Markov chain-based evaluation of the certificate status validations in hybrid MANETs

Mobile ad hoc networks (MANETs) are vulnerable to various security attacks conducted by the malicious nodes and attackers. To defend against the attackers, their public key certificates should be revoked by certificate authority. Thus, each MANET node before conducting any secure communications, should check the status of communicating parties certificates. Inconsistency of the certificate status information is one of the critical problems which reduce the correctness and effectiveness of the whole certificate validation process. In this paper, we conduct a Markov-chain based analysis and evaluation of the OCSP-based certificate validations in the hybrid MANETs. In particular, we focus on the ADOPT and PS-ADOPT protocols and present four absorbing Markov-chain models, three for online states whose OCSP responder is available to the MANET and the other to support offline cases where MANET may be disconnected from the OCSP responder occasionally. Finally, the results of absorbing Markov models are verified by the extensive simulations of the ADOPT and PS-ADOPT protocols in the OMNeT++ simulator.

[1]  Sam Jabbehdari,et al.  Improving OCSP-Based Certificate Validations in Wireless Ad Hoc Networks , 2015, Wirel. Pers. Commun..

[2]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[3]  P. Georgiadis,et al.  Caching alternatives for a MANET-oriented OCSP scheme , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[4]  Xu Zhao,et al.  New Certificate Status Verification Scheme Based on OCSP for Wireless Environment , 2009, 2009 International Forum on Computer Science-Technology and Applications.

[5]  Mohammad Masdari,et al.  An overview of virtual machine placement schemes in cloud computing , 2016, J. Netw. Comput. Appl..

[6]  G.F. Marias,et al.  A Certificate Validation Protocol for VANETs , 2007, 2007 IEEE Globecom Workshops.

[7]  Mohammad Masdari,et al.  Towards Scalable Certificate Status Validation in Mobile Ad Hoc Networks , 2013, Int. J. Mob. Comput. Multim. Commun..

[8]  Giannis F. Marias,et al.  Integrating a Trust Framework with a Distributed Certificate Validation Scheme for MANETs , 2006, EURASIP J. Wirel. Commun. Netw..

[9]  Jose L. Muñoz,et al.  PKIX Certificate Status in Hybrid MANETs , 2009, WISTP.

[10]  Nei Kato,et al.  Cluster-Based Certificate Revocation with Vindication Capability for Mobile Ad Hoc Networks , 2013, IEEE Transactions on Parallel and Distributed Systems.

[11]  Giannis F. Marias,et al.  Revising centralized certificate validation standards for mobile and wireless communications , 2010, Comput. Stand. Interfaces.

[12]  Roberto Di Pietro,et al.  "Who Counterfeited My Viagra?" Probabilistic Item Removal Detection via RFID Tag Cooperation , 2011, EURASIP J. Wirel. Commun. Netw..

[13]  M. K. Raja,et al.  Digital certificate management: Optimal pricing and CRL releasing strategies , 2014, Decis. Support Syst..

[14]  Mohammad Masdari,et al.  Towards workflow scheduling in cloud computing: A comprehensive analysis , 2016, J. Netw. Comput. Appl..

[15]  Giannis F. Marias,et al.  ADOPT. A Distributed OCSP for Trust Establishment in MANETs , 2005 .

[16]  Ahmad Khademzadeh,et al.  A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks , 2011, EURASIP J. Wirel. Commun. Netw..

[17]  Jose L. Muñoz,et al.  Certificate status validation in mobile ad hoc networks , 2009, IEEE Wireless Communications.

[18]  Anders Fongen,et al.  The effect of a MANET proxy overlay for certificate validation services , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[19]  Jose L. Muñoz,et al.  COACH: COllaborative certificate stAtus CHecking mechanism for VANETs , 2013, J. Netw. Comput. Appl..

[20]  Sam Jabbehdari,et al.  Secure publish/subscribe-based certificate status validations in mobile ad hoc networks , 2015, Secur. Commun. Networks.

[21]  İnan Güler,et al.  A Survey of Wormhole-based Attacks and their Countermeasures in Wireless Sensor Networks , 2011 .

[22]  G.F. Marias,et al.  Performance evaluation of a distributed OCSP protocol over MANETs , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[23]  Jose L. Muñoz,et al.  Evaluation of certificate revocation policies: OCSP vs. Overissued-CRL , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[24]  Ahmad Khademzadeh,et al.  Towards efficient certificate status validations with E-ADOPT in mobile ad hoc networks , 2015, Comput. Secur..