Resilient and adaptive public-key infrastructure for distributed city-wide surveillance systems

Third generation city-wide distributed surveillance systems are built upon networks of sensors, actuators and computation nodes. In such large systems, different groups of nodes may belong to separate parties who want to control access to the resources provided by their nodes. The access control mechanism must verify the identities of nodes and check their authorization for accessing resources. The system must also support dynamic group reconfiguration mandated by factors such as changes in organizational structure or confidentiality rules and recover gracefully from security breaches. This paper presents a mechanism based on Public Key Infrastructure (PKI) and certificate hierarchies for fulfilling these requirements in a secure communication platform supporting both synchronous and asynchronous operations in a distributed surveillance system. Dynamic reconfiguration of groups and expulsion of compromised parts of the system is implemented by utilizing certificate revocation.