret shares, while

any less than t D-CAs cannot. Yi and K~ravets [34] proposes to select computationally

more powerful and ph1-, -ih I11-, more secure nodes as D-CAs. Both schemes can tolerate the

compromise of up to (t -1) D-CAs so that adversaries cannot reconstruct the CA's private

key, and the failure of up to (n t) D-CAs so that there are 1.h-- .-, R at least t functional
D-CAs.

Different from [31, 34], URSA [32, 36] is a (t, N)-threshold scheme in which each of the

N nodes is a D-CA. The advantage of URSA is the increased service availability in that a

certificate can now be generated or revoked by any t nearby nodes, and URSA can tolerate

the failure of up to (N t) D-CAs. The disadvantage, however, is that the compromise of

any t out of N nodes would expose the CA's private key and thus result in loss of overall

--, -r~i., security [34]. In addition, as noted in [44], URSA is vulnerable to the Sybil attack

[45] because an adversary can take as many identities as necessary to collect enough shares

and reconstruct the CA's private key. Other security problems of URSA are .I!! I1-,.. .1 in

[33, 46].

All the above schemes are based on RSA [47], either explicitly [32, 36] or implicitly

[31, 34, 35]. By comparison, the scheme [33] relies on DSA [48] and threshold cryptography,

and has much worse communication efficiency than RSA-based schemes. The reason is that,

to tolerate the compromise of up to ( 1) D-CAs, the DSA-based scheme needs to contact

(2t 1) D-CAs for generating a new certificate, while RSA-based approaches only involve

t D-CAs [33]. Please refer to [39] for simulation studies of the communication inefficiency

of DSA-based approaches.

The aforementioned CBC-based schemes are all targeted for single-authority MANETs

as what we have in mind. Another notable line of approaches such as [44, 49] is to let each

node act as a CA to issue certificates to other nodes. While maybe suitable for authority-less

civilian networks, they are less fit for single-authority MANETs under consideration.

Despite its attractive features, IBC has not received deserved attention as a powerful

tool to secure MANETs until recently. K~halili et al. [37] -11:_:_. -r using IBC and threshold










cryptography in MANETs, but their work is conceptual. Deng et al. [38] present an ID-

based key management scheme for author' -, -1k m MANETs, thus is less applicable to single-

authority MANETs we aim at. Bohio and Miri [50] propose to use ID-based keys for secure

broadcast, but their work is not intended for efficient key management. Our preliminary

work [20] also addresses the secure application of IBC to MANETs. In addition, Zhang

et al. develop MASK( [41, 51], an IBC-based .I!!...-, us.. ..s on-demand routing protocol for

MANETs.

The closest work to ours is ID-GAC [39], in which Saxena et al. present an elegant

IBC-based access control scheme for ad hoc groups such as MANETs. ID-GAC is basically

a (t, N)-threshold scheme, in which, prior to deployment, each of the N nodes is furnished

with a share of a master-key. Although having high-level service availability as URSA

[36], ID-GAC suffers from the same undesirable security drawback mentioned above. In

contrast, our IK(M is a (t, n)-threshold scheme, similar to [31, 34]. At a first glance, IK(M is

less robust than ID-GAC because it only tolerates the failure of up to (n t) shareholders

instead of (N t) in ID-GAC. However, this also means that IK(M is more secure than ID-

GAC because the fewer shareholders make it feasible to spend more in safeguarding them,

for instance, by enclosing them in high-quality tamper-resistant devices and/or putting

them under better monitoring. In addition, our IK(M incorporates an additional defense

line by making shareholders indistinguishable from common nodes via .I!!...-, us.. ..s routing

[41]. Furthermore, even when t or more shareholders are compromised and the master-key

is exposed, our novel public/private key construction method guarantees that private keys

of non-compromised nodes remain safe. This is in contrast to the overall loss of security

in ID-GAC (see Section 3.4.7). Moreover, achl nonI-c~VI~LIompomse node~ in ID-GAC nee~ds

to individually contact t shareholders for key update. In contrast, our IK(M is much more

efficient in both computation and communication by updating public/private keys of all the

non-compromised nodes via a single broadcast message. As an addition, ID-GAC suffers

from the Sybil attack as URSA, while our IK(M does not.

3.3 Design Goals and System Models

In this section, we present our design goals as well as network and adversary models.










3.3.1 Design Goals

From our point of view, a sound key management scheme for MANETs should sat-

isfy the following requirements. First, it must not have single point of compromise and

failure because mobile nodes deployed in hostile environments are subject to either logical

or phs-i I attacks. Second, it should be compromise-tolerant, meaning that the com-

promise of certain number of nodes does not harm the communication security between

non-compromised nodes. Third, it should be able to efficiently and securely revoke keys

of compromised nodes once detected and update keys of non-compromised nodes. Last, it

should be efficient in terms of storage, computation, and communication, as mobile nodes

are usually very resource-constrained It is worth stressing that communication efficiency is

far more important an issue in MANETs than in wireline networks, as wireless transmission

of a bit can require over 1000 times more energy than a single 32-bit computation (see [52]).

We thus must seek ways to reduce communications related to key management as much as

possible.

3.3.2 Network Model

We consider a special-purpose, single-authority MANET consisting of N nodes, de-

noted by a set notation W (| W| = N). The network size N may be dynamically changing

with node join, leave, or failure over time. Depending on different applications, N may

range from several tens to several thousands or even more. Each node Ae W has a unique

ID, denoted by IDA and assumed to be its network-layer address as usual.

We assume that each node has limited transmission and reception capabilities. Two

nodes out of transmission range of each other can communicate via a sequence of interme-

diate nodes in a multihop fashion. Since all the nodes belong to a single authority and thus

have common interests, node selfishness [4] is not worrysome in that each node is ready to

forward packets not destined for itself. Nodes may freely move in the network, but do not

continuously move so rapidly as to make the flooding of every data packet the only feasible

routing protocol. This is a common assumption made about node mobility by nearly all

MANET schemes. We further assume that nodes are capable of performing public-key op-

erations, which is reasonable for the targeted application scenarios, though symmetric-key

operations should be used instead whenever possible.










Our IK(M is independent of the -na.1. Fl-, inr:, transport, routing, or MAC protocols. How-

ever, we do assume that, whenever needed, a valid unicast route can be established between

any two nodes. This can be achieved through many existing secure routing protocols, such

as ARAN [42]. It is worth pointing out that, similar to almost all the other existing secure

routing schemes, ARAN is built upon conventional certificates. In later Section 3.5.5, we

will show that it can be easily converted into a much more efficient scheme based on our

IK(M.

3.3.3 Adversary Model

Our intention here is to devise a sound key management scheme for MANETs, so we

just consider attacks aimed at key management itself. Mitigating denial-of-service attacks,

such as p~!~in-o I1-1 I-,er jawinnrin:_. MAC-layer misbehavior, or routing disruption, though

important, is beyond the chapter scope.

Attacks can be mounted by a single adversary or collaborative ones. We differentiate

between node compromise and disruption attacks. By saying that a node is compromised,

we mean that adversaries have complete control over it, including learning or modifying

its secret information, changing its intended behavior, and so on. In contrast, disrupting

a node means that adversaries can only disrupting communication to that node, e.g., by

interfering with wireless signals to and from it, but cannot read the secret information stored

on it. Therefore, node disruption attacks are less severe than node compromise attacks.

However, we assume that adversaries cannot compromise or disrupt an unlimited number

of nodes so that legitimate nodes are 1.h-- .-, a the majority. Neither can they break any of

the cryptographic primitives on which we base our design. In addition, we assume static

instead of leanimi1,.: adversaries [53].

We further assume that compromised nodes will eventually exhibit detectable mis-

behavior. There is unlikely to be a valid security solution if compromised nodes remain

I' I--!11." As [32, 36], we assume an efficient misbehavior detection scheme such as [3] or

[54]. One of our main objectives is to drive identified compromised nodes out of the network

by revoking their keys. Hereafter we use compromised nodes to indicate those which have

been compromised and identified, unless otherwise stated.










There are n distributed authorities called D-PKGs in our IK(M, similar in role to the

distributed CAs (D-CAs) in conventional CK(M [31, 32, 33, 34, 35, 36]. The D-PK(Gs differ

from common nodes only in that each of them knows a share of a network master-secret.

Similar to [31, 32, 33, 34, 35, 36], our IK(M works properly on the assumption that adversaries

can compromise at most ( 1) D-PK(Gs and can disrupt no more than (n -t) D-PK(Gs. For

the sake of simplicity, we refer to this assumption as the t-limited assumption. Note that

this t-limited assumption only needs to hold in each predetermined time period rather than

the whole network lifetime, if proactive secret sharing [55] is used to periodically refresh

secret shares of the D-PK(Gs.

3.4 IKM Design

This section presents our IK(M design. We first provide an overview of IK(M in Sec-

tion 3.4.1, and then describe the key predistribution phase in Section 3.4.2. Next we discuss

how to achieve efficient key revocation and update in Sections 3.4.3 and 3.4.4, respectively.

Section 3.4.5 presents our method of protecting the D-PK(Gs from devastating pinpoint

attacks, and Section 3.4.6 gives general guidelines as to how to select the secret-sharing

parameters t, n. Finally, the security of IK(M is .I!! I1-,.. .1 in Section 3.4.7.

3.4.1 Overview

In IK(M, each node should carry an authentic ID-based public/private key pair at any

time as a proof of its group membership. With such key pairs, nodes can realize mutual

authentication, key agreement, public-key encryption, and digital signatures, among other

security services. IK(M consists of three phases: key predistribution, revocation, and update.

K~ey predistribution is a one-time process occurring during network initialization, where

a Private K~ey Generator (PK(G), essentially a trusted authority, determines a set of --, -r. ill

parameters and preloads every node with appropriate keying materials. In addition, the

PKG~ distributes its functionality to n D-PK'~s selected among the N nodes to enable secure

and robust key revocation and update during network operation.

To minimize the damage from node compromise, it is a must to explicitly revoke public

keys of compromised nodes. During network operation, if suspecting that a peer, say A,

has been compromised, a nl~ode send a signedu aCc~Ucusation agaCinstl A toU someI D-PK~s. The

accused A is diagnosed as compromised when the number of accusations against it reaches a










predefined revocation threshold, denoted by y, in a certain time window. At that point, the

network enters the key revocation phase in which the D-PK(Gs jointly issue a key revocation

against A.

As a common practice [36], public/private keys of mobile nodes need to be updated

at intervals for many reasons, e.g., preventing from crypi .I! I1-, -i- The key update phase

may occur either periodically according to a prescribed time period, or reactively when the

number of revoked nodes attains some predetermined threshold. During this phase, each

non-revoked node can update its public key autonomously and its private key via a single

broadcast message. This is enabled by our novel public/private key construction method.

Our scheme can also ensure that compromised nodes, once revoked, cannot get their keys

updated, thus isolated from the network.

Due to the shared wireless medium, adversaries are easy to find the whereabouts of

D-PK(Gs based on their network IDs leaked in routing and data packets [41]. This renders

the D-PK(Gs particularly vulnerable to devastating pinpoint attacks. As a natural defense,

we propose to make the D-PK(Gs indistinguishable from common nodes via .I!!...-, us...mI

routing [41]. This measure allows us to provide general guidelines about how to choose the

secret-sharing parameters t, a for achieving desirable levels of security and robustness.

3.4.2 Network Initialization

For a single-authority MANET under consideration, it is reasonable to assume a trusted

PK(G to bootstrap the network, which itself is not part of the resulting network.

Generation of pairing parameters. To bootstrap the network, the PK(G does the

following operations:

1. Generate the pairing parameters (q, GI, G2, P, H1) (cf. Section 2.2.1), where P is

an arbitrary generator of GI, and H1 is a hash function mapping given strings to

non-zero elements in Gi.

2. Pick two distinct random numbers KP1, KP2 EZ~ as network master-secrets. Set

WP1 = KplW and WP2 = KP2W, respectively.

The parameters (q, 8, H1, W, WP1, WP2) are public knowledge preloaded to each node, while

KP1 and KP2 should never be disclosed to any single node.










Secret sharing. To enable key revocation and update during network operation,

it is necessary to introduce the PK(G functionality into the network. In our design, only

knowledge of KP2 is introduced into the network to ensure high-level compromise tolerance

(.I!! I1-,.. .1 in Section 3.4.7). To avoid single point of compromise and failure, the PK(G

performs a (t, n)-threshold secret sharing of KP2 by first determining a random polynomial,

g(2) = KP !i (mod q). It then randomly selects a subset OC c of size n of

nodes as D-PK(Gs (t ( n < |9|I =N). IThen "the PKG assigns to each V E la secret share

computed,, as K2 = g(IDy). Based on Lagrange interpolation, any subset ~A C of size t

can co-determine the polynomial:


g Ls = V\s)KP2 (mod q),(31
veA

where Av(z) = s'v D 2, is called a Lagrange coefficient. The PK(G's master

secret KP2 can then be reconstructed by computing g(0). However, any subset of R of size

(t 1) or smaller does not suffice to do so. To enable verifiable secret ;1h Iinr:_. the PK(G
also calculates a set of values {Wf2V = K2WV enT r } preloaded to each D-PKG.IT Due to the

difficulty in solving the DLP in GI, all the other D-PK(Gs cannot deduce the secret share

K$2 of D-PKG~ V fromI Wf 2. lThe I~s of alll Ilthe D-PKI~s are~t knolwnI toiiI each~ node to make

key revocation and update feasible, and the choice of t, a will be discussed in Section 3.4.6.

