In a fixed network, the problem of security is normally resolved via key management infrastructure systems, designated by the abbreviation KMI, that can be used to share a key or a certificate between the entities of the communicating network. This generalization is not always desirable given the complexity in implementing such an infrastructure. In this context the system for securing a channel between two users needs to be able to cope with a large number of attacks without the external assistance of an KMI.
In an ad hoc network, the problem is all the greater since the concept of key infrastructures is virtually nonexistent because of the very mobility and volatility of the ad hoc topology. In practice, an ad hoc network is a network in which the information is routed by the nodes that make up the network. There are no fixed routing infrastructures from which to know the overall topology of the network. Each of the nodes of the network behaves like a router with its neighbors. In this context, there are several orders of technical problems to be resolved: each of the nodes needs to be able, at a given instant, to know a portion of the topology of the network in order to be able to communicate with a recipient node. This problem is partly resolved by so-called proactive protocols that establish the routes in advance using a periodic management of the routing tables and the reactive protocols that look for the routes on request; in the latter case, the source node and/or the recipient nodes are equipped with tables and routing protocols making it possible to determine the paths to be taken by a message.
Confidence in the network is one of the major problems in the context of ad hoc networks. In practice, the routing information and the user information circulate via private communication nodes, and therefore with zero confidence level. Since an ad hoc network is by its nature mobile, no confidence system, no public key infrastructure, can be implemented in this context. In practice, the validation must be done by the confidence system.
The prior art, known to the Applicant, relates to the protocol for exchanging keys via the internet that is better known by the abbreviation IKE, for Internet Exchange Key, that makes it possible to calculate a common secret in order to secure the exchange between two entities. This protocol is described in the IETF publication RCF 2409 available at the following internet address: http://www.ietf.org/rfc/rfc2409.txt. Although it is effective, this protocol presents the following drawbacks:                the length of the exchanges between the two parties results in an overload in the network bandwidth,        it allows for the secret to be verified only from a key or from a certificate that is pre-shared via an organizational means outside of any communication,        this protocol is not adapted to management of the ad hoc network and it is therefore vulnerable to an attack that consists in having a malicious person pass himself off for the pair of each of the two users of the communication, by generating a secret instead of the final users, better known by the abbreviation MIM (Men-In-the-Middle).        
In the context of an ad hoc network, it is also known to implement protocols based on the ring certification of communicating nodes, and the decomposition of the private key by a polynomial mathematical operation. Similarly, one of the drawbacks in group certifications for each ring is the abovementioned MIM capability at the ring level.
More generally, the abovementioned state of the art makes it possible to share a common secret between two entities of a fixed network, via a simple routing link. However, this secret is validated by the encryption and the verification of said secret by a pre-shared key or by a certificate supplied by a key management infrastructure (KMI or public key infrastructure PKI).
In the context of centralized networks, the confidence between the players is implemented via certificates or signatures, deployed from public key management infrastructures (KMI). This mechanism allows a so-called certification authority to validate the confidence of the information between the various certified users. Confidence is therefore located at the level of a single entity, combining the functionalities of certification, validation and revocation of the users or equipment combined within a determined group holding valid certificates.
This security strategy in a network operating with the internet protocol, or IP, is therefore based on the centralization of the confidence in a single node of the network, and a broadcasting of this confidence in the form of certificates using administrative methods (chip cards, USB key, etc.).
Outside of this context, there are a number of cryptographic mechanisms that make it possible to share a common secret, via a zero disclosure method.
One of these principles or mechanisms is the Diffie-Hellman protocol, denoted DH in the description, implemented in the abovementioned IKE protocol. This principle, which will be reviewed in the following paragraph, presents MIM as its main fault.
The Diffie-Hellman protocol is reviewed in FIG. 1. The theoretical concepts of public key cryptography go back to the article published by Diffie and Hellman in 1976 (W. Diffie-M. E. Hellman: New Directions in cryptography. IEEE Trans. on Information Theory, Vol. IT-22-6, November 1976). The main result of this founding article is the possibility of two users, who are communicating via an unsafe network, agreeing on a session key that is intended to encrypt their subsequent communications.
Let G=<g> be a cyclical group. The two parties U1, U2 each choose, at random, x1,x2 belonging to the cyclical group G respectively and exchange the values gx1,gx2 over the network. The user U1 (respectively U2) then calculates the Diffie-Hellman secret gx1x2 by receiving the message from U2 (respectively U1). This assumption stipulates that, given three values gx1,gx2, gr, a polynomial adversary cannot decide with a significant advantage whether gr=gx1x2 or not.
The known MIM attack is presented in FIG. 2. One or more malicious users H place themselves between the two parties U1, U2, and will take over relaying the information from one to the other. FIG. 2 represents the case in which there is only one malicious third party. When U1 exchanges his value gx1 over the network addressed to U2, the attacker H will pass himself off as U2 and reply in his place via a secret gh. He will do the same for the party U2. In this context, the two parties will communicate via a pseudo-confidential channel via the attacker H with the common secrets, between U1 and H: gx1.h and between U2 and H: gx2.h.
One aim of the invention is to offer a solution to the confidence problems between at least two entities of a network.