Abstract
Certificate-based authentication of parties provides a powerful means for verifying claimed identities, since communicating partners do not have to exchange secrets in advance for authentication. This is especially valuable for roaming scenarios in future mobile communications where users authenticate to obtain network access—service access may potentially be based thereon in integrated approaches—and where the number of access network providers and Internet service providers is expected to increase considerably. When dealing with certificates, one must cope with the verification of complete certificate paths for security reasons. In mobile communications, additional constraints exist under which this verification work is performed. These constraints make verification more difficult when compared to non-mobile contexts. Mobile devices may have limited capacity for computation and mobile communication links may have limited bandwidth. In this paper, we propose to apply PKI servers—such as implemented at FhG-SIT—that allow the delegation of certificate path validation in order to speed up verification. Furthermore, we propose a special structure for PKI components and specific cooperation models that force certificate paths to be short, i.e., the lenghts of certificate paths are upper-bounded to certain small values depending on the conditions of specific cases. Additionally, we deal with the problem of users who do not have Internet access during the authentication phase. We explain how we solved this problem and show a gap in existing standards.
Similar content being viewed by others
References
S. Blake-Wilson, M.N.D. Hopwood, J. Mikkelsen and T. Wright, “Transport Layer Security TLS Extensions”, RFC 3546, Standards Track, 2003.
C. Dierks and C. Allen, “The TLS Protocol Version 1.0”, RFC 2246, 1999.
M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP”, RFC 2560, Standards Track, 1999.
D. Berbecaru, A. Lioy and M. Marian, “On the Complexity of Public-Key Certificate Validation”, in Information Security (ISC01), 4th International Conference, Springer Verlag, 2001.
D. Westhoff, “The Role of Mobile Device Authentication with Respect to Domain overlapping Business Models”, in 6th World Multiconference on Systemics, Cybernetics and Informatics (SCI02),Proceedings, 2002.
R. Housley, W. Polk, W. Ford and D. Solo, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, RFC 3280, Standards Track, 2002.
B. Hunter, “Simplifying PKI Usage through a Client-Server Architecture and Dynamic Propagation of Certificate Paths and Repository Addresses”, in Trust and Privacy in Digital Business (TrustBus 2002), 13th International DEXA Workshop. IEEE Computer Society Press, 2002.
D. Pinkas and R. Housley, “Delegated Path Validation and Delegated Path Discovery Protocol Requirements”, RFC 3379, 2002.
A. Malpani, R. Housley and T. Freeman, “Simple Certificate Validation Protocol (SCVP)”, Internet Draft, 2003.
B. Aboba and D. Simon, “PPP EAP TLS Authentication Protocol"; RFC 2716, 1999.
J. Gu, S. Park, O. Song and J. Lee, “A PKI-Based Authentication Framework for Next Generation Mobile Internet”, in Web Communication Technologies and Internet-Related Social Issues (HSI 2003). Springer Verlag, 2003a.
J. Gu, S. Park, O. Song, J. Lee, J. Nah and S. Sohn, “Mobile PKI: A PKI-Based Authentication Framework for the Next Generation Mobile Communications”, in Information Security and Privacy, 8th Australasian Conference (ACISP 2003). Springer Verlag, 2003b.
M. Jalali-Sohi and P. Ebinger, “Towards Efficient PKIs for Restricted Devices”, in IASTED International Conference on Communications and Computer Networks (CCN 2002), Proceedings, 2002.
C. Gehrmann, “Detailed Technical Specification of Distributed Mobile Terminal System Security”, D10, SHAMAN Project (IST-2000-25350), 2002.
T. Wright, “Intermediate Specification of PKI for Heterogeneous Roaming and Distributed Terminals”, D07, SHAMAN Project (IST-2000-25350), 2002.
J. Bemmel, H. Teunissen and G. Hoekstra, “Security Aspects of 4G Services”, Wireless World Research Forum (WWRF 9), 2003.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Bayarou, K., Enzmann, M., Giessler, E. et al. Towards Certificate-Based Authentication for Future Mobile Communications. Wireless Personal Communications 29, 283–301 (2004). https://doi.org/10.1023/B:WIRE.0000047067.12167.67
Issue Date:
DOI: https://doi.org/10.1023/B:WIRE.0000047067.12167.67