Decentralised binding of self-certifying names to real-world identities for assessment of third-party messages in fragmented mobile networks

Abstract

Self-certifying names provide the property that any entity in a distributed system can verify the binding between a corresponding public key and the self-certifying name without relying on a trusted third party. However, self-certifying names lack a binding with a corresponding real-world identity. In this paper, we present a concrete mechanism for using a Web-of-Trust in conjunction with self-certifying names to provide this binding. We consider a decentralised scenario: fragmented (mobile) networks, where connectivity to centralized authentication entities and Web-of-Trust keyservers is not available. Our approach enables a particular functionality in this scenario: The assessment of messages from previously unknown third parties. To the best of our knowledge, there is no prior art for combining a Web-of-Trust approach with self-certifying names to enable such transitive third-party data origin authentication in decentralised networks. Our analytical evaluation shows that - depending on the overall size of the Web-of-Trust and the average friend-degree among its users - it is feasible to apply our approach fully decentralised at end user devices, or at least highly decentralised at access network nodes.