Certificates for Inter-Network Handovers

We have presented client certificates, MAP certificates and intra-network transfer certifi- cates in Chapter 3. They are required for mutual authentication between a client and a MAP when the client logs in to a network, or roams from one MAP to another MAP within a single WMN. In this chapter, we propose additional certificates to support a client moving from one network to another network.

Certificates are issued and managed by certificate agents who are trusted by all entities of networks to perform such tasks. There can be several certificate agents serving different WMNs. One agent can serve several networks. Certificates are used to establish the trust between a client and a set of BMAPs, and between adjacent BMAPs (see Figure 3.1). The lifetime of a certificate is determined by its issuer’s policy.

Three types of certificates are used in our inter-network authentication and key dis- tribution protocols: client certificate, BMAP certificate, and inter-network transfer cer- tificate. They are needed for mutual authentication between a client and a BMAP when the client roams from one BMAP to an adjacent BMAP.

discussion. Table 4.1: Notations Notation Description C Client Γ Type of certificate A Certificate agent I_x ID of entityx

λC Inter-network transfer certificate issued to a client

Px Public key issued tox

Tx Certificate issued to x

τ_exp Expiry date and time of a certificate

Nx A nonce generated by x

Sigx Digital signature of entity x

M AC_alg Type of MAC algorithm

E_Px(m) Encryption of message, musing x’s public key

DPx(m) Decryption of message,musing x’s public key

Vk(m) Message authentication code (MAC) resulting from the application

4.1.3.1 Client Certificates

A client applies for a client certificate from a certificate agent. A client trusts a certificate agent via the agents’s public key certificate issued by a central authority. A client certifi- cate is unique to each client and can be used for both intra-network and inter-network handovers.

Following is the structure of a client certificate which has also been described in Chapter 3:

T_C ={I_C, I_A, τ_exp, P_C, Sig_A}

• TC: client certificate issued by certificate agentA whose ID isIA. • IC: ID of the client that is given this certificate.

• IA: ID of the certificate agent who issued the certificate TC.

• τexp: expiry date and time of certificate TC. The certificate agent will re-issue a new certificate for the client if the current certificate has expired.

• PC: public key of clientIC, which is used by a MAP or BMAP to verify the signature signed by the client in the protocol. The certificate agent obtains the public key from the client’s public key certificate. We assume that the agent is a trusted party and has access to public key certificates of all clients and MAPs.

believe that the certificate was created by certificate agentIA, and that it was not altered in anyway.

4.1.3.2 BMAP Certificates

Each BMAP is pre-installed with a BMAP certificate. The network operator of each network obtains a BMAP certificate for each BMAP from a certificate agent. When requesting certificates, the network operator provides the agent with the public key of each BMAP, which will later be embedded in the BMAP’s certificate. Since its public key is part of the certificate, each BMAP must be pre-installed with a public key before deployment.

Following is the structure of a BMAP certificate:

TBM ={Γ, IBM, IA, τexp, PBM, SigA}

• TBM: BMAP certificate issued by a certificate agentAwhose ID is IA. • Γ: Type of the certificate, indicating “inter-network” or “intra-network”. • IBM: ID of the BMAP that is given this certificate.

• IA: ID of the agent who issued certificateTBM to BMAPBM.

• τexp: expiry date and time of certificateTBM. The agent will issue a new certificate for the BMAP once the current certificate expires.

• PBM: BM’s public key, which will be used by its neighbors to verify the signature ofBM in messagesBM sends. The certificate agent obtains the public key ofBM

from BM’s public key certificate.

• SigA: digital signature of the certificate agent A, which will be used to identify the sender of the certificate.

4.1.3.3 Inter-network Transfer Certificates

When a client roams from its local BMAP to an adjacent BMAP, the trust relationship between the client and the adjacent BMAP is based on an inter-network transfer certifi- cate. When a clientC first logs in to the network through a BMAP, this BMAP becomes

C’s local BMAP BMi, which will authenticate the client through the login protocol. If the authentication succeeds, BMi will issue C an inter-network transfer certificate and become C’s local BMAP. When C roams to an adjacent BMAP BMj, it submits the inter-network transfer certificate toBMj for authentication. The inter-network transfer certificate proves to the adjacent BMAP that clientChad been successfully authenticated by its local BMAP.

The structure of an inter-network transfer certificate λC is as follows:

λC ={ν, VCM K(ν)}, where

ν ={I_cert, I_BMi, I_C, P_C, I_N,Γ, τ_exp, M AC_alg}

Message ν stores the information of the client, local BMAP and certificate agent as follows:

• Icert: ID of the inter-network transfer certificate. The combination of Icert, IBMi

and I_C uniquely identifies a transfer certificate n the network.

• I_BMi: ID of the BMAP who issues this inter-network transfer certificate. • IC: ID of the client who owns this transfer certificate.

• PC: public key of the client. The client’s home BMAP obtains the client’s public key fromC’s client certificate.

• I_N: ID of the network to which the current BMAP belongs.

• Γ: Type of certificate indicating “inter-network” or “intra-network”. • τexp: expiry date and time of this certificate.

• M ACalg: message authentication code algorithm. The inclusion of the type of MAC algorithm in transfer certificates is optional. It is not required if the parties agree on an algorithm in advance.

We now discuss about the valueV_{CM K(ν)} stored in the inter-network transfer cer- tificate and the use of the MAC algorithm. During the authentication between client C and its BMAP BMi (step (1) in Figure 4.5), they exchange two partial keysN_C4 andN_R4 (see Section 4.2.2.1 for details of the authentication procedure). They will both then compute a shared key CM K =NC4||NR4, where || denotes a concatenation. BMi subsequently applies the MAC algorithm and key CM K to messageν to produce a MAC valueV_{CM K}(ν). This MAC value will protect message

ν, and thus the inter-network transfer certificate, against forgery and unauthorized modifications. BM_i combines message ν and V_{CM K}(ν) to form the inter-network transfer certificate to be sent toC.

When client C moves into contact with an adjacent BMAP BM_j, C submits its inter-network transfer certificate issued by BMi to BMj for authentication. BMi sends the keyCM K to the adjacent BMAPs, includingBMj, in advance of the han- dover via the key distribution to neighbors (KDN) protocol, which will be described in Section 4.2.2.2. BMj will use keyCM K and the MAC algorithm to verify the au- thenticity and data integrity of the inter-network transfer certificateλC submitted by clientC in order to authenticate C. BMj applies the MAC algorithm and key

CM K to messageν to produce a MAC value V0

CM K(ν). IfVCM K0 (ν) =VCM K(ν),

BMj can confirm that the inter-network transfer certificate λC is valid. It should be noted that each certificate has its own expiration date. The life time of a key

CM K is the same as that of the inter-network transfer certificate associated with it. An adjacent BMAP can generate a new inter-network transfer certificate for a mobile client if the mobile client’s current inter-network transfer certificate is about to expire.