Cristina Satizábal

Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks

The ease with which nodes may join or leave a Mobile Ad-hoc Network (MANET) implies changing trust relationships among them and problems to build certification paths. Peer-to-peer Public Key Infrastructures (PKIs) are quite dynamic and certification paths can be built although part of the infrastructure is temporarily unreachable. However, path discovery is difficult because trust relationships are bidirectional. On the contrary, in hierarchical PKIs, there is only one path between two entities and certification paths are easy to find. We propose a protocol that establishes a virtual hierarchy in a peer-to-peer PKI. This protocol is suitable for dynamic environments such as MANETs since it is executed in a short time. In addition, our protocol does not require to issue new certificates among PKI entities, facilitates the certification path discovery process and the maximum path length can be adapted to the characteristics of users with limited processing and storage capacity.

Efficient Certificate Path Validation and Its Application in Mobile Payment Protocols

Certification path validation is a complex task that implies high computational cost. In this process is necessary to verify the binding between the owner of the certificate and his public key. In SET protocol, the customer and merchant require to verify the certification path of their certificates to trust each other. The customer and merchant carry out several cryptographic operations to complete SET protocol including the authentication process. Because mobile devices are limited in terms of processing and storage capacities, it is relevant to reduce the computational cost required by the cryptographic operations. In this paper, we apply TRUTHC (Trust Relationship Using Two Hash Chains) to reduce the computational cost of cryptographic operations carried out by the customer and merchant to complete the certification path validation. In addition, we compare the results using RSA and ECDSA protocols, with a typical PKI.

Study of mobile payment protocols and its performance evaluation on mobile devices

Mobile payment protocols must provide security services (e.g., authentication, authorisation, integrity, privacy and non-repudiation), but the features of mobile devices make it a difficult task, especially when the service requires to perform public key operations. It is very well known, that the public key operations require high execution time of the CPU and battery consumption. In this paper, we computed the computational cost required by each entity in five mobile payment protocols. In addition, we computed the transmission time of each message among different entities. The exchange of message was done using Bluetooth technology. The performance evaluation of each mobile payment protocol defines its feasibility according with the whole time expending during the protocol considering its computational cost and transmission time.

Reducing the computational cost of certification path validation in mobile payment

PKI can improve security of mobile payments but its complexity has made difficult its use in such environment. Certificate path validation is complex in PKI. This demands some storage and processing capacities to the verifier that can exceed the capabilities of mobile devices. In this paper, we propose TRUTHC to reduce computational cost of mobile payment authentication. TRUTHC replaces verification operations with hash operations. Results show a better reduction of the cost with ECDSA than with RSA

Mobile Payment Protocol for Micropayments: Withdrawal and Payment Anonymous

This paper presents an efficient and practical protocol to carry out micropayments, based on the use of anonymous mobile cash, that provides anonymity and unlinkability to customers. The mobile cash used in the protocol can be of different value and denomination. It is official after a bank signs it with a specific private key. The bank stores the relation between the mobile cashs value and its corresponding public key. The scheme prevents double spending and forgery attacks. A mobile device that supports Java applications and Bluetooth technology is required. Through the use of pseudonym certificates customers can be authenticated using WTLS protocol without disclosing personal information. The protocol requires a low computational cost.

Efficient remote user authentication scheme using smart cards

In 2009, Kim-Chung proposed a secure remote user authentication scheme. In this paper, we show that Kim-Chung|s scheme does not establish a session key. Moreover, the scheme requires time-synchronisation. In order to remedy these drawbacks, this paper proposes an improvement scheme which fulfils all the security requirements for a remote user authentication scheme. Security analysis proved that the improved scheme resists the typical attacks. Furthermore, the analysis of computational cost and storage capacity demonstrated that the scheme is feasible for a practical implementation.

WAP PKI and certification path validation

The fast evolution of mobile communications and their convergence with internet make necessary to adapt the security services to this new environment. WPKI (Wireless Application Protocol Public Key Infrastructure) can provide these services, but the features of the mobile devices make it a difficult task, especially for complex processes such as the certification path validation that requires long time and resources. In this paper, we show the limitations of WPKI from the verifiers point of view and determine the computational cost and storage capacity required by a verifier, with a mobile terminal, to carry out a certification path validation process when different revocation mechanisms are used.

Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture

Trust models provide a framework to create and manage trust relationships among the different entities of a Public Key Infrastructure (PKI). These trust relationships are verified through the certification path validation process, which involves: path discovery, signature verification and revocation status checking. When trust relationships are bidirectional, multiple paths can exist between two entities, which increase the runtime of the path discovery process. In addition, validation of long paths can be difficult, especially when storage and processing capacities of the verifier are limited. In this paper, we propose a protocol to establish a hierarchical trust model from a hybrid PKI. This protocol makes more efficient certification path discovery since in a hierarchical model, trust relationships are unidirectional and paths are easy to find. In addition, our protocol does not require issuing new certificates and allows setting a maximum path length, so it can be adapted to the features of users’ terminals.

Hierarchical Trust Architecture in a Mobile Ad-Hoc Network Using Ant Algorithms

Trust relationships change frequently in ad-hoc networks, so it is difficult to build certification paths among their nodes. When trust relationships are bidirectional, certification path discovery becomes more difficult because multiple paths can exist between two entities and all the options do not lead to the target entity. On the other hand, certificates can establish relationships of different trust level. In this paper, we propose a protocol that establishes a virtual hierarchy from a peer-to-peer web of trust. This protocol uses swarm intelligence to obtain information about the certification paths and to establish the trustworthiness of each node. Our protocol does not require to issue new certificates among network entities, facilitates the certification path discovery process and the maximum path length can be adapted to the characteristics of users with limited processing and storage capacity.

Building Hierarchical Public Key Infrastructures in Mobile Ad-Hoc Networks

Dynamism of mobile ad-hoc networks implies changing trust relationships among their nodes that can be established using peer-to-peer PKIs. Here, certification paths can be built although part of the infrastructure is temporarily unreachable because there can be multiple paths between two entities but certification path discovery is difficult since all the options do not lead to the target entity. On the contrary, in hierarchical PKIs, there is only one path between two entities and certification paths are easy to find. For that reason, we propose a protocol that establishes a virtual hierarchy in a peer-to-peer PKI. The results show that this protocol can be executed in a short time. In addition, our protocol does not require to issue new certificates among PKI entities, facilitates the certification path discovery process and the maximum path length can be adapted to the characteristics of users with limited processing and storage capacity.