In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methods
Fast Certificate-based Authentication Scheme in Multi-operator maintained Wireless Mesh Networks
Fabio Martinelli;Marinella Petrocchi
2010
Abstract
In this paper, we consider QoS aware mesh networks that are maintained by multiple operators and they cooperate in the provision of networking services to the mesh clients. In order to support mobile users and seamless handover between the access points, the authentication delay has to be reduced. Many proposed fast authentication schemes rely on trust models that are not appropriate in a multi-operator environment. In this paper, we propose two certificate-based authentication schemes such that the authentication is performed locally between the access point and the mesh client. We assume that the access point is always a constrained device, and we propose different mechanisms for mesh clients with different computational performance. For constrained devices, we propose a mechanism where weak keys are used for digital signatures to decrease the latency of the authentication. The authenticity of the weak keys are provided by short-term certificates issued by the owner of the key. The short-term certificate has the digital signature generated by the owner's long-term key. We prove formally that the use of our weak key mechanism on the mesh client side is as secure as the use of some stronger keys. We perform a detailed performance evaluation on our proof-of-concept implementation, and we also compare our solution to the current standard methodsI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