Generation of ID-based public/private keys. One of our essential design points

is how to construct an ID-based public/private key pair for each node A,- be it a D-PKG

or common node. Our IK(M is composed of a number of continuous, non-overlapping key

update phases, denoted by pi for 1 ( i < M~, where M~ is the maximum possible phase

index. Such pi-s may not of the same length in time and thus do not require nodes to be

time-synchronized for them either. Each pi is associated with a unique binary -ri !:_ called

a phase salt and denoted by salt. Prior to deployment, the PK(G issues a random number

salt to each node which, in turn, can subsequently generate salti = salti-1 +1 (1 < i ( M~)

by itself with an efficient hash function h such as SHA-1 [16].

In IK(M, each public/private key pair is both node-l;* .:I. and phase-l;.. .W. and node

A's key pair valid only during phase pi is denoted by < KCA~p AI > ah fK]p n










KWl~ comprises a node-specific element and a phase-specific element, common to all the
nodes, both in Gi. In particular,

KCA,p, IA, ps~) = (H1(IDA), Hl(salti))
KC- := (K ,i K) = (KP1H1(IDA), KP2Hl(salti)).

Initially, the PK(G issues < KCA~p A,1 > to node A which can acquire < KCA~pi, 1iC-

(1 convenience, hereafter we refer to < K,4 Kg- > as common public-key and private-key

elements of phase pi, and < KCA, 1C~ > as node-specific public-key and private-key elements

of node A. The former pair varies across key-update phases, while the later pair remains

unchanged during network lifetime and should be kept confidential to A itself.

Due to the difficulty of solving the DLP in GI, it is computationally infeasible to de-

rive the network master-secrets Kpl and KP2 from an arbitrary number of public/private

key pairs [12, 13]. It means that, no matter how many key pairs adversaries acquire from

compromised nodes, they cannot deduce the private key of any non-compromised node.

Therefore, our IK(M exhibits the desirable compromise-tolerant property. The advantage

of our key construction method in facilitating key update can be seen in Section 3.4.4. In

addition, the resulting higher-level resilience to the compromise of D-PK(Gs than the con-

ventional key construction method [39, 20] is to be .!! I1-, .~ .1 in Section 3.4.7. Furthermore,

we refer to the readers to [56] for the use of such public/private keys in key agreement, key

agreement, encryption/decryption, and signature generation/verification.

Our IK(M allows dynamic node join at any time and thus ensures high network scal-

I1.1111-,i. Suppose a new node X joins the network at phase p The PK(G just needs to

pre-eqluip X withr public systems parameters a~nd < K~X,pi P:,i >
Generation of key-update parameters. Let to be the maximum number of com-

promised nodes the network can tolerate. To realize broadcast-based public/private key up-
dates, the PK(G picks M~ distinct 2te-degree polynomials, {li(z) = EtoolC mdq}=,.,

with li,; E Z and Mlr distinct t'c-degree polynomrials, {ug = EyoiP md )i1,.,

with ui,j EZ ~. Since Kg'1 is a point on E/F,, its 2-coordinate (denoted as [Kg'i]">

can be uniquely determined from its y-coordinate (denoted as [Kg'1]"). The PK(G then










constructs {vi(z) = [Ky l]" ui(z)}i=1,...,M/, which are given to each node A along with



Summary. To summarize, each node has the following cryptographic materials be-

fore network deployment:


Pairing parameters: (q, e, H1, W, WP1, WP2)*
Public and private keys: < WA:P,p IA,1P
Phase salt: salt.
Key-update parameters: {vi(z), li(IDA> i=1,...,M.r
In addition to the above materials, eah -PK Ve holds a/ sere shr K$2" an values--"-~

{ W / = KV Tu2/ r

3.4.3 Key Revocation

K~ey revocation comprises three subprocesses: misbehavior ii, l..HG.,//..<. revocation gen-

eration, and revocation : ..I;
Misbehavior notification. Upon detection of node A's misbehavior, node B gener-

ates a signed accusation [IDA, sB] -1 against A, where ss is a timestamp for withstanding
B,pi
message replay attacks. The revocation- needs-" to'-'- be sen tte -Ps to report A's mis-

behavior. The naive flooding of the accusation is insecure because it may alert the accused

A to temporarily behave normally. By doing so, it attempts to make the number of ac-

cusations against it below the predefined revocation threshold y to avoid being revoked.

Therefore, B should unicast the accusation secretly to the D-PK(Gs. The next question is
to which,1 D-K\ the~ ac~,,,cusatio issent The following approach is adopted in IK(M.

During network initialization, the PK(G furnishes each node with a function 7 that

maps each node ID to the IDs of p distinct D-PK(Gs. More formally, for node Ae E ,

F(IDA) = {IDx, |1 ; j 4; P, Xj E R, Xj f A}. There are many possible ways to construct

such a function. One simple approach is to divide the node set WI into n dli 10i! node

sets, each associated with p D-PK(Gs. However, the condition that must be satisfied is that

the node set a D-PK(G belongs to should not be associated with itself. In our IK(M, node

B is required to send the accusation in an encrypted form { [IDA, sB e- ks,y, to each
B,pi
Ve F (IDA), where ks~v is the shared key with V that can be derived using the method

given in [56].










The~ value of /9 determLinesI~ thel tradeoffI between~ rl~DI~inCe toU D-PKG~ conipronlise and

coninunication overhead. The smaller /3, the lower the related coninunication overhead,

the less resilient the network is-'- to te cniprnlie o D-PKs and vieves. ciialy

in one extreme case that /9 = 1, the coninunication overhead is the lowest, while the

conmpronlise of a D-PK(G, say IDx, (X1 E R) which has not been revoked, would allow all

the accused whose IDs are mapped by 7 to IDx, to escape revocation. In another extreme

case that /9 = n, the network shows perfect resilience to D-PK(G conipronlise, while the

related coninunication overhead is the highest. Therefore, /9 should be carefully chosen in

practice to strike a good balance between these two metrics.

Revocation generation. Upon receipt of an accusation from B, a D-PK(G will

simply drop it if the accuser itself has been revoked. Otherwise, the D-PK(G saves the

accusation after decrypting it and verifying B's signature. To prevent an unrevoked com-

promised node from falsely accusing legitimate nodes, a node is diagnosed as compromised

only when the number of accusations against it reaches the network-wide revocation thresh-

old y in one key update phase or a~ny other predetermined time window. The choice of y is

application-sppecific and determines the tradeoff between tolerance of false accusations and

compromise detectability: a larger y means higher-level tolerance of false accusations but

lower compromise detectability, and vice versa.

Once the revocation threshold is attained, a key revocation against node A needs to

be generated and published. In IEl(f, to generate a revocation needs the joint efforts of t

D-PK(Gs. For simplicity, we assume that, among F(ID4), the D-PK(G with the smallest ID

acts as the role of revocation leader. We distinguish between two cases. If /S 3 t, each of

the t D-PK(Gs in F(ID4) with smallest IDs generates a partial revocation (shown below)

sent to the revocation leader. If /9 < t, all the D-PK(Gs in F(ID4) should generate a partial

revocation and send it to the revocation leader. In addition, the revocation leader sends



which responds with a partial revocation after verifying the accusations.
For ease of presentation,- let ACD denot th t D-PK~s participating in revocation

generation. Each V e A generates a partial' revo--Catio KV Hi(ID4 accumulated at- the'

revocation leader. The revocation leader can construct a complete revocation from these










partial revocations through Lagrange interpolation, which is an application of pairing-based

threshold signatures [57, 13]. In particular, a complete revocation is derived as


IDA = C V(0)KP2H(IDA) = K.P2H1(IDA)~ (mo1d q),
veA

where Av(0)-s are Lagrange coefficients defined in Eq. (3.1). It is possible that one or several

members of ~A are unrevoked compromised nodes which might send wrongly computed

partial revocations. To detect this, the revocation leader checks whether the following

equation holds.

8(IDA, W) = (H1(IDA), WP2) (3.2)

Ifso i knolws that~l tisl reoctVUionlII I isUrl~lll authnti andll ollther (t 1) D-PK~~s ga~ve correctly

partial revocations. The equation should hold for a valid revocation because

8(IDA, W) = 8(KP2H1(IDA), W)

= 8(H1(IDA), W)KP2 (8 iS bilinear)

= 8(H1(IDA), KP2W) (8 is bilinear)

= 8(H1(IDA), WP2) (P2 = KP2 ).

The revocation leader then floods < IDA, IDA > throughout the network to inform others

that A has been compromised.

If Eq. (3.2) does not hold, the revocation leader knows that at least one of the partial

revocations is incorrect. Our IK(M allows the pinpoint identification of the misbehaving
D-PK(G(s). To do this, for- each receir ve K$H1(IDA), the revocation leader harnesses

the~ prloadedU~ W/2 to check whether the equation c;(K$2H1(IDA), W) = 8(H1(IDA), WP2)

holds. The check should succeed for a valid partial revocation because WpV2 = KpV2W and

& is bilinear. Otherwise, the revocation leader considers V misbehaving and then issues a

signedU aCc~Ucusation agaCinstl it. After idetifrlyll~ing ll misbehavlingVI D-PK1~s in ~A, the revocation

leader solicits the corresponding number of new partial revocations from D-PK(Gs in R \ A,

calculates a complete revocation, and verifies it as before. Continuing this process, the

revocation leader can form a correct revocation against A, as long as there are at least I

well-behaved D-PK(Gs in R.










Our IK(M can well handle the situation that the revocation leader itself is a compro-

mised node. If other D-PK(Gs in F(IDA) do not receive a correct revocation against A

in certain time, they would consider the revocation leader misbehaving and publish signed

accusations against it. Then the D-PK(G in F(IDA) with the second lowest ID succeeds as

the revocation leader and restarts the revocation generation process. We can see that, as

long as there is at least one non-compromised D-PK(G in F(IDA) and there are at least t

non-compromised D-PK(Gs in R, a valid accusation against node A can I.h-- I-, a be generated.

In addition, our pinpoint identification mechanism will deter the D-PK(Gs compromised yet

unrevoked from offering invalid partial revocations to avoid being easily caught. There-

fore, we expect that a valid revocation will be generated most likely in one round. Also

notice that, since whether a D-PK(G provides a wrong partial revocation and whether the

revocation leader behaves normal are both publicly verifiable, compromised but unrevoked

D-PK((s dare not falsely accuse the revocation leader or other D-PK((s in order to avoid

being identified.

Revocation verification. Upon reception of IDA, every node verifies it by checking

if Eq. (3.2) holds. If so, it should record IDA in its memory and refuse to interact with node

A in future time. In our IK(M, each node needs to store the IDs of all the revoked nodes.

Assuming that each node ID is of 16 bytes, it costs a node about 4 K(B to store 250 IDs of

compromised nodes, which is believed to be an acceptable overhead given the increasingly

low memory price. Some space-efficient data storage techniques such as Bloom filters [58]

may be used to reduce the storage overhead. However, we do not further investigate this

issue for lack of space.

In rare cases, the revoked A and/or its conspirators may be the sole connections between

parts of the network. Since they would not further propagate the revocation, there might be

some legitimate nodes which cannot receive the revocation. Fortunately, this problem can

be greatly mitigated by node mobility. In particular, we require each node to store received

revocations for a certain amount of time. When a node meets a new neighbor, it can

exchange its stored revocations with that neighbor. If that neighbor offers some unknown

revocations, it records the revoked node IDs after verifying those revocations. Since a










node can dump stored revocations after a while, the related storage overhead should be

affordable.

3.4.4 Key Update

To withstand crypton I! .h i and limit any potential damage from compromised keys, it

is a common practice [31, 32, 33, 34, 35, 36] to employ relatively frequent key update. A new

key update phase pi 1 starts either when phase pi lasts for more than a predetermined time

threshold, or when the number of nodes revoked in pi has attained a prescribed threshold.

In IK(M, each node B can update its public key autonomously by computing Keypi~ .

(H1(IDB), Hl(saltiy1)), where salt 1 = salt +1. In other words, B just performs two hash

operations, one for generating the phase salt for piay and the other for computing the

new common public-key element. By contrast, generating the common private-key element

Kg': = K'P2Hi(salti+1) needs the collective efforts of t D-PKGs in S1. For simplicity, wfe
assume that Z E a initiates phase pi 1, tholughI in1 pL~ractic thel D-PK~~s shouldU take turns

to act as this role to balance their resource usage. Z randomly selects (t 1) other non-

revoked D-PK(Gs from R and sends a request to each of them. Let ~A denote these t D-PK(Gs

including Z itself. Each V e A uses its secret share to generate a partial common private-
key elemen-t K$2Hl(saltiy1) accumulated at Z which, in turn, constructs the complete

Kg- usingf Lagrangfe interpolation, Kg,~: = C,-,4 r" Av(0)K$2H(salti41) = KP2Hil(saltiy1).
Notice that Kg': is self-authenticating in that every node can check its authenticity by

checking if the following equation holds.


ir( c-:, W) = (H l~saltzy1), WIP2) (3.3)

It is also possible that some D-PK(Gs in ~A might be compromised yet unrevoked nodes.

