Securing Identity Assignment Using Implicit Certificates in P2P Overlays

The security of the Peer-to-Peer (P2P) overlays networks has been questioned for years. Many works have been proposed to provide secure routing, anonymity, reputation systems, confidentiality, etc. However, the identity assignment has been less considered. These networks are designed so that each user has a unique identifier (nodeID), but the most of identity assignment systems allow malicious users to obtain a set of nodeIDs or even select certain identifiers. Thus, these users can disrupt the proper operation of a P2P overlay. In this paper, we propose a nodeID assignment protocol based on the issue of implicit certificates. Our purpose is to provide security services to struggle against the most of security threats in these networks with special attention to the identity assignment. This approach is based on the use of certificates and the joint generation of nodeIDs between a Certification Authority (CA) and the user. In addition, the use of implicit certificates presents certain advantages over the use of traditional certificates (explicit certificates).