Tesla Certificates: An Authentication Tool for Networks of Compute-Constrained Devices

The era of pervasive computing and communication is fast approaching where low powered wireless devices will be deployed everywhere. These devices will serve many different purposes, from allowing one to communicate while one is mobile, to performing measurements for remote sensing applications for environmental monitoring or healthcare services. As these devices become integrated into the daily lives, it will become increasingly critical to secure their operation. These devices, however, will not have the same amount of resources available as their wired counterparts. The task of TESLA certificates is to certify identity. Today, the most widely used certification systems are PGP and X.509. Both rely on public key cryptography, which makes them unsuitable for low-powered, computationally constrained devices. These devices should not have to verify a RSA signature associated with a public key certificate. Therefore, if one wishes to have a certificate based authentication system for these low-powered devices, one needs a certificate that does not employ public key cryptography. TESLA is a broadcast authentication technique that achieves asymmetric properties, in spite of using purely symmetric cryptographic functions (MAC functions). Due to the use of MACs, TESLA enables low-powered nodes to perform source authentication. TESLA is based upon the principle of delayed key disclosure, which has found application in several works on authentication for network communication.