The method used in revocation generation can be employed as well to deal with this case.

As long as there are at least t non-compromised D-PK(Gs in R, a valid Kg': can 1.h-- .-, a be

generated.










To propagate Kgi: securely to all the non-revoked nodes, we use a variant of the self-
healing group key distribution scheme by Liu et al. [59]1 Let A C W denote the set of
nod s rv okedu untrl il it ph s i (IincludII ingp D-PKG~ Z broadcasts the following message:


Be3 := {IDx }XeAU ( 8/2) = /2z~j~)U + Iz) j=1,...,i,

where j(z~) = nXeA (" IDx). When a non-revoked node, say B, receives this message,

it derives Zdg(IDB) = i(l(DB)ui(IDB) + 14(IDB). Since B knows vi(z), 14(IDB), and

(y(I-)) 0ti (cf. Sec~tion 3.4..2), it can get u4i(Il~) = "(IDad-li(ID") a~nd then" [Kg']

vi(IDB) + ui(IDB). Subsequently, node B computes [Kg 1]" using the elliptic curve E/F,,
thusc ~ncn~fnstrutn the completeKg Ir- n the similar way, all the other non-revoked nodes

can derive Kg'1 and finish key update. Any revoked node X e A, however, cannot compute
ni(I7nx) andl thuse Kg' because (i(IDx) = 0. In addition, as long as the number of

compromised nodes is no more than tC, i.e., |A 4; tc|, the compromised nodes cannot jointly

determine Kg'1 either, as shown in [59].

The above key-update method provides the self-healing capability in the sense that

any: non-revoked node can recover Kg'7 for any phase pj (j < i), of which it did not receive
the key-update broadcast message due to reasons such as I! .1.11117,i channel errors, and

temporary network partitions. Consider node BI again as an example. It can get Ky', in
the similar wayn~ as obtaining Ky'. This nice feature, however, is achieved at the cost of

increased communication overhead. Therefore, if either this self-healing capability is not

required or reliable broadcast can be guaranteed, the broadcast message By~ can change to

{IDx}XEhi U (di 2) = ~i 2)Ui(2 +i(2)}, where i(z() = nXeA (a IDx) and As CAn
represents the set of new nodes needed to be revoked in phase pi. In doing so, the broadcast
communication overhead can be reduced.

3.4.5 Securing D-PKGs against Pinpoint Attacks

Similar to [31, 34, 35], our IK(M relies on the validity of the t-limited assumption

mentioned in Section 3.3.3. However, if adversaries have the entire network lifetime to


SI Kg' can be viewed as a group key to be distributed to non-revoked group members.










amount attacks, they~ may~ compromise, or disrupt enug D-PK~s sooner or later. As a

well-known countermeasure, Herzberg et al. [55] propose to periodically refresh secret

shares without changing the original secret, in such a way that any information learned

by adversaries about individual shares becomes obsolete after the shares are refreshed. In

addition, they present techniques to periodically and securely recover shares not refreshed

propeI rly to withstandU U- D-PK disruption attacks. Their techniques are either adopted or

no:__ -r -1.1 by [31, 34, 35]. To deal with long-term adversaries, we also -II:_:_. -r to incorporate

such proactive secret-sharing techniques in our IK(M.

Proactive secret-sharing techniques are valid as long as adversaries are t-limited in

each predefined time period. Nearly all previous proposals simply make this assumption

without efforts to justify it. In our opinion, without precaution, the t-limited assumption

is difficult to hold for MANETs deployed in hostile environments. The reason is that the

Irs of, the D-PKs are public knowledge to every node, and adversaries can easily get this

information, e.g., by compromising a single node. In common MANET routing protocols

such as AODV [5] and DSR [6], node IDs are left bare without any protection. The shared

wireless medium renders adversaries to perform passive eavesdropping and easily locate the

D-PK(Gs based on their IDs leaked in routing and data packets. As a result, adversaries

can launch pinpoint compromise or disruption attacks on the locked D-PK(Gs. This type of

severe pinpoint attacks resulting from the unique characteristics of MANETs are reported

in [29, 41]. Obviously, we have to seek efficient ways to thwart such pinpoint attacks to

make the t-limited assumption reasonable.

Assume that adversaries have no ways (e.g., traffic ..I! I1-, -iR) to distinguish between the

D-K\ and,,, non-D-PKGr nodes other than from their IDs. We propose to eliminate the

pinpoint attacks by MASK(, the .l!!..-, usua sI on-demand routing protocol for MANETs pre-

sented in Chapter 2. As stated before, MASK( guarantees that, given a node ID, adversaries

cannot ascertain whom and where the corresponding node is. For our purpose, this means

that, even given the list of D-PK(G IDs, adversaries cannot determine which nodes are the

D-PK(Gs based on passive eavesdropping of node IDs. Therefore, the pinpoint attacks are

effectively defeated. Also note that the same method can be used to eliminate pinpoint

attacks on the D-CAs in [31, 34, 35].










3.4.6 Choosing Secret-Sharing Parameters

Now we discuss how to select the secret-sharing parameters t, a for a good tradeoff

between security and robustness, namely, the resilience to the compromise and disruption

of D-PK(Gs, respectively. For a fixed n, the larger t, the more secure the network is because

adversaries need to compromise more D-PK(Gs to learn KP2, the less robust the network

is in1 thlat adversaries needU toU Udis~rup fewerL D-PKs to make KP2 irrecoverable, and vice

versa. To strike a good balance between them, it is often wise to let t = [ ], as l: :_ -r 0. 1

in [15, 40]. The next question is, given the network size N, how we decide the value of a

to achieve desired levels of security and robustness.

With our MASK( in place, adversaries cannot distinguish between the D-PK(Gs and

common nodes based on passive eavesdropping. What they can only do is to attempt

to compromise or disrupt randomly-picked nodes with the expectation that those nodes

hlappen toU be thel D-PKUs. Assume that adversaries can surreptitiously compromise and

disrupt up to Nc 3 t and Nd 3 n-t+1 nodes, respectively, in each proactive secret-sharing

time period without being detected. We define Prc and Prd as the probabilities that at

least t out of Nc compromised nodes and (n t + 1) out of Nd disrupted nodes happen to

be D-PK(Gs. In particular,


Prc = C Ne-) ndPr N-i


where t = [g]. In practice, we want both probabilities to as low as possible. Prior to

dep~loyment,~ ~lthe PKG can use the enumerative method to determine the values of t, a for

obtaining appropriate values of Prc and Prd, i.e., meeting desirable levels of security and

robustness. For example, when N = 50, Nc = 5, and Nd = 7, we have Prc = 1.19 x 10-4

and Prd = 8.53 x 10-s if a = 10 and thus t = 5; when N = 50, Nc = 10, and Nd = 14, we

have Prc = 1.8 x 10-s and Prd = 7.88 x 10-4 if a = 20 and thus t = 10. Obviously, the

success probabilities of such random attacks are pretty low.

During network operation, the network size N may be changing with node join, leave,

or failure over time. Accordingly, the parameters t, n and the D-PK(G set should be adjusted

to maintain desirable levels of security and robustness. This can be easily realized through










verifiable secret redistribution by Wong et al. [60] to redistribute the PK(G's master key

KP2 frOM a (t, n) Structure tO a (t n ) One.

3.4.7 Security Analysis

Here we briefly compare the security of our IK(M with CK(M such as [31, 34] and

previous IBC-based schemes [39, 20] (referred to as o-IKMl). In o-IK(M, the PK(G only has

one master secret KP2 jointly shared by n chosen D-PK(Gs in a (t, n)-threshold fashion.

Each node A has a public/private key pair (H1(IDA || exp), KP2H1(IDA || exp)), where

ezp indicates the key expiration time. To renew its private key before it expires, A needs to

individually contact t out of a D-PK(Gs for partial private keys, based on which to construct

a complete one via Langrange interpolation. As usual, our discussion is from the viewpoint

of key management instead of cryptographic algorithms themselves.

Since all three approaches are (t, n)-threshold schemes, they have the same level of

security as long as the t-limited assumption holds. However, they differ in the worst-

case scenario where adversaries manage to compromise at least t distributed CAs (D-CAs

for short) in CK(M, or t D-PK(Gs in IK(M or o-IK(M. In that situation, adversaries are

able to construct the CA's private key in CK(M, or the PK(G's master secret Kp2 in IK(M

or 0-IK(M. For both CK(M and our IK(M, adversaries cannot deduce the private key of

any non-compromised node, be it a D-CA (or D-PK(G) or common node. Therefore, the

communication security between non-compromised nodes is still guaranteed. In contrast,

the exposure of Kp2 in O-IK(M would result in loss of overall -1-, -r ll security because it

permits adversaries to derive all the private keys of all the compromised or non-compromised

nodes ever used since the network formation. This means that adversaries would be able to

freely read encrypted messages observed in the past or future, and forge any node's digital

signature.

In summary, our IK(M is at least as secure as conventional CK(M, but outperforms

o-IK(M in the worst-case scenario.

3.5 Performance Evaluation

In this section, we compare the proposed IK(M with conventional CK(M via simulations.

As mentioned in Section 3.2.2, DSA-based CK(M solutions have much worse communication

efficiency than RSA-based ones under the same security level. Therefore, we focus on










comparing IK(M with RSA-based CK(M, which is implemented mainly based on [32, 36]

with the number of D-CAs set to n instead of N. As discussed before, our IK(M is more

secure than 0-IK(M [39, 20] under the same secret-sharing parameters (t, n). In addition,

the communication and computation overheads of 0-IK(M are the same as those of IK(M

with regard to key revocation, but are much higher in terms of key update because 0-IK(M

requires that each node individually contact t out of a D-PK(Gs for key update. Since the

advantages of our IK(M over o-IK(M are quite obvious, we do not offer the simulation results

of their comparison for lack of space.

3.5.1 Simulation Setup

The comparison is done within GloMoSim [21], a popular MANET simulator, on a

desktop with an Intel P4 2.4GHz processor and 1 GB memory. Although such a powerful

machine may not be available in some application scenarios, it should be appropriate for the

comparative study of IK(M and CK(M. To avoid causal implementation errors and guarantee

fair comparison, all the cryptographic primitives are built using MIRACL [22], a standard

cryptographic library.

For CK(M, the underlying CBC is RSA with a 1024-bit modulus for sufficient security.

An RSA public key consists of an ordered pair (s, e) where s is the modulus, and e is the

public exponent. A common value for the public exponent is e = 216 + 1, which is the

value we use for all public exponents. Note that this is in favor of CK(M because RSA

encryption and signature verification can be made very fast with e = 216 +1 than a random

exponent. Therefore, an RSA public key would require 128 bytes for the modulus and 3

bytes for the public exponent, resulting in a total size of 131 bytes. In addition, an RSA

signature consists of a single 1024-bit value. For simplicity, we assume that a node ID is of

16 bytes and that certificate expiration time can be encoded in 2 bytes. An RSA certificate

< IDA, (n, e), exp, CA's signature > will be totally 277 bytes in length.

For our IK(M, the bilinear map e we use is the Tate pairing [14]. q is a 160-bit Solinas

prime 2159 + 2"7 + 1 and p is a 512-bit prime equal to 12qr 1 (for some r large enough to

make p the correct size). Such choices of q, p deliver a comparable level of security to 1024-

bit RSA [12, 13]. The elliptic curve E we use is y2 = 3 + x defined over F. The ID-based










signature primitive [M~]K- used is the one outlined in [56], in which a signature consists
A,pi
of one element of GI and one element of Z Since the former is a point on E/Fz, only the

y-coordinate needs to be transmitted because the 2-coordinate can be easily derived using

E. Therefore, an ID-based signature is of 84 bytes. This point compression technique is

also used in transmitting key revocations and common private-key components, both being

elements in Gi. Moreover, the hash function SHA-1 [16] and the symmetric-key encryption

primitive RC6 [18] are used wherever applicable.

We simulate a MANET with 50 nodes deployed in a 700x700 m2 square field.2 The

ph1-, -i I1-1 I-, er path loss model is the two-ray model. The node transmission range is 250

meters and the channel capacity is 2 Mb/s. The MAC protocol used is the Distributed

Coordination Function (DCF) of the IEEE 802.11. For simplicity, the underlying routing

protocol is AODV [5] instead of our MASK( [20]. Nodes initially are uniformly distributed

and node mobility are emulated according to the random waypoint model [6]. We run

simulations for constant node speeds of 5, 10, and 15 m/s, with pause time fixed to 5

seconds. In addition, we use 20 CBR connections with random source and destination pairs

throughout the simulations. All the data packets are 512 bytes and are sent at a speed of

4 packets/s.

3.5.2 Computational Costs

We present the computational costs of outstanding primitive operations in CK(M and

IK(M in Table 3-2. As compared to RSA operations, the pairing evaluation is currently

a relatively expensive operation, which by far takes the most running time of an IBC

algorithm. However, since the pairing is a relatively new technique, we anticipate that

its evaluation cost will be much reduced with the rapid advance in cryptography. For

example, Barreto et al. [23] recently announce an approach to evaluate the Tate pairing by

up to 10 times faster than previous methods, the implementation of which is underway. In



2 Note that for the simulated network size, it may be feasible to preload each node with
all the others' public keys. However, it should be understood that this choice is just for
illustration purpose and also to ensure a fair comparison with ARAN [42] which uses the
same network size.








