TESLA Certificates: An Authentication Tool for Networks of Compute-Constrained Devices

In the near future wireless networks will consist of lowpowered, compute-constrained devices. These devices will have limited ability to perform the expensive computational operations associated with public key cryptography. This will limit the usefulness of conventional authentication mechanisms based on public key certificates in these domains. In this paper we introduce an alternative to conventional public key certificates that is based upon symmetric key cryptography and the principles of delayed key disclosure. The work formalizes concepts presented in earlier work on a broadcast authentication protocol, known as TESLA. TESLA certificates rely upon a tradeoff between computation and authentication delay in order to achieve a certificate infrastructure that reduces computational complexity associated with certificate verification when compared with traditional public key infrastructure certificates. Further, we introduce a modification to the TESLA protocol that provides partial authentication of multicast data, which allows for partial authentication in our TESLA certificate framework. As an application, we apply TESLA certificates to the problem of maintaining authentication during handoff in a generic mobile network.