{"title":"面向移动自组织网络的灵活凭证验证","authors":"S. Keoh, Emil C. Lupu","doi":"10.1145/584490.584503","DOIUrl":null,"url":null,"abstract":"Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.","PeriodicalId":344182,"journal":{"name":"Principles of Mobile Computing","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"Towards flexible credential verification in mobile ad-hoc networks\",\"authors\":\"S. Keoh, Emil C. Lupu\",\"doi\":\"10.1145/584490.584503\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.\",\"PeriodicalId\":344182,\"journal\":{\"name\":\"Principles of Mobile Computing\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Principles of Mobile Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/584490.584503\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Principles of Mobile Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/584490.584503","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards flexible credential verification in mobile ad-hoc networks
Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