54

Table 3-2: Timings of primitive operations

Primitive Time
(ms)
RSA key generation 526.5
RSA encryption/verfication (e = 216 + 1) 0.26:
RSA decryption/signing 5.08
Modular exponentiation (mK 1HOd N) 16.89
Map-to-point H1(-) 2.6
Scalar multiplication in GI1 3.3
Modular exponentiation in G,2 2.4
Pairingf 11.0
ID-based signing (with pre-coluputation) 5.7
ID-based signature verification 35.5

Table 3-3: Conipa~rison of key revocation time

threshold t = 5 threshold t = 10
Speed (In/s) IEhi (sec) C'Khi (sec) IEhi (sec) C'Khi (sec)
5 3.344 3.179 8.563 8.323
10 3.356 3.220 8.577 8.387
15 3.362 3.235 8.586 8.401


addition, the pairing computation can be much accelerated by using dedicated cryptogra~phic

hardware. For instance, it is reported in [61] that the Tate pairing can be calculated in

about~l 6 nIs onI ai modernLI FPG- --'- A. Despite its computational inefficiency, are will see below

that our IK(M still outperfornis CK(M in almost all aspects because of its certificateless

nature.

3.5.3 Comparison in Key Revocation

Here we compare IK(M with CK(M with regard to key revocation. We use 20 CBR

sessions as background !! e.-" to simulate more realistic scenarios. Two sets of secret-

sharing parameters (t, n) are simulated: (5, 10) and (10, 20). The revocation process of

CK(M is inmpleniented as similar to that of our IK(M. For simplicity, are set the revocation

threshold y equal to t and each accusation is sent to /S = 1 D-PK(G in IK(M or D-CA in

CK(M. In other words, when the number of accusations against one specific node reaches

y = t at a D-PK(G or D-CA, that D-PK(G or D-CA sends the accumulated accusations to

other random (t 1) out of (n 1) D-PK(Gs or D-CAs which, in turn, send back partial

revocations after verifying the received accusations. To avoid possible MAC-layer collisions










Table 3-4: Comparison of key update (t = 5)

IK(M: threshold t = 5 CK(M: threshold t = 5
Speed (m/s) T ime (sec) Overhead T ime (sec) Overhead
(packet) (packet)
5 3.173 352 271.088 18556
10 3.182 674 271.965 20846
15 3.189 1328 273.443 22400

Table 3-5: Comparison of key update (t = 10)

IK(M: threshold t =10 CK(M: threshold t =10
Speed (m/s) T ime (sec) Overhead T ime (sec) Overhead
(packet) (packet)
5 8.187 662 275.289 37078
10 8.194 1286 276.952 45438
15 5 071582 279.978 1; ".Ill


resulting from returned partial revocations, the revocation leader uses a fixed delay of one

second between contacting two different D-PK(Gs.

Table 3-3 gives the one-time key revocation time of IK(M and CK(M for t = 5 and 10,



accusations to (t 1) peers, until the last node in the network receives and verifies the final

complete revocation. All packet transmission and cryptographic processing time has been

included. As we can see, although our IK(M is slightly inferior to CK(M, both can finish a key

revocation in a very short duration. This demonstrates the feasibility of real-time public-

key revocations in MANETs. We can also observe that, the larger the threshold t, the more

time it takes to finish the revocation process, which is quite intuitive. In addition, node

mobility has little impact on the revocation time in that the revocation process only involves

the transmission of 2(t 1) unicast packets and one network-wide broadcast packet for the

final revocation. Such a small amount of traffic can be transmitted before the network

topology changes significantly and thus some unicast routes break due to node mobility.

3.5.4 Comparison in Key Update

In this subsection, we demonstrate the advantage of our IK(M over CK(M in terms of

key update. Again, 20 CBR sessions are used to emulate normal traffic scenarios. For our

IK(M, the key update process starts when one D-PK(G sends a key update request to other










random (t 1) D-PK(Gs,3 and finishes when all the network nodes receive and verify the

broadcasted common private-key component. For CK(M, the key update process lasts from

when the first node starts contacting t random D-CAs for key update until the last node

finishes its key update through t random D-CAs. To avoid traffic collisions at the D-CAs, a

fixed interval of 5 seconds is inserted between two consecutive key updates by two different

nodes.4

We are interested in two metrics: one-time key update time, including packet trans-

mission time and all cryptographic processing time, and key update overhead in number of

packets, which counts all the key requests/replies and the incurred routing control packets.

Tables 3-4 and 3-5 compare our IK(M with CK(M with regard to these two metrics for t = 5

and 10, respectively. Since a key update process in IK(M is similar to a key revocation

process, it can be finished in a similarly short period. In contrast, key update in CK(M

requires a relatively great amount of time and incurs a significantly larger overhead. In

addition, the key update time and overhead of both schemes increase with the threshold t,

which is of no surprise.

3.5.5 Comparison in Secure Routing

A most important use of public-key techniques in MANETs is to secure routing proto-

cols. As noted in [42], most existing secure routing schemes for MANETs rely on the use of

public keys and certificates without explicitly discussing how to perform certificate distri-

bution. By contrast, a recent work, called ARAN [42], accounts for certificate distribution.

ARAN is an elegant scheme because it is essentially a secured version of classic AODV [5]

and thus preserves many nice features of AODV. However, using ID-based public/private

keys in place of certificate-based ones can turn ARAN into a much more efficient solution,
which is shown as follows.



3 The 1-s sending interval is still used.

4 We have tried different interval values and the chosen one can guarantee that almost
all the nodes can successively finish their key update within the simulation time.










Due to space limitations, we refer to [42] for detailed descriptions of ARAN. For ease

of presentation, we denote the original ARAN by ARAN-CK(M and the modification with

our IK(M by ARAN-IK(M. Regarding the overall routing process, ARAN-IK(M is the same as

ARAN-CK(M. Their difference lies in the structures and cryptographic processing of rout-

ing control packets, including route discovery/reply/error packets. For example, assuming

a source and destination pair of nodes X and Y, a typical route discovery packet (RDP)

in ARAN-CK(M is of format < ((RDP, IDy, Nx)x-1)A-1crt, CetCertA >. Here, (m)x-

stands for message m with its RSA signature generated under node X's RSA private key

X-l; Nx is a monotonically increasing sequence number set by X; certx is the RSA certifi-

cate of source X (see Section 3.5.1 for the certificate format); certA is the RSA certificate

of an intermediate node A attached when A forwards the RDP of X to its own neighbors.s

Considering the RDP format < RDP, IDy, Nx, IDx, IDA > in AODV [5], ARAN-CK(M

adds 778 bytes to the RDP. Suppose the network is in key update phase pi. In ARAN-IK(M,

the RDP changes to < [[RDP, IDy, Nxic-1 <- IDx, IDA >. Therefore, ARAN-IK(M
X,pi A,pi
increases the RDP in AODV by 168 bytes because of the two ID-based signatures. The

routing reply and error packets in ARAN-CK(M are modified similarly.

We run simulations to compare the routing performance of ARAN-CK(M and ARAN-

IK(M. The results generated with AODV are also provided as the baseline. Again, 20

CBR sessions are used in the simulations and each simulation is executed for 15 simulated

minutes. In our simulation results, each data item represents an average of ten runs with

identical traffic models, but with different mobility scenarios.

We use four key performance metrics to evaluate the performance. Average route

discovery 1. I/,:o measures the average latency from the time of sending a RDP to receiving

the first corresponding route reply. Average data packet 1. IAtti measures the average time

from the sending of a data packet by a CBR source until its reception at the corresponding

CBR destination. This includes all possible delay caused by buffering during route discovery,




5 Node IDs are included in certificates. Please refer to [42] on how the RDP is processed
in a hop-b-, -1!heI manner.








58



550- ~AODV
-1: -11-1-11
E 45 *



S25 *
S20 *
~15.
10 *o
S5.

5 1 15
Node Speed (m/s)



Figure 3-1: Average route discovery delay.

queuing delay at the interface, retransmission delay at the MAC layer, and propagation and

transmission delay at the ph1-, -il I1 layer. Packet delivery ratio (PDR) measures the ratio of

the data packets delivered to the destination to those generated by the CBR sources. Finally,

normalized routing load measures the average amount of routing packet byte transmitted

per delivered data packet byte. Each hop-wise transmission of a routing packet byte is

counted as one transmission.

The advantages of ARAN-CK(M over AODV in the presence of malicious nodes have

been demonstrated in [42]. For simplicity, we just compare the performance of AODV,

ARAN-CK(M, and ARAN-IK(M when all the nodes in the network are well-behaved or

benign. Note that, no matter whether there are malicious nodes or not, the operations

of both ARAN-CK(M and ARAN-IK(M remain the same. Therefore, as long as we can

show that ARAN-IK(M outperforms ARAN-CK(M in the simulated scenarios, it will also

demonstrate better performance than the latter and thus AODV in the face of malicious

nodes. In all our simulation results, AODV 1.h- .-, a outperforms both ARAN-CK(M and

ARAN-IK(M. This is of no surprise because there are no efforts at all made in AODV to

deal with routing attacks. We will focus on discussing the difference between ARAN-CK(M

and ARAN-IK(M.

Fig. 3-1 compares the average route discovery delay of ARAN-CK(M and ARAN-IK(M

under three 1!!. 1.ilir-,i scenarios. We can observe that ARAN-IK(M 1.h- .-, s exhibits shorter

route discovery delay than ARAN-CK(M. The key reason is that routing discovery and reply












700








S20

10 1

Node Speed (m/s)



Figure 3-2: Av-erage datar packeet i














10i 15
Node Speed (m/s)



Figure 3-3: Packet delivery ratio.

packets in ARAN-CK(M are of much larger sizes than those of ARAN-IK(M. As a result,

routing packets in ARAN-CK(M are more subject to loss due to collisions with other data

or routing packets during their transmission. When a source does not receive a route reply

packet after sending the RDP for a while, it has to resend the RDP, which worsens the

situation. This contributes to the shown advantage of ARAN-IK(M over ARAN-CK(M. In

addition, the performance difference between ARAN-IK(M and ARAN-CK(M becomes more

and more significant with the increase of node mobility. For example, when the node speed

is 15 m/s, the route discovery delay of ARAN-IK(M is about 390.08 ms, representing a

saving of about 28 percent as compared to the 540.32 ms delay of ARAN-CK(M. That is

because high mobility means that routes will break more frequently, so accordingly route

discovery needs to be performed more frequently. Since more routing packets are involved,











1~ I AODV










5 10 15
Node Speed (m/s)


Figure 3-4: Average routing load.
their probabilities of colliding with other traffic become increasingly higher in ARAN-CK(M

than in ARAN-IK(M.

Fig. 3-2 plots the average data packet delay vs. node speed. As we can see, ARAN-

IK(M has a significant advantage over ARAN-CK(M in all three mobility scenarios. In

particular, when the node speed is 5 or 10 or 15 n1/s, the data packet delay of ARAN-

CK(M is about 4.68 or 7.86 or 8.04 times longer than that of ARAN-IK(M. This result is

partly due to the shorter route discovery delay ARAN-IK(M has than ARAN-CK(M, which

results in shorter delay caused by buffering at the network layer. Another more important

reason is that MAC-layer frames in the IEEE 802.11, including RTS/CTS/DATA/ACK(, are

more subject to collisions with the MAC frames of routing packets in ARAN-CK(M than

in ARAN-IK(M because the former has much larger-sized routing packets. The situation

deteriorates with the increase in node mobility and thus the increase in the number of

routing packets. As a result, data packets in ARAN-CK(M experience much longer quueuing

and retransmission delay at the MAC layer.

Fig. 3-3 shows the PDRs of AODV, ARAN-IK(M, and ARAN-CK(M for three mobility

scenarios. In all cases, ARAN-IK(M demonstrates performance close to AODV and higher

than ARAN-CK(M. This mainly results from the fact that a smaller portion of data packets

are dropped in ARAN-IK(M than in ARAN-CK(M due to attainment of the retransmission

limit at the MAC layer. The ultimate reason, however, is still because of the larger-sized

routing packets in ARAN-CK(M. Finally, the normalized routing load of ARAN-IK(M and










ARAN-CK(M are shown in Fig. 3-4. For node speeds of 5 or 10 or 15 n1/s, ARAN-CK(M

has a. routing load 3.1 or 3.7 or 4.1 times higher than that of ARAN-IK(M for the larger

sizes of routing packets.

To sunina~rize, our IK(M has significant advantages over conventional CK(M in secure

routing protocol design, a fundamental component in MANET security.

3.6 Summary

k~ey nlana~genent is a fundamental, challenging issue in securing MANETs. This chap-

ter presents IK(M, a secure, lightweight, scalable ID-based key nlana~genent scheme for

MANETs. As a novel combination of ID-based and threshold cryptogra~phy, IK(M is a. cer-

tificateless solution that permits public keys of mobile nodes to be directly derivable from

their known network IDs and some other coninon information. It thus obviates the need for

public-key distribution a~nd thus certificates inherent in conventional public-key solutions.

