Abstract

Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted.