Certificate path generating protocol (CPGP) for authenticated signaling in ATM networks

Authenticated signaling is an important security service to be provided by ATM networks to guard against threats of spoofing and impersonation. The ATM Forum specifies public key cryptography to be the default ATM authentication mechanism and directory services like X.509 to be the infrastructure for public key distribution and certification. With public key cryptography, authenticated signaling requires the signaling message to be authenticated with a digital signature signed by the private key of the calling party. To verify the digital signature, the called party needs to obtain the public key of the calling party and a proof of the calling party´s ownership to that public key. In X.509, the standard form of such a proof is a chain of public key certificates, called the certificate path between two parties. The certificate exchange protocol (CEP), proposed by the ATM Forum, requires that another bi-directional connection be established between two parties to change public keys and certificate paths before an authenticated connection can be established, which is not an ideal approach. We propose a certificate path generating protocol (CPGP), which is embedded into ATM signaling and routing protocols to generate a certificate path inside a signaling message on-the-fly as the signaling message travels through the ATM network. In CPGP all that a calling party needs to do for authenticated signaling is to put into the signaling message its own public key certificate and the digital signature of the signaling message signed using its private key. The CPGP builds the rest of the certificate path for it. The proposed protocol is embedded into the ATM signaling and routing protocol so that no performance overhead is incurred to establish the certificate path