Our IK(M is characterized by a. novel method of constructing ID-based public/private keys,

which not only guarantees high-level resilience to node compromise attacks but also fa~cil-

itates very efficient network-wide key update by a. single broadcast message. In addition,

we give general guidelines on choosing the secret-sha~ring parameters for achieving desir-

a~ble levels of security a~nd robustness. The significant advantages of IK(M over conventional

certificate-based solutions have been confirmed by extensive simulation results.

Most existing security niecha~nisnis for MANETs thus fa~r involve the heavy use of

public-key certificates. In this regard, we believe that the findings of this chapter would

have much influence on the research paradigm of the whole coninunity a~nd stimulate many

other fresh research outcomes. As our future work, we will seek efficient solutions based on

IK(M to a variety of challenging security issues in MANETs such as intrusion detection and

secure routing.
















CHAPTER 4
SECURE LOCALIZATION IN WIRELESS SENSOR NETWORKS

4.1 Introduction

Wireless sensor networks (WSNs) have attracted a lot of attention recently due to

their broad applications in both military and civilian operations. Many WSNs are deployed

in unattended and often hostile environments such as military and homeland security op-

erations. Therefore, security mechanisms providing (~iC..nn.1.011.11-,i, authentication, data

integrity, and non-repudiation, among other security objectives, are vital to ensure proper

network operations.

Many WSNs require sensor nodes to know their ph1-, -il I1 locations. Examples include

those for target detection and tr l~ine:. precision navigation, search and rescue, geographic

routing, security surveillance, and so on. Driven by this demand, many localization schemes

have been proposed in recent years, with most assuming the existence of a few anchors that

are special nodes knowing their own locations, e.g., via GPS or manual configuration. These

proposals can be divided into two categories: range-based such as [62, 63] and range-l;..

[64, 65]. The former are characterized by using absolute point-to-point distance (range) or

angle estimates in location derivations, while the latter depend on messages from neigfhbor-

ing sensors and/or anchors. Range-based solutions can provide more accurate locations, but

have higher hardware requirements for performing precise range or angle measurements. By

contrast, although having lower hardware requirements, range-free approaches only guaran-

tee coarse-grained location accuracy. In this chapter, we focus on range-based approaches

and leave the investigation on range-free ones as the future work.

We observe that almost all existing range-based proposals were designed for benign

scenarios where nodes cooperate to determine their locations. As a result, they are ill-

suited for unattended and often hostile settings such as tactical military operations and

homeland security monitoring. Under such circumstances, attackers can easily subvert

the normal functionalities of WSNs by exploiting the weakness of localization algorithms























(a) No attacks. (b) dos is reduced.


(c) dos is enlarged.


Figure 4-1: An exemplary two-way ToA localization process, where anchors A, B, C are
determining the location of sensor S.


[66, 67]. In this chapter, we do not intend to provide brand-new localization techniques for

WSNs. Instead, we focus on .I! I1-,. i!:_: and enhancing the security of existing approaches

when applied in adversarial settings.

The rest of this chapter is structured as follows. We start with ..I! I1-,. b!:_: the vulner-

I1.1111-,i of existing approaches in Section 4.2. Next, we present a novel 1!!. 1.ilir-,i-assisted

secure localization scheme (SLS) in Section 4.3. We then review related work in Section 4.4

and summarize this chapter.

4.2 Vulnerability Analysis of Two-Way Time-of-Arrival Localization

Popular range-based localizat ion techniques include Received- Signal- St rengt h-Indicator

(RSSI), Angle-of-Arrival (AoA), Time-of-Arrival (ToA), and Time-Difference-of-Arrival (TDoA).

Readers are referred to [63] for a nice review. Among these techniques, ToA is the most

commonly used one whose requirement for fine time resolution can be satisfied by the ultra-

wideband (UWB) technique [68]. Therefore, our study focuses on a two-way ToA approach,

which is illustrated with Fig. 4-1.

In the shown example, anchors A, B, and C intend to determine the 2-D location of

sensor S. To do so, A transmits at time tl a challenge to sensor S which immediately

echoes a response received by A at time t2. Anchor A can then estimate its distance to S

as dAS M (2 1l)c/2, where c is the speed of light. In the same way, B and C can obtain

distance estimates to S, denoted by dBs and dos, respectively. Let (XA, YA), (XB, YA),

(Xc, Yo ) be the known locations of A, B, and C, and (Xs, Ys) be S's location to be decided.















C Sece chnattacker 2






Figure 4-2: The topology of an exemplary distance enlargement attack.


Assume that A is the leader which collects des and dos and then sets up the following

equations :
fA = dAs (Xs XA) yS A

fs = des s Xe2 yS- B (4.1)

/c = dos (Xs Xc)2 yS C

If there is no measurement error, fA, B, and fc are all equal to zero, and (Xs, Ys) is

the common intersection point of the three circles defined by the above equations. Since

measurement errors inevitably exist in reality, however, (Xs, Ys) will be somewhere in the

intersection area formed by the three circles, as shown in Fig. 4-1(a). It can be obtained

via the Minimum Mean-Square Error (11:ljl1-3) method [62], i.e., minimizing F(Xs, Ys)=

f f+/ + ff
The above process is vulnerable to distance reduction and enlargement attacks, in

which attackers attempt to reduce and enlarge distance estimates, respectively, so as to

maliciously increase the location inaccuracy. For example, attackers can impersonate sensor

S to answer anchor C's challenge before S does, and then jams the later genuine response

from S. As a result, dos would be intentionally reduced. In addition, Fig. 4-2 shows the

topology of an exemplary distance enlargement attack, where the two circles indicate the

transmission ranges of anchor C and attacker 2, respectively. In this attack, the challenge

from C is correctly received by attacker 1, but not by sensor S whose reception activities

are interfered by attacker 2. Subsequently, attacker 1 sends the unmodified challenge via a

secret channel to attacker 2 which, in turn, forwards the challenge to sensor S after some










time. Sensor S will consider it a challenge from anchor C and respond to it. In doing so,

attackers can increase the challenge-response time difference measured at C and thus the

distance estimate dos. Both distance reduction and enlargement attacks may make the

location estimate of sensor S far from its true location, as can be seen from Fig. 4-1(b) and

Fig. 4-1(c), respectively. To satisfy the requirement for high location accuracy by many

WSN applications, we must therefore seek ways to mitigate the impact of such attacks.

4.3 Mobility-Assisted Secure Localization for UWB Sensor Networks

In this section, we present a mobility-assisted secure localization scheme (SLS) for

WSNs. To ease our illustration, we focus on how to ensure secure 2-D location estimates,

but SLS can be easily extended to the 3-D case.

4.3.1 Network Model

We consider a WSN that consists of randomly-deployed sensor nodes, e.g., via random

aerial scattering. Sensor localization is normally done during the network initialization

phase, in which we assume that a set of anchors, denoted by ~A, perform coordinated group

movement across the whole sensor field. Typical examples of anchors are mobile robots or

Unmanned Aerial Vehicles (UAVs) flying at low levels. The number of anchors, denoted

by n, = |~A|, should be at least three for determining a 2-D location. Intuitively, the more

anchors (i.e., distance estimates) are available, the more precise location estimates are at

the cost of increased communication and computational overhead. We also indicate anchor

i by Ai for is { 1,..., n}.

Each Ai is assumed to know its own location (XAi,YA,) at any time and place through
GPS" receivers- or other means In addition, there is I.h-- I-, R a leader in ~A that takes charge

of the localization process. In practice, each anchor should take turns to act as the leader

to balance their resource usage. For convenience, however, we assume Al to be 1.h-- .-, a the

anchor leader hereafter. We further assume that anchors and sensor nodes have the same

transmission range ro.

Before network deployment, we assume that the network planner picks a sufficiently

long secret KC, and loads each sensor S with a secret key Ks = hlc(IDs). Here, ID, is the

unique identifier of node S, h indicates a fast hash function such as SHA-1, and hlc(Ml)

refers to the message integrity code (MIC) of message M~ under key KC. We further postulate










that each anchor knows the network secret K: and is trusted and unassailable to attackers

during the node localization phase which usually does not last too long. This assumption is

reasonable in that anchors are usually much fewer than sensor nodes, so we can spend more

on them by enclosing them in high-quality tamper-resistant enclosures and putting them

under perfect monitoring. How to deal with compromised anchors is part of our ongoing

work.

4.3.2 Overview of SLS

After sensor nodes are deployed, anchors are instructed to perform strategic group

movement along pre-planned routes to localize all the sensor nodes. Anchors are required

to I.h-- I-, a maintain an n,-vertex p..1~-,:_on with the longest distance between any two vertices

no larger than ro. This means that anchors and sensors inside the p..1~-,:_on can directly com-

municate with each other. To localize a node, say S, anchors first measure their respective

distance to S with a modified two-way ToA approach, called K-Distance. The anchor leader

Al then collects all the distance estimates whereby to derive a MMSE location estimate.

Subsequently, Al runs a validity test on the location estimate to detect possible attacks.

Unlike traditional localization methods such as AHLos [62], our mu~ l~ilir-, I--10.. 1 ap-

proach does not require each sensor node to accurately measure distances to anchors and

do the MMSE estimation. Instead, each node just needs to answer the challenges from

anchors, and the tasks of time (distance) measurement and location derivation are shifted

to resource-rich anchors. This is highly desirable for lowering the requirements on sensor

hardware and thus the manufacturing costs. In the rest of this section, we will detail the

operations of SLS with a to-be-localized sensor node S as an example.

4.3.3 K-Distance: a K-Round Distance Estimation Algorithm

To obtain a distance estimate to node S, anchor Ai first calculates Ks = hic(IDs) based

on the preloaded network secret KC. It then executes the K-Distance algorithm outlined in

Table 4-1. Ai begins with sending to S an 1-bit random nonce Nj and starts a timer

when the last bit of Nj is sent. Upon receiving Ni, node S needs to immediately echo Nj

concatenated by another 1-bit random nonce Myj picked by itself. Next, S sends to Ai a

MIC, v = hKs(Ni || Myj), where || means message concatenation.


















Table 4-1: i i K-Distance alg~orithm.


1: T =
?: for (:i=Ij=1;J K1 ii-j+ )do
3: Ai sends a ra~ndorn .. nonce NyJ to S
4i: S respo~nds with Ny a~nd another randlorn nonce Myi
As siiets tj t:: irne elapses between chlallengr e andi response
6i: S sends to Aia. number v,::: I~ihiy // n4)
7: f K ) v then /*by Ai*/

9: T U{ti

10: end if
11: esnd for
12: tAiS = median(T)
13: return d~sS = cj s /*c is thlelight I'


last bit o~f N


t,,


first bito / ||M s t bit ofN, || M


t,,, tbrm tp~


Figure 4-3: 'i .. timet i of Ith echallengfe-response proc~ess.










When receiving the last bit of the response, Ai stops the timer and sets tj equal to

the elapsing time. It then uses Ks to compute a MIC on Nj and Myj. If the result is not

equal to v which arrives later, Ai considers the response a bogus one and simply ignores it.

Otherwise, it believes that the response indeed came from S, and proceeds to calculate the

one-way signal propagation time as tp,y = (tj t r'oc t;Sro ttrn)/2. Here, t r'oc represents

the time duration from when the last bit of the response hits the antenna of Ai until the

response is completely decoded (cf. Fig. 4-3); isroc is the time duration from when the last
bit of the challenge reaches the antenna of S until S transmits the first bit of the response.

t, oc and ifroc, are device-dependent and usually are constant or vary in a tiny scale. Both
can be pre-determined and preloaded to Ai to calibrate the time measurements to certain

precision. Assume that transmission links from S to anchors have a bandwidth of b b/s.

Then the response transmission time term is approximately equal to seconds.

The above process offers strong defense against distance reduction attacks in the sense

that attackers cannot reduce tp,y and thus the distance estimate up,4j. One reason is that

the MIC check ensures that an authentic response can only be sent by node S. Another

important reason is that nothing can travel faster than light so that attackers are unable

to make the challenge arrive at S earlier than it should.

Attackers, however, can still launch the distance enlargement attack, i.e., enlarging t,,4

and thus the distance estimate. To mitigate this attack, we require Ai to perform K times

of distance measurements. The motivation is that attackers might not be able to actively

affect all K time measurements and thus distance estimates. It is also worth noting that

our method can help mitigate sporadic measurement errors. K is a design parameter that

determines the tradeoff between algorithm overhead and resilience to distance enlargement

attacks and measurement errors. Assume that all the K time measurements are stored in

an initially empty set T. The next question is how to securely use them. The naive use

of the average is insecure because attackers can easily make the calculated average quite

different from the true one by merely enlarging one time measurement to be sufficiently

large.











A, A
d* d*
d -- i-






(a N masreen eros () eaurmet rrrseis. c)d~s s nlrgd
Fiue44 Loato vaidit tet ihhreanhos

Asponedot n 6],te eda i sfr epaemn fr h aeag, oK-itac
uethmeinoKtime mesreetst calclt S1Frbevt nyeasm










betweo en [t r-1emr+)] t is eas y to) Mesueeth t K-Dirstaneist vunral t inl dA is ta en-agd


geneal, f mtimemeauremet were eoinvlargdt Less either trem ainnchanedo cane


measurement. It is obviou that theda meian maetho rcamn tolrat the enlargemen sof up ito

abus th halfa of th time measurements. t aclt ~slFI rvt ny easm

A s th en calcul ate dfS llos and sh xendsi to anhor leader At a mesagven of formait

{owad.gS Le dtgS) K, wh) eroe {} meanstflt enyting atas Mwithu key IC. Upon replce ipto



fis Whe noicpe that there migttak exi rejst othrmehdssc as Least Maedian ~j Squre (LMS)


togen dal wth outlers (distancel etimo ats enlarged inour cO-ase). Hrowevr, he are less



cmpautametionall effcvient than the median method.cntlrt h nlreeto pt










Table 4-2: Testing if a point is inside a |B|-vertex p..1~-,:_on.

