Improving OCSP-Based Certificate Validations in Wireless Ad Hoc Networks

Certificate status validation is one of the main operations conducted in all PKI-based security systems to ensure the validity of digital certificates. In this paper, a new certificate validation scheme is proposed which adjusts the OCSP responses validity period according to the trust level of certificate authority on the certificate owner. As a result, the OCSP responses validity period of more trusted nodes are increased while the less ones’ are decreased. On the client side, the OCSP