Efficient Verification of Delegation in Distributed Group Membership Management

In ad-hoc networks and other highly distributed and decentralized environments, authorization certificates can be used to control access. Moreover, it is possible to delegate rights listed in the certificate to another users. Several such subsequent delegations build a chain of certificates. Chains of delegation certificates can improve the capability and manageability of systems. Distributed group membership management, i.e. managing groups of users in a distributed environment, utilizes the efficiency of certificate chains. Adding, removing as well as authentication of users is managed by chains of delegation certificates. On the other hand, the size of certificate chains could be too long to be usable. In this paper we take a look at distributed group membership management based on delegation certificates. Then we present a new kind of certificate, the implanted chain certificate, and its characteristics. With this new kind of certificate the verification time of a certificate chain can be decreased without losing delegation information. Finally, we compare our verification method to reduce the time of verification.