Generating certification authority authenticated public keys in ad hoc networks

Authors

  • G. Kounga,

    1. Cloud & Security Lab, Hewlett-Packard Laboratories, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, U.K.
    Search for more papers by this author
  • C. J. Mitchell,

    1. Information Security Group, Royal Holloway, University of London, Egham, Surrey TW20 0EX, U.K.
    Search for more papers by this author
  • T. Walter

    Corresponding author
    1. Research Planning and Promotion/Security Specialist, DOCOMO Communications Laboratories Europe GmbH, Landsberger Strasse 312, 80687 Munich, Germany
    • Research Planning and Promotion/Security Specialist, DOCOMO Communications Laboratories Europe GmbH, Landsberger Strasse 312, 80687 Munich, Germany.
    Search for more papers by this author

ABSTRACT

In an ad hoc network, nodes may face the need to generate new public keys. To be verifiably authentic, these newly generated public keys need to be certified. However, because of the absence of a permanent communication infrastructure, a certification authority (CA) that can issue certificates may not always be reachable. The downside is that secure communication channels cannot be established. Previously proposed solutions do not guarantee that identities contained in certificates are valid or, when they do, they rely on neighbors to validate user-key bindings. However, there is no guarantee that nodes that are known in advance will always be present in the network. Therefore, neighbors are not always able to verify a node's identity before certificate issuance. In this paper we define a scheme that permits nodes to generate, on-demand, and independently of any third entity, public keys that can be authenticated with the aid of a unique certificate, issued by a CA at initialization. This certificate binds a valid identity to a hash code. We then extend this scheme to a solution permitting certificates to be generated, on-demand, and independently of any third entity, that can be authenticated with a unique signature generated by a CA. Finally we solve the problem of updated revocation information. Copyright © 2010 John Wiley & Sons, Ltd.

Ancillary