Inputs: B: an anchor set, (Xs, Ys): a location estimate
Output: 0 if outside, else

2: for (i = 1, j = |B|; i ( |B|; j = i + +) do
3: if ((((Y, C Ys)&&(Y, > Ys)) || ((Y, > Ys)&&(Y, < Ys)))

5: a =!u
6: end if
7: end for
8: return n


it, Al decrypts dAss and checks its authenticity via the preloaded IC. Once obtaining all n,

distance estimates, Al can then derive a MMSE location estimate (Xs, Ys).

4.3.4 Location Validity Test

The median approach may be enough for withstanding less powerful attackers. How-

ever, if K assumes a small value, attackers launch persistent attacks, and m is greater than

K+, some distance estimates used for deriving (Xs, Ys) might have still been enlarged,

leading to the invalidity of (Xs, Ys). Therefore, we require Al to run a validity test on

(xs, Ys).

Consider first the simple case that there are no measurement errors. If all the n,

distance estimates were not enlarged by attackers, (X,, Y,) should be exactly the intersection

point of n, circles {(( XA,)2 ~ YAi)2 diS Ha}~n,. To test the validity of

(Xs, Ys), Al merely needs to check whether (Xs, Ys) is inside the n,-vertex p ..1~-,:_on formed

by all the anchors. The underlying logic is very simple. If attackers want to make S appear

to be at any location other than its true location, they have to enlarge certain distance

measurements, while at the same time reduce some others so as to keep the resulting location

estimate inside the p..1l-,:_on. As mentioned before, however, our K-Distance algorithm can

prevent attackers from launching distance reduction attacks. Therefore, anchors can be

assured that the location estimate is trustable as long as it resides in the n,-vertex p..1~-,:_on.

We refer to Fig. 4-4(a) for an example with three anchors (n, = 3).

To determine the inclusion of a point inside a p ..1~-,:_on, we select the ,not-Iracing method

for its simpleness and computational efficiency. This method works by starting at the










point in question and drawing a straight line in any direction. If the number of times

the ray intersects the p..1l-,:_on edges is odd, the starting point is inside the p..1l-,:_on and

is outside otherwise. This is easy to understand intuitively. Each time the ray crosses

a p..1-,:_on edge, its in-out parity changes because each edge 1.h- .-, < separates the inside

of a p..1-,:_on from its outside. Eventually, any ray must end up beyond and outside the

bounded p..1l-,:_on. Therefore, if the point is inside, the sequence of crossings "->" must

be: in->out-> --in->out, and there are an odd number of them. Similarly, if the point

is outside, there are an even number of crossings in the sequence: out-> -in->out.

Table 4-2 gives the pseudo-code implementation for the ray-tracing method, which uses a

horizontal ray extending to the left of (Xs, Ys) and parallel to the negative x-axis.

In practical scenarios, however, time measurement errors and thus distance estimate

errors occur inevitably. The n, circles centered at anchors will therefore not have a common

intersection point, but form an intersection area in which the location estimate is located,

as shown in Fig. 4-4(b). This would introduce room for distance enlargement attacks.

Consider again the three-anchor example in Fig. 4-4(c). Suppose the distance estimate

dA3S was maliciously enlarged, while dArs and dAss are just a little larger than the actual

distances due to measurement errors. It is obvious that, by adjusting the level of enlarging

dA3S, attackers might be able to freely enlarge the intersection area of the three circles and

thus make the MMSE distance estimate (though still inside the triangle) deviate much from

the true location. Fortunately, we can alleviate this issue by imposing certain reasonable

constraints. Let 6 be the two-sided maximum allowable measurement error with respect

to distance estimates. Now (Xs, Y,) should reside in the intersection area of n, rings,

{(dAiS 6)2 ( (2 XAi)2 ~ YAi)2 4 (dAiS 621 Ha}~n, (see Fig. 4-4(b)). This

means that, in addition to performing the point-inclusion test, Al needs to check whether

the inequality | dA ss -Ji ~ ~~ XI) yS-Yg2 6 hold s for each dAi s. If so, (X,, Y,)

is considered valid and invalid otherwise.

With our method in place, attackers might only be able to enlarge any dASs a little bit

to make the resulting (Xs, Ys) appear to be valid, leading to tolerable location imprecision.

However, if they enlarge dASs by a relatively large amount, the resulting (Xs, Ys) will be

identified as invalid. One such example is shown in Fig. 4-4(c). Therefore, although our










method cannot completely eliminate distance enlargement attacks, which is believed to

be impossible for any security mechanism, it does constrain the impact of attackers to a

tolerable level.

If (Xs, Ys) does not pass either the point-inclusion test or the 6-error check, Al re-

computes a MMSE location estimate based on any (n, 1) distance estimates and checks

its validity via these two tests. If all the sets of (n, -1) distance estimates are traversed and

still no valid location estimate is generated, Al tries the sets of (n, 2) distance estimates.

Al continues this process until either a valid (Xs, Ys) is found or all the 3-degree subsets

of n, distance estimates are examined (3 is the minimum number of distance estimates

required to derive a 2-D location estimate). If the latter case occurs without yielding a valid

location estimate, Al may consider that the localization process was attacked and should

take certain actions, e.g., reporting this abnormality to the control center, as stipulated by

concrete WSN applications.

If a valid (Xs, Ys) is derived, anchor Al transmits it securely to node S in a message,

{Xs, Ys, hKs(Xs || Ys)}Ks. Upon receiving it, node S uses the preloaded secret key K~s to

decrypt (Xs, Ys) and compute a MIC. If the result matches with what Al sent, S considers

(Xs, Ys) trustable and saves it for subsequent use.
4.3.5 Discussion

Overhead analysis. So far we have elaborated the operations of SLS, by which a

valid location estimate can be obtained despite the presence of attacks as long as there are

at least three unattacked distance estimates. The desirable security improvement does not

come for free. Specifically, the K-Distance algorithm requires each anchor to obtain K dis-

tance estimates instead of one as in previous schemes. Besides the tunability of K, however,

K-Distance can not only mitigate distance enlargement attacks, but also smooth sporadic

measurement errors in the first place. Also note that, if some distance estimates were

maliciously enlarged, Al may need to perform the MIMSE estimation for up to CE~ 3'~

times. In practical scenarios, n, should be carefully chosen to be a small number that can

guarantee a certain level of resilience to attacks while not incurring too much overhead.

For instance, when n, = 5 anchors are used, SLS can tolerate two (40 percent) maliciously

enlarged distance estimates that are not filtered by K-Distance. Then Al needs to calculate










at most 16 distance estimates. Since anchors have more powerful computational capacities

than sensor nodes and node localization is a one-time process, we believe such overhead to

be acceptable for security-sensitive WSNs.

Other applications. In addition to securely localizing sensor nodes, SLS can find

uses in many other applications. One example is critical asset tracking. Many organiza-

tions, particularly defense contractors, have parts and equipment of a sensitive, secure, or

hazardous nature. These parts need to be monitored and audited to record their move-

ments and who had access to them, as proof that they have not been tampered with or

viewed by unauthorized personnel. We can accomplish this task by deploying a tracking

infrastructure composed of a set of anchors and attaching to critical assets some sensors

that are difficult to remove without being detected. Anchors and sensors communicate with

each other through wireless links. SLS can then be used by anchors to keep tracking the

locations of critical assets (in fact, attached sensors).

4.4 Related Work

In this section, we briefly review some important work that is closely related to this

chapter. Brands and Chaum [70] propose a TOA-based distance bounding protocol that

can be used to verify the proximity of two devices connected by a wired link. Sastry et al.

[71] present a similar distance bounding approach based on ultrasound and RF signals to

verify the presence of a wireless device in a region of interest. In [72], Waters and Felten

propose a scheme that uses round-trip time-of-flight RF signals to prove the locations of

tamper-resistant devices. Their scheme cannot be directly applied in UWB sensor networks

because individual sensors are usually not tamper-resistant due to cost limitations. More

recently, Lazos and Poovendran [66] present an approach to secure range-free sensor local-

ization techniques [64, 65]. By contrast, this chapter concentrates on securing range-based

localization techniques [62, 63]. The closest work to our SLS can be found in [67], in which a

scheme called Verifiable Multilateration (VM) is proposed for secure positioning of wireless

devices. However, SLS differs significantly from VM in several major aspects. First, SLS is

able to mitigate the impact of attacks and sporadic measurement errors in the first place,

which is a nice property not provided by VM. Second, VM calculates location estimates

on the basis of three anchors or triangles. By contrast, we consider a more general case










by using an n,-vertex publ-:_on formed by n, anchors for n, 3 3, which allows for higher

location accuracy. Last, we propose to utilize mobile anchors instead of static anchors,

which can greatly reduce the number of required anchors.

4.5 Summary

How to ensure secure localization is one of the challenging issues in securing WSNs.

In this chapter, we present SLS, a novel mobility-assisted secure localization algorithm that

can furnish sensor nodes with secure, accurate locations despite the presence of attacks. As

the future research, we plan to extend our approach to range-free localization techniques.
















CHAPTER 5
LOCATION-BASED COMPROMISE-TOLERANT SECURITY MECHANIS:\!S FOR
WIRELESS SENSOR NETWORKS

5.1 Introduction

A future WSN is expected to consist of hundreds or even thousands of sensor nodes.

This renders it impractical to monitor and protect each individual node from either ph1-, -i I1

or logical attack. It is also unrealistic and uneconomical to enclose each node in tamper-

resistant hardware. Thus, each node represents a potential point of compromise. Once

compromising certain nodes and acquiring their keying material, adversaries can launch

various insider attacks. For example, they might spoof, alter or replay routing information

to interrupt the network routing [73]. They may also launch the Sybil attack [45, 74], where

a single node presents multiple identities to other nodes, or the i,1. iillu replication attack,

in which clones of a compromised node are put into multiple network places [74]. Moreover,

adversaries may inject bogus data into the network to consume the scarce network resources

[75, 76]. This situation poses the demand for compromise-tolerant security design. That is,

the network should remain highly secure even when a number of nodes are compromised.

Although a lot of solutions such as [77, 78, 79, 80, 81, 82, 83, 84, > ".] have been proposed

for securing WSNs, most of them do not provide adequate resilience to node compromise

and the resulting attacks.

Many WSNs have an intrinsic property that sensor nodes are stationary, i.e., fixed

at where they were deployed. This property has pl1 I-,. .1 an important role in many WSN

applications such as target tracking [86] and geographic routing [87]. By contrast, its great

potential in securing WSNs has so far drawn little attention. Based on this observation,

we propose a suite of location-based compromise-tolerant security mechanisms for WSNs

in this chapter. Our main contributions are summarized as follows.

First, we propose the novel notion of location-based keys (LBE~s) based on the afore-

mentioned pairing technique (cf. Section 2.2.1). In our scheme, each node holds a private










key bound to both its ID and geographic location rather than merely its ID as in conven-

tional schemes. To the best of our knowledge, this is the first such effort in the context of

WSNs.

Second, we design a novel node-to-node neighborhood authentication protocol based

on LBE~s. It helps achieve the desirable goal of localizing the impact of compromise nodes

(if any) to their vicinity, which is a nice property absent in most previous proposals.

Third, we present efficient approaches to establish pairwise shared keys between any two

nodes that are either immediate neighbors or multi-hop away. Such keys are fundamental

in providing security support for WSNs [78, 79, 80, 81, 82, 83, 84, > ".] In contrast to

previous proposals, our approaches feature low communication and computation overhead,

low memory requirements and good network scalability. More important, our approaches

show perfect resistance to node compromise in that pairwise shared keys between non-

compromised nodes I.h-- I-, remain secure, no matter how many nodes are compromised.

Fourth, we demonstrate how LBE~s can act as efficient countermeasures against some

notorious attacks against WSNs. These include the Sybil attack [73, 74], the identity

replication attack [74], wormhole and sinkhole attacks [73], and so on.

Last, we develop a location-based threshold-endorsement scheme (LTE) to thwart the

aforementioned bogus data injection attack [75, 76]. Detailed performance evaluation shows

that LTE can achieve remarkable energy savings by detecting and dropping bogus traffic at

their early transmission stages. Moreover, our LTE has a much higher level of compromise

tolerance than previous work [75, 76].

The rest of this chapter is structured as follows. Section 5.2 introduces the crypto-

graphic basis, the adversary model and the security objectives of this chapter. Next we

detail a location-based key management scheme, including key generation, authentication

and shared-key establishment. This is followed by a detailed illustration of using LBE~s in

combating various attacks. Section 5.5 presents the LTE scheme and evaluates its perfor-

mance. We then survey related work in Section 5.6, discuss the use of symmetric-key vs.

public-key cryptography in Section 6.7, and summarize this chapter.










