A wireless ad hoc network is a, to a certain extent, decentralized wireless network. Terminals in the network communicate between themselves using the same or a similar radio interface as they would use to communicate with a base station. This is sometimes referred to as “direct mode” communication. A fully ad hoc wireless network does not need to rely on the existing infrastructure of the network, such as the base stations and so on. Instead, each node participates in routing by forwarding data for other nodes, and so the determination of which nodes forward data is made dynamically based on the network connectivity. In a slightly more controlled ad hoc network, the terminals can communicate both directly with one another, and/or use the existing network infrastructure. This could be viewed as an ad hoc network with some support from an infrastructure. Typically a wireless ad hoc network has a limited range when using direct mode, e.g. tens or hundreds of meters. A longer range is possible, but may cause problems with interference when both ad hoc (moving) and infrastructure based (fixed) nodes use the same spectrum.
FIG. 1 shows three example ad hoc network scenarios. FIG. 1a shows network controlled local break-out, in which terminal 1 contacts the network infrastructure 2 in order to initiate communication with terminal 3. FIG. 1b shows a “relay” scenario in which the terminals 1, 3 establish communication with each other, but only terminal 1 is in communication with the network 2. FIG. 1c shows a true ad-hoc network scenario in which three terminals 1, 3, 4 communicate directly with one another without being in communication with the network infrastructure 2. This scenario is typically preceded by one of the two first scenarios. The following description assumes a Long Term Evolution (LTE) network, but it will be appreciated that the concepts apply to other types of cellular network
A degree of trust is required in order for terminals to establish an ad hoc network. This is typically achieved using strong authentication and key exchange, but before this step is taken a fast and mutual “neighbour trust discovery” is required. A terminal (the advertising node) will typically advertise its presence and another terminal (the responding node) may respond. In the absence of a lightweight pre-authentication phase for fast neighbour trust discovery, the two terminals are exposed to denial-of service (DoS) attacks, e.g. unnecessarily draining battery power, when establishing security associations.
An LTE terminal is referred to as User Equipment (UE). In this example, an ad-hoc wireless network is a derivative of a deployed LTE infrastructure. The ad-hoc wireless network allows a set of enabled UEs to sense each other's presence and/or to advertise different types of public and private services without using the LTE infrastructure. In addition, these enabled UEs can constantly sense their surrounding environment, and so can receive advertisements from proximity-based services such as restaurants' menus/offers, public transport time tables and so on. In addition to social activities, these services may include commercial activities, multimedia, proximity-based advertisements, buddy's presence, etc.
Consider the scenario whereby a user (Bob) using UE 1 is advertising willingness to play a game of chess, and an interested user (Alice) using UE 3 detects Bob's advertisement and decides to engage with him in a game of chess. Alice and Bob may be complete strangers and no trust relationship exists between then or their UEs. The first step is for Alice to initiate a “neighbour trust discovery” protocol, which enables both Alice and Bob to mutually check each others' legitimacy. Once this has been completed, more secure authentication, including an exchange of keys, can take place.
In this type of environment, there is no easy way for Alice to check Bob's legitimacy. Furthermore, such an exchange would mean that both UEs are exposed to a DoS attack in the form of spoofed key exchange protocol messages sent by nearby malicious nodes. There is also no way to ensure that the two nodes that started the key exchange are the same than the ones which completed it.
One solution to the problem of neighbour trust discovery is for the network infrastructure to provide each user with a conventional public key certificate. For privacy reasons, these certificates should be short-lived, carrying a “pseudonym” rather than a long term identity. This would cause large overhead in the network since the network needs to certify all public keys. It would also imply overhead on the terminals, as each terminal would potentially need to store (or acquire, when needed) the certificates of all other nodes, or all least all other nodes with which the terminal may establish an ad-hoc network.