Yanchao Zhang, Yuguang FangWireless Networks
2006.6
MMC Lab. 임동혁
Introduction Network architecture and system
models Entity authentication Incontestable billing of mobile users System Analysis Conclusions
Large-scale WMNAuthenticationBilling
Conventional solutionHome-foreign-domain Drawback
Time-consuming, expensive execution authentication
Bilateral service level agreement(SLA) No consideration about how to reward
intermediate users for packet forwarding
UPASSNo need SLA between WMN operatorsAuthentication
ID-based cryptography(IBC)User vs serving WMNUser vs user in the same WMN
Certificate-based cryptography(CBC)Universal verifiability of passes
Billing Digital signature & one-way hash-chain Realtime micropayment approach
AssumptionsMesh router sends packets in one hop to all
users in its coverageA mobile user transmits packets multiple
hops to a mesh routerAll communications pass through a mesh
router
User-broker-operator relationship model
Broker
WMNOperato
r
User
Universal
pass
Universal
pass
Network
service
Network
service
payment
payment
usage data
usage data
Trust modelCBC for certification of trust-domain
parameter IBC in each trust domain
Trust domain setupTrust-domain parameter
(Hash function, domain-public-key, …) Certification of
domain parameterDomain-params are used
as public key
Pass modelRouter
R-NAI : routerID@operater_domain R-pass : (R-NAI, expiry-date) R-key : kH1(R-pass) k : operator’s domain-master-secret (R-pass, R-key): IBC public & private key pair
User U-NAI : userID@broker_domain U-pass : (U-NAI, expiry-date, otherTerms) U-key : kH1(U-pass) k : broker’s domain-master-secret (U-pass, U-key) : IBC public & private key pair
Pairwise shared keyUser-router authentication
Inter-domain authentication Intra-domain authentication
User-user authentication
Inter-domain authenticationU and R possesses each other’s authentic
domain-paramsProcedure
(1) (2) (3)
(4) (5) shared key :
Intra-domain authenticationBetween same WMN domainProcedure
(1) (2) (3)
Computationally efficient Fast hash instead of signature and encryption
User-user authenticationGet paid for his packet forwardingPairwise shared keys
Symmetric-key challenge-response authentication technique U1 send to U2 a challenge r1 encrypted KU1,U2
U2 report a correct response, (r1+1) U1 declares the authentication of U2 successful Similarly, U2 can authenticate U1
Billing basics Intermediate user compensation
Attaching to forwarded packet a message integrity code(MIC) calculated under its pairwise shared key with R1
R1 ascertain the user in forwarding packet for U1
Total payment (m-units per t-unit transmitted)
Payment structure
<am> : proof token <wi,t> : payment token Procedure
(1) U1R1, a1, (2) R1 checks MIC (3) saves
To use <wi+1,t> (1) U1R1, (2) R1 check (3) R1 checks MIC
Making paymentsU1 maintains a debt counter
R1 maintains a profit counter : maximum amount that user can owe : U1 make a payment
UserPayment format
(wi,j, j), where and
Micropayment (wi,j, j)
1 1U RDC
u j t
1
1 Rj u L
1 1
1U UDC DC j u L
1UDC
1UPC
1R
RouterStore payment token with highest index
(wi,k, k)
Receipt of (wi,j, j), R1 verifies j>k,
After verification, R1 replace (wi,k, k) with (wi,j, j) and
Intermediate usersR1 pay on behalf of U1
1 1U UPC PC j k L
Redemption of payment structureBroker VS R1
Payment record
Procedure
SecurityA user signs a payment structure digitallyPayment structure is both user-specific and
router-specific Low Computation
Rare public-key operationFast hash operation
Small Storage Communication
More efficient than home-foreign-domain model
UPASSFirst known secure authentication and
billing architecture for large-scale WMNsHomeless, no need for SLAsHybrid IBC/CBC trust modelLightweight realtime micropayment
approach