5.2 Preliminaries

5.2.1 Adversary Model

Adversaries in WSNs can be classified as either external or internal adversaries. The

former do not have authentic 1:0- inr:, material whereby to participate in network operations

as legitimate nodes. They might just passively eavesdrop on radio transmissions or actively

inject bogus data or routing messages into the network to consume the network resources.

Once in full control of certain nodes, external adversaries can become internal ones to be

able to launch more subtle attacks like those mentioned in Section 5.1. Internal adversaries

are generally more difficult to defend against than external ones for their possession of

authentic keying material. We further assume that adversaries have much more powerful

resources regarding energy, communication and communication capacities than ordinary

sensor nodes. They might also communicate and collaborate over a high-bandwidth and

low-latency channel invisible to legitimate sensor nodes. However, we do assume that

adversaries cannot compromise an unlimited number of sensor nodes. Neither can they

break any cryptographic primitive on which we base our design. Otherwise, there is unlikely

to be any feasible security solution.

5.2.2 Security Objectives

We aim to provide confidentiality, authentication, data integrity, and non-repudiation,

four essential security objectives. We also intend to offer both '.:d -loo. t, and end-to-end

security guarantees, both of which are indispensable for security-sensitive WSNs [73]. By

definition, link-layer security indicates the security of radio links between neighboring nodes.

It is a prerequisite to prevent external adversaries from accessing or modifying or faking

radio transmissions. In contrast, end-to-end security refers to the communication security

between a pair of source and destination nodes, e.g., a data I:_:::egation point (AP) to

a higher-level AP or the sink [73]. We achieve link-layer security by immediate pairwise

keys shared between neighboring nodes and end-to-end security by multi-hop pairwise keys

shared between end-to-end sources and destinations.










5.3 A Location-Based Key Management Scheme

This section presents a location-based key management scheme for WSNs, including

the generation and distribution of LBE~s, a secure LBK(-based neighborhood authentication

scheme, and methods for establishing both immediate and multi-hop pairwise shared keys.

5.3.1 Pre-Deployment Phase

We examine a large-scale WSN consisting of hundreds or even thousands of sensor

nodes. We assume that all the nodes have the same transmission range R and communicate

via bi-directional wireless links. Nodes perform a collaborative monitoring of the designated

sensor field and report the sensed events to the distant sink, which is a data collection center

with sufficiently powerful processing capabilities and resources. We further assume that each

node A has a unique, integer-valued and non-zero ID, denoted by IDA. In view of the cost

constraints, nodes are assumed to be not tamper-resistant in the sense that adversaries

can extract all the keying material and data stored on a compromised node. However, we

postulate that the sink is trustworthy and unassailable, as is commonly assumed in the

literature [78, 79, 80, 81, 82, 83, 84, .]~

Prior to network deployment, we assume that a trusted authority (TA) does the fol-

lowing operations:

1. Generate the pairing parameters (q, GI~, G2 W, H) (cf. Section 2.2.1), where W is

an arbitrary generator of GI, and H is a hash function mapping given strings to

non-zero elements in Gi.

2. Ob.. .. --- h, mapping arbitrary inputs to fixed-length outputs, e.g., SHA-1 [16].

3. Pick a random IcneZ~ as the network master secret and set Wpub = IC -

4. Calculate for each node A an ID-based key (IBK( for short), IK~A = IcH(IDA) E Gi.

Each node A is preloaded with the public -1-,-r. parameters (q,GI,G2,8, H, h,W, Wpub)

and its private IK~A. It is important to note that it is computationally infeasible to deduce

ac from either (W, Wpub) or any (ID, IBK() pair like (IDA, IK~A), due to the difficulty of

solving the DLP in GI (cf. Section 2.2.1). Therefore, even after compromising an arbitrary

number of nodes and their IBE~s, adversaries are still unable to calculate the IBE~s of non-

compromised nodes.










5.3.2 Sensor Deployment and Localization

After loaded with the keying material, sensor nodes can be deployed in various ways

such as ph:~-i I installation or random aerial scattering. There are also many methods

to localize each node, i.e., furnishing each node with its geographic location. We consider

the following two sensor localization techniques, which accordingly differ in their ways of

generating LBE~s for individual nodes. The final outcome of either approach is that each

node A possesses its location denoted by IA and an LBK( LKA = IcH(IDA I A), where ||

denotes message concatenation.

Range-based localization. In this approach, we assume that a group of mobile

robots are dispatched to sweep across the whole sensor field along pre-planned routes.

Mobile robots have GPS capabilities as well as more powerful computation and communi-

cation capacities than ordinary nodes. The leading robot is also equipped with the network

master secret Ic. To localize a node, say A, mobile robots run the secure range-based lo-

calization protocol given in Chapter 4 or [67] to first measure their respective absolute

distance to node A and then co-determine IA, the location of A. Subsequently, the leading

robot calculates LKIA = IcH(IDA I A). It then generates IK~A = IcH(IDA) and sends

< {LKA I A IKA IlKA(LKA~ I A) > to A. Henceforth, {M~)k means encrypting message

M~ with key k, and hk(M~) refers to the message integrity code (MIC) of message M~ under

key k.

Upon receipt of the message, node A first uses its preloaded IBK( IK~A to decrypt LKIA

and IA and then regenerates the MIC. If the result matches with what the robot sent, A

saves LKIA and IA for subsequent use. Following this process, all the nodes can be furnished

with their respective location and LBK(. After that, mobile robots leave the sensor field and

the leading robot should securely erase ac from its memory. During subsequent network

operations, node addition may be necessary to maintain good network connectivity. The
localization of new nodes can be done in the same manner.

The assumption underlying this approach is that adversaries do not launch active and

explicit pinpoint attacks on mobile robots at this stage which usually does not last too long.

However, they may still perform relatively passive attacks such as message eavesdropping

or strategic channel inference to disturb the localization process [67]. This assumption is










reasonable in that mobile robots are much fewer than ordinary sensor nodes and hence

we can spend more on them by enclosing them in high-quality tamper-proof hardware and

putting them under super monitoring. Adversaries may also want to temporarily avoid

active and explicit attacks that may easily expose themselves. After the localization phase,

adversaries are free to launch all kinds of attacks.

Range-free localization. By contrast, the range-free localization approach does

not rely on exact distance or range measurements. Instead, we assume that there are

some special nodes called anchors knowing their own locations. All the non-anchor nodes

autonomously derive their locations based on information from the anchors and neighboring

nodes via secure range-free localization techniques such as [66, 88, 89].

The LBE~s are also generated on the nodes' own. To enable this, each node A is

preloaded with the network master secret Ic whereby to generate its LBK( LKA = IcH(IDA I

IA). As LEAP [90], this approach takes advantage of the fact that sensor nodes deployed in

security-sensitive environments are usually designed to withstand break-in attacks at least

for a short interval when captured by adversaries. Specifically, we assume that an adversary

needs a time interval at least Tmin to successfully compromise a node, and each node takes

some time less than Tmin to finish localization and generation of its LBK(. In addition,

each node should be programmed to securely erase ac from its memory after Tmin of its

deployment. In the case of subsequent node addition, new nodes can get their locations

and LBE~s in the same way.

5.3.3 Location-Based Neighborhood Authentication

By definition, neighborhood authentication means the process that any two neighboring

nodes validate each other's network membership. This process is fundamental in supporting

many security services in WSNs. For example, a node should only accept messages from and

forward messages to authenticated neighbors. Otherwise, external adversaries can easily

inject bogus broadcast messages into the network or swindle network secret information

from legitimate nodes.

During the post-deployment phase, each node is required to discover nd perform mutual

authentication with neighboring nodes, which is a normal process in many existing security

solutions for sensor networks. In our scheme, each node will think of another node as an










authentic neighbor if and only that node is within its transmission range R and also hokis

the correct corresponding LBK(. We take the following concrete example to explain the

neighborhood authentication process.

1. 4 -> : ID 4, 1 ZA

2. B ->A : IDBln, s, a,(n he ( 4| ne || 1)

3. 4 ->B :hK (nA 4 | ne || 2)

Suppose node A wishes to discover and authenticate neighboring nodes once having its

location and LBK(. To do so, 24 locally broadcasts an authentication request including its

ID ID4, location 14 and a random nonce n 4. Upon receipt of such a request, node B first

needs to ascertain that the claimed location 14 is in its transmission range by verifying if

the Euclidean distance ||14 ls|| ; R. This check is the baseline defense against the attack

that adversaries surreptitiously tunnel authentication messages between B and a virtually

non-neighboring node. Without the location check, B and that victim will falsely believe

that they are neighbors because both possess an authentic LBK( whereby to successfully

finish the following authentication process.

If the inequality does not hold, node B simply discards the authentication request.

Otherwise, B calculates a shared key as Ky 4A = #(La, H(ID4 || 14)). It then unicasts a

reply to node A including its ID and location, a random nonce us, and a MIC computed

as hKB (nA 4 | ne || 1). Upon receiving the reply, node 4 also first checks if the inequality

||14 -1| I ; RI~ holds. If so, it proceeds to derive a shared key as K4A,B = #(LK4,A H(IDB ||

Ig)) whereby to reconmpute the MIC. If the result is equal to what B sent, node 4 considers

B an authentic neighbor. Subsequently, A returns to node B a new MIC computed as

hKA (nA 4 | ne || 2). Upon receipt of it, B uses KB 4 to regenerate the MIC and compares
the result with what it just received. If they are equal, B regards node A as an authentic

neighbor as well.










The above process is valid because, if and only if both A and B have a correct LBK(,

K~A,B is equal to KB,A due to the following equations.

KA,B = 8(LKA, H(IDB || Is))

= (icH(ID A I A), H(IDB || Is))

= (H(IDA I A), ICH(IDB || Ig)) (5.1)

= (ICH(IDB || Ig), H(IDA I A))

= (LKB, H(IDA I A)) = KB,A

The second and third lines hold for the bilinearity of 8 and the fourth line holds by the

symmetry of 8 (cf. Section 2.2.1).

Using the above -hou -;-In-,i handshake, all the nodes can achieve mutual authentication

with neighboring nodes. Note that if multiple nodes simultaneously respond to the same

authentication request, possible MAC-layer collision may happen. We resort to effective

MAC-layer mechanisms to resolve this issue. For example, it can be alleviated through

MAC-layer retransmission or by using a random jitter delay for which each node has to

wait before answering an authentication request.

In our scheme, new nodes can be added freely to maintain necessary network con-

nectivity, especially when some existing nodes die out because of power shortage or other

reasons. A new node is also required to execute the authentication protocol once localized

properly.

Security analysis. Our location-based authentication scheme is secure against var-

ious malicious attacks. For example, in a location forgery attack, an adversary might send

an authentication request with a forged location within node B's range. Since the adversary

does not hold the LBK( corresponding to the forged location, he or she cannot successfully

finish the authentication procedure and thus deceive B into believing that he or she is an

authentic neighbor. Adversaries might as well launch the tunnelling of authentication mes-

sages attack by tunnelling authentication messages received at one location of the network

over an invisible, out-of-band and low-latency channel to another network location which

is typically multi-hop away. By doing so, they attempt to make two victim nodes far away

from each other believe that they are authentic neighbors. This attack is infeasible with










our scheme in that each node will simply deny authentication requests from nodes that are

not ph!~-il sh11-, within its transmission range. In addition, an adversary might put into the

vicinity of a legitimate node, I-, B, a replica of one compromised node at other distant loca-

tions. Most purely ID-based authentication schemes are vulnerable to this attack because,

without dependence on any central authority [79, 74], the victim B has great difficulty in

differentiating between legitimate authentication requests and malicious ones from replicas

of a compromised node. With our scheme in place, node B will simply ignore the replica's

authentication request because the replica should not appear in its transmission range.

It is worth pointing out that, as any other security solution, our scheme itself cannot

prevent a compromised node or its replicas from achieving mutual authentication with

its legitimate neighbors. However, it can guarantee that the compromised node or its

replicas receive nothing more than some random numbers, public IDs and locations from

legitimate nodes. This ensures that the compromised node cannot impersonate its legitimate

neighbors to other nodes. Therefore, our location-based authentication scheme can reduce

the impact of a compromised node from the otherwise network-wide scale to its vicinity,

more specifically, within a circle with radius 27E centered at its current location. This makes

it far more easier to devise efficient localized intrusion detection mechanisms.

One may worry that adversaries might mount the denial-of-service attack by continu-

ously sending bogus authentication requests or replies to allure legitimate nodes into endless

processing of such messages. In our opinion, this attack is in fact less worrisome. The rea-

son is that the number of neighbors of any node is limited in reality. Therefore, abnormally

many authentication requests or replies are highly likely an indicator of malicious attacks.

Under such situations, we assume that there are efficient mechanisms available for legitimate

nodes to report such an abnormality to the sink.

5.3.4 Immediate Pairwise Key Establishment

Link-layer security schemes demand an efficient method to establish pairwise shared

keys between neighboring nodes. Henceforth, we refer to such keys as immediate pairwise

keys (or IPE~s for short). With IPE~s, messages exchanged between neighboring nodes can

be encrypted and authenticated via efficient symmetric-key algorithms.










