Identity Based Message Authentication for Dynamic Networks Pietro Michiardi and Refik Molva Institut Eurecom 2229, route des Cretes BP 193, 06904 Sophia-Antipolis, France {pietro.michiardi, refik.molva)@eurecom.fr Abstract. This paper presents a message authentication scheme built on top of an original construct that combines a simple form of identity based cryptography with an iterated version of RSA. Our scheme blends the features of identity based cryptography and stream authentication while at the same time offering security comparable to that of the basic RSA cryptosystem. As opposed to other authenti- cation schemes available in the literature, our solution does not rely on any public key infrastructure and, like any identity based cryptosystems, it does not require public key certificates. A basic security analysis, performance evaluation and stor- age requirements of our scheme are also provided in the paper. Furthermore, we explore a challenging application of our scheme: a scalable and lightweight key distribution service that offers authentication services to an infrastructure-lessad hoc network and that can be coupled with existing secure routing solutions. 1 Introduction In this paper we propose a message authentication scheme (that we call IB-MAC) built on top of an original construct that combines a simple form of identity based cryp- tographyl with an iterated version of RSA. In our solution, users are able to locally generate a chain of authentication material that we call authentication tickets using as seed the secret information (that we call a master authentication ticket) delivered by a key distribution center (KDC). By removing the reliance on a public key infrastruc- ture, our scheme is particularly suitable for networks with multiple dynamic sources whereas other authentication schemes available in the literature suffer from the limita- tions imposed by certificate management requirements. We also describe an interesting application of our scheme: IB-MAC can be used as a basis to provide a lightweight key distribution mechanism for peer authentication in infrastructure-less ad hoc networks. In the proposed solution there is no need for a network infrastructure and the security bootstrap phase is lightweight: the key distribution center is involved neither in net- working operations nor in any further security operations beyond the bootstrap phase. The remainder of the paper is organized as follows: we present the IB-MAC authenti- cation scheme and focus on the technique used to generate the authentication material. A basic assessment of the security properties of our scheme is provided. We then focus on the performance analysis of the IB-MAC scheme both in terms of computational and ' In the remainder of the paper ID-based and identity based have the same meaning. Please use the following format when citing this chapter: Author(s) [insert Last name, First-name initial(s)], 2006, in IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Rannenberg, K., Yngstrom, L., Lindskog, S., (Boston: Springer), pp. [insert page numbers].