Generación y distribución del aire comprimido

Certificates are issued and managed by certificate agents who are trusted by all entities of WMNs to perform such tasks. There can be several certificate agents serving a network. Certificates are used to establish the trust between a certificate agent and a MAP, a certificate agent and a client, a MAP and a client, and between a MAP and another MAP (see Figure 3.1). The lifetime of a certificate is determined by its issuer’s policy.

Three types of certificates are used in our authentication protocols: client certificate, MAP certificate, and intra-network transfer certificate. They are needed for mutual

authentication between a client and a MAP when the client logs in to the network, or roams to another MAP in a single WMN.

We will use the notations listed in Table 3.1 throughout the chapter to facilitate the discussions.

3.1.2.1 Client Certificates

A client applies for a client certificate from a certificate agent. The trust between a client and a certificate agent is established through their public key certificates issued by a central authority.

Following is the structure of a client certificate:

T_C ={I_C, I_A, τ_exp, P_C, Sig_A}

• TC: client certificate issued by certificate agentA whose ID isIA. • IC: ID of the client who has been given this certificate.

• IA: ID of the certificate agent who issued the certificate TC.

• τexp: expiry date and time of certificate TC. The certificate agent will re-issue a new certificate for the client if the certificate has expired.

• PC: public key of client IC, which is used by a MAP to verify the signature signed by the client in the login authentication protocol (see Section 3.2.1). The certificate agent obtains the public key from the client’s public key certificate. We assume that

Table 3.1: Notations Notation Description

C Client

R Mesh access point (MAP)

A Certificate agent

Ix ID of entity x

Θ_C Intra-network transfer certificate issued to a client

P_x Public key issued tox

Tx Certificate issued to x

τexp Expiry date and time of a certificate

Nx A nonce generated by x

Sig_x Digital signature of entity x

M ACalg Type of MAC algorithm

EPx(m) Encryption of message, m usingx’s public key

DPx(m) decryption of message, m using x’s public key

E_{KM AC}(m) Encryption of message, m using MAC keyK_{M AC}

KMAC The key used to produce a message authentication code

(Section 3.1.2.3)

Vk(m) Message authentication code (MAC) resulting from the application

the agent is a trusted party and has access to public key certificates of all clients and MAPs.

• SigA: digital signature of certificate agent IA, which gives a recipient reason to believe that the certificate was created by certificate agentI_A, and that it was not altered in any way.

3.1.2.2 MAP Certificates

The operator of a mesh network applies for MAP certificates, one per MAP, and dis- tributes them to the MAPs in the network. The operator is also responsible for request- ing and distributing a new MAP certificate before the current MAP certificate expires. Following is the structure of a MAP certificate:

TR={IR, IA, τexp, PR, SigA}

• TR: MAP certificate issued by certificate agentAwhose ID is IA. • IR: ID of the MAP that is given this certificate.

• IA: ID of the certificate agent who issued certificate TR to MAP R.

• τexp: expiry date and time of certificate TR. The certificate agent will re-issue a new certificate for the MAP once the current certificate expires.

• P_R: public key of MAP R, which will be used by clients to verify the signature of MAPR in messagesR sends. The certificate agent obtains the public key from the

MAP’s public key certificate.

• SigA: digital signature of certificate agentIA.

3.1.2.3 Intra-network Transfer Certificates

An intra-network transfer certificate is used to establish the trust relationship between a MAP and a client when a client roams from one MAP to another in a single WMN. When a client C first logs into the network, it sends its client certificate to a nearby MAP M1, which will authenticate the client. If authentication succeeds, M1 will issue toC an intra-network transfer certificate and become the home MAP ofC. (We borrow the terminology from mobile IP.) When C roams to a foreign MAP M2, it submits the certificate to M2 for authentication. The intra-network transfer certificate proves to the foreign MAP that clientC has been successfully authenticated by its home MAP.

The structure of an intra-network transfer certificate ΘC is as follows: Θ_C ={µ, V_{KM AC}(µ)}, where

µ={Icert, IR, IC, PC, τexp, M ACalg}

Messageµ stores the information of the client and home MAP as follows:

• I_cert: ID of the intra-network transfer certificate. The combination ofI_cert,I_R and

IC uniquely identifies a transfer certificate in the network.

• IR: ID of the MAP who issues this intra-network transfer certificate. • IC: ID of the client who owns this intra-network transfer certificate.

• PC: public key of the client. The client’s home MAP obtains the client’s public key fromC’s client certificate.

• τ_exp: expiry date and time of this certificate.

• M ACalg: message authentication code algorithm. (The inclusion of the type of MAC algorithm in an intra-network transfer certificate is optional. It is not required if the parties agree on an algorithm in advance.)

We now discuss about the value V_{KM AC}(µ) stored in the intra-network transfer cer- tificate and the use of the MAC algorithm. During the authentication between client

C and its home MAP M1 (step (1) in Figure 3.2), they exchange two partial keys (also called nonces1_{) N}

C1 and NR1 (see Section 3.2.1 for details of the authentication proce- dure). They will both then compute a shared keyKM AC =NC1||NR1, where ||denotes a concatenation. M1 subsequently applies the MAC algorithm and keyKM AC to message

µto produce a MAC valueV_{KM AC}(µ), which will protect messageµ, and thus the intra- network transfer certificate against forgery and unauthorized modifications. M1 combines message µand VKM AC(µ) to form the certificate to be sent to C.

M1 also sends a message r ={Icert, IR, IC, KM AC} toM2, which contains the ID of this intra-network transfer certificate, M1’s IDIR,C’s IDIC and keyKM AC to be used with this intra-network transfer certificate. The combination of Icert,IR and IC is used to identify the association of a keyK_{M AC} with the corresponding intra-network transfer

1_{Such a partial key is used only once and cannot be re-used by the party that created it in the first}

certificate.

When client C moves into contact with a foreign MAP (e.g. M₂) to prepare for a handover to the new MAP,C submits the intra-network transfer certificate issued byM1 to the foreign MAP (e.g. M2) for authentication (step (3) in Figure 3.2).

In order to allow a foreign MAP (e.g. M₂) to process the intra-network transfer certificate and authenticateC, the home MAP M1 is required to securely send the key

KM AC = NC1||NR1 to the foreign MAP (e.g. M2) in advance. (We describe in Sec- tion 3.2.2 how to deliver key K_{M AC} from the home MAP to any of its neighbor in a timely, secure, and efficient manner.)

The foreign MAP (e.g. M2) will use keyKM AC and the MAC algorithm to verify the authenticity and data integrity of the intra-network transfer certificate ΘC submitted by clientC. (M2 will also verify the identity of C in the handover authentication protocol described in Section 3.2.2, and illustrated by steps (4) and (5) in Figure 3.2.)

It should be noted that each certificate has its own expiration date. The synchro- nization of certificate updates follows the timing synchronization function of the 802.11s standard [72]. The lifetime of a key K_{M AC} is the same as that of the intra-network transfer certificate associated with it. A foreign MAP in the network can re-issue a new intra-network transfer certificate for the certificate owner if the current intra-network transfer certificate is about to expire.

Readers may note that the formats of the above certificates are similar to that of X.509 certificates. However, our certificates contain extra information that cannot be

Figure 3.2: Information exchange between a client and MAPs

accommodated by the X.509 format, e.g., client ID in a client certificate, MAP ID in a MAP certificate, and the MAC value in an intra-network transfer certificate.