Note that after a successful three-way handshake, two neighboring nodes, say 4 and B,

have established a shared key K4A,B = KB 4. Adversaries, be they external or internal, may

overhear the authentication messages, but cannot deduce the shared key for the lack of the

LBE~s of 4 and B. From K4A,B, 4 and B can derive various shared session keys for different

security purposes by feeding K4A,B into the hash function h. For example, they can use

ko = h(K4A,B || 0) for message encryption and ki = h(K4A,B || 1) for message authentication.

In the similar way, each node can establish IPE~s with all its legitimate neighbors after the

neighbor discovery and authentication phase.

Since the IPE~s are by-products of the neighborhood authentication process, there is no

extra 1:- -, -i -1 151i-!!!!. !!r coninunication and computation overhead. In addition, our IPK<

establishment method has perfect resistance to node compromise because the IPE~s are built

upon the private LBE~s of individual nodes. No matter how many nodes are compromised,

the LBE~s of non-conipromised nodes II.h- I-, a remain secure, and so do the IPE~s established

between them.

5.3.5 Multi-hop Pairwise Key Establishment

In addition to the IPE~s, a node may need to establish pairwise shared keys with other

nodes that are multi-hop away. We call such keys as multi-hop pairmise keys (or MPE~s for

short) that are required for securing end-to-end traffic.

Assume that nodes LT and V are multi-hop apart and the routing path between them

has been established using the underlying routing protocol. To establish an MPK(, ET and

V execute the following protocol.

1. ET V : IDer,1r,ncrH(IDr || Irr)

2. V LT IDy-,1-, nxH(ID- || ly-)

Here, nr, nx- EZ~ are randoni private numbers chosen by nodes LT and V, respectively. At

the conclusion of the protocol, node V calculates

K (r = ~(L~-, nx-H(IDer || Ir) + ncH(IDer || Ir))

= (icH(IDy- || ly), (nx- + nr)H(IDer || Ir)).










Likewise, node LT computes

Ker,4 = ~(LKr, ncH(IDy- || ly) + nsH(IDy- || ly))

= (icH(IDer || Ir), (ncr + ns)H(IDy- || ly)).

If both nodes are legitimate and have followed the protocol correctly, by the bilinearity and

syninetry of 4,


Kur,4 = K rr = ~(H(IDer || Ir), H(IDy- || ly))(;q,+,z)'F


Based on the MPK( Ker,4, nodes LT and V can derive various shared session keys for different

security purposes as before.

Discussion. If possible, the two protocol niessa~ges can p~i:_:_-Jback on the routing

messages used to establish the routing path between LT and V. In doing so, the related

coninunication overhead can be much reduced. In addition, there is no need for LT and V

to further exchange messages to prove to the other the knowledge of the MPK(. Any future

niessa~ges encrypted and authenticated with the MPK( or the derivative session keys can

implicitly achieve the same effect.

Our MPK( establishment protocol is a simple adaptation of the provably secure ID-

based key a~greenient protocol [91]. Any third party may overhear the plaintext niessa~ges

exchanged between LT and V, but cannot derive the MPK( Kur,4 without knowing the LBE~s

of LT or V. This protocol also has perfect resilience against node compromise because of

the dependence of the MPE~s on the nodes' private LBE~s.

5.4 Efficacy of LBKs in Attack Mitigation

In this section, we show how the proposed LBE~s can act as effective and efficient

countermeasures against several notorious attacks against WSNs.

5.4.1 Spoofing, Altering or Replaying Routing Information

Without precaution, external adversaries are able to spoof, alter or replay routing

niessa~ges. By doing so, they attempt to create routing loops, cause network partitions,

incur false error messages, and so on [73].

As mentioned before, neighboring nodes are required to perform mutual authentica-

tion based on their private LBE~s. Since each node only processes routing messages front










authenticated neighbors, external adversaries can be prevented from entering the network

and distributing phony routing messages. The remaining problem is how to defend against

internal adversaries or compromised nodes in possession of authentic keying material. It

is believed that there is no cryptographic way that can prevent them from manipulating

routing information. However, our location-based neighborhood authentication scheme can

constrain the impact of compromised nodes to a small range centered at their original lo-

cations. In other words, internal adversaries cannot utilize the acquired to inr:, material at

one place to launch routing attacks at another distant place. What they can only possibly

do is to continue misbehaving at "the scene of the crime," i.e., a small range around the

location of the compromised node. If doing so, they might run a high risk of being detected

by legitimate nodes if effective localized misbehavior detection mechanisms are available.

5.4.2 The Sybil Attack

The Sybil attack happens when a malicious node behaves as if it were a large number

of nodes, e.g., by impersonating other nodes or simply claiming multiple forged IDs and/or

locations. As pointed out in [73, 74], this attack is extremely detrimental to many impor-

tant WSN functions, such as routing, fair resource allocation, misbehavior detection, data

I: :_regfation, and distributed storage.

With our scheme in place, when a malicious node intends to impersonate a legitimate

node, it does not have the authentic LBK( and thus cannot successfully finish mutual au-

thentication with other legitimate nodes. For the same reason, a malicious node cannot

claim forged IDs and/or locations without being detected. Therefore, the Sybil attack is

effectively defeated.

5.4.3 The Identity Replication Attack

The identity replication attack [74] takes place when adversaries put multiple replicas

of a compromised node in different geographic locations. It may lead to the inconsistence of

the network routing information, as well as jeopardizing other important network functions.

Conventional defenses often involve a central authority, e.g., the sink, that either keeps a

record of each node's location [74], or centrally counts the number of connections a node










has and revokes those with too many connections [79]. These solutions require node-to-

node authentication and pairwise key establishment to be performed through the central

authority, thereby causing significant communication overhead and the lack of scalability.

This attack is no longer feasible when our location-based neighborhood authentication

scheme is applied. The replicas of a compromised node will be prevented from entering

the network by legitimate nodes at locations other than the neighborhood of the compro-

mised node. Our countermeasure is totally self-organizing and does not involve any central

authority, hence it is rather lightweight and highly scalable in contrast to previous solutions.

5.4.4 Wormhole and Sinkhole Attacks

Wormhole [73, 92] and sinkhole [73] attacks are two notorious attacks against WSN

routing protocols that are difficult to withstand, especially when the two are used in com-

bination.

In the wormhole attack, instead of compromising any node, collaborative adversaries

first create a wormhole link, essentially an out-of-band and low-latency channel, between

two distant network locations. They then tunnel routing messages recorded at one location

via the wormhole link to the other, leading to the chaos of the routing operations. Hu

et al. [92] presented a technique called packet leashes to withstand the wormhole attack.

It requires extremely tight time synchronization and is thus infeasible for most WSNs, as

noted in [73]. In contrast, each node in our scheme only accepts routing messages from

authenticated neighbors and will discard those tunnelled from distant locations. Therefore,

the wormhole attack is effectively and efficiently thwarted.

In the sinkhole attack, compromised nodes attempt to attract all the traffic from their

surrounding nodes by announcing a high-quality route to the sink or some other destina-

tions. For example, adversaries create an invisible and fast channel between two compro-

mised nodes A and B residing in distant network regions. Node A claims that it is one

hop or a few hops away from B or other nodes close to B. By doing so, A aims to be se-

lected by legitimate surrounding nodes as a packet relay to B or other nodes in that region.

Fortunately, our scheme can withstand such sinkhole attacks against minimum-hop routing

protocols. For instance, upon seeing A's advertisement of a single-hop path to node B, a

legitimate node can immediately find out that A is malicious by noting that the distance










between A and B is far more larger than the normal transmission range 78. In addition,

geographic routing protocols such as [87] have been identified in [73] as promising solutions

resistant to sinkhole and wormhole attacks. The reason is that they construct the rout-

ing topology on demand using only localized interactions and geographic information. To

apply such schemes, however, the location information advertised from neighboring nodes

must be authenticated. We provide such a guarantee by the LBE~s and the location-based

neighborhood authentication scheme.

We note that our scheme itself cannot prevent the sinkhole attacks against routing

protocols with routing metrics such as remaining energy or end-to-end ra 11 Il1.11117. The

major reason is that the authenticity of these information is very difficult to verify by

cryptographic means alone. As far as we know, the related countermeasure thus far remains

an open challenging issue, and is an interesting topic worthy of further study.

5.5 Location-Based Filtering of Bogus Data

In this section, we first describe the bogus data injic-tio~n attack. We then present a

location-based threshold-endorsement scheme (LTE) as the countermeasure. At last, we

evaluate the performance of LTE in terms of energy savings.

5.5.1 The Bogus Data Injection Attack

As mentioned before, neighborhood mutual authentication is sufficient to prevent ex-

ternal adversaries from injecting bogus data into the network, but will fail in the presence

of internal adversaries. By a single compromised node, internal adversaries can induce ar-

bitrary and seemingly authentic data reports into the network. Without precaution, this

kind of attack may do a lot of damage to the network, e.g., causing false alarms or net-

work traffic congestion. Even worse, it can deplete the precious energy of relaying nodes

on any forwarding path to the sink, which is often tens or even hundreds of hops away

from the sources of data reports. It is, therefore, important to design effective and efficient

countermeasures against this attack.

Since there is no way of hindering internal adversaries from injecting bogus data, we

attempt to figure out ways to mitigate their impact. Our first goal is to filter bogus

data reports as early as possible before they reach the sink. Our second goal is to detain

adversaries from freely fabricating the originating locations of injected bogus data reports.








89




coo o ooo ooo
0 0 aoo oo a
:O OOO OOi O O O
ooo 0000 0
OOO D OOOO OOO OO
(xo oo)
Figure 51 Nod delymn modl

We cheveth fistgoa b a o trsoldenorsmn mehd Tha is dtrpr
shul b c-sgnd y ode or i tlo b consdee auhni.Arprihu








muc geaer ificltyininecingseemnl authd dplyentcyt bogu at eprs a he o

hae to hv coprmie airt least by noe intheahd of nlyorsmne as before. Ta s a

Whul e fulfi teseod b objective by embeddingthred loationinomtion ofadt report 'sou

corigntigaeai hejit endorsement itlb rgreda carrioes Tod dinjctar bogu data reported that

otrignaes fromg at certi areaand can survive the fitrigby egaiotimate intermediate nodes

adersar ields must acual compromise at least t nodes, hnoldng ksteyn material pofe thatare.

Evnso hey c-ann popety uiiz theacuired kemayin material esto fae dat airport tatin seem to

onrigionatee from othe fareias. Anote-rbenefi svis tatonce I detrmining tat esoearre ihvin

repo rtsatre unficltere bogu onjesth e sinkl caun pinpin ythi originatin aepresas and then


tae specficl rhemedactons.betv yebdigtelctinifraino aarpr'


Brgael fow we detai howa to actall sreaize the aboverigb ideas. ae nemeit nd

5.5.2ae Genertio andull Distroibu tio ofas Cel Koeys odn ei mtra ht

Tv o, tenal lcan tion-baed thr cyiesod-keyndorsmenter propose dth e nortio ofa cell ke

For nthe sake ofhe simplicity, we asue that sthet snorc fiteld is a Mr x Nrretage whosei










lower-left corner is at location (Xo, Yo). The sensor field is divided into M~N square cells of

equal side length r. Each cell is labelled with a pair of integers < m, a >, for 1 ( m ( M~
and 1 ( n ( N. Prior to deployment, (Xo, Yo) and r are preloaded to each node. Also note

that our LTE can be easily extended for use with any other node deployment model.

We define the cell key of cell < m, a > as Km,n, = IcH(m || n), which shall be used

to endorse any report originating from that cell. The next question is how to distribute

Km,n, to nodes in cell < m, a >. Let ID~,, denote the ith node with location l~,, in cell

< m, a >. The naive method of letting each ID~,, hold one copy of Km,n, obviously suffers
from single node compromise. Instead, we propose to utilize the secret-sharing technique

[15] to assign a share of Km,n, to each IDL~,, The purpose is to make Km,n, reconstructible
by any t nodes in cell < m, a >, while irrecoverable by any less than t of them. To do this,

prior to network deployment, the TA additionally generates a (t 1)-degree polynomial,

F(2) = El Fp 23 G with coefficients Fy randomly selected from GI. I t also selects
another system parameter c ( r whose use is explained shortly. We consider the following

two cases of cell-key share distribution, depending on whether node localization is range-

based or range-free (cf. Section 5.3.2).

Range-based cell-Key distribution. In this approach, the leading robot is preloaded

with the polynomial F(z). In addition to determining a node's location, it decides that

node's present cell by simple geometric calculations. Consider node IDL,, as an ex-

ample. Its location I ,,, i.e., (XA~,,,YA~,), will satisfy (m 1)r ( XL,, -Xo < mr

andl (no 1) ,-Yo < ur. Then the leading robot derives Km,n, = IcH(m || n)
and a set of authenticators Vm,nI, = {vJ, I,,| ir J I t 1}, where v~i,) = 8(Km,~,,n, )

and v$~, = (H(Fy || n || n), W1) for 1 i. j 6 t 1 Note that it just needs to

do these computations once for each cell. Next, the leading robot calculates KLi,n

t- H(Fy || mr || n)(DLn, || Im i" +3$IIL~ Em~ OI GI, eferred to as node Iln,,,'s share of

K~m,,. Finally, KL,, and Vm,n are securely sent to node ID~,, along with Pm" and its LBK<
(cf. Section 5.3.2).


G I denotes the set GI \ {0} where O is the identity element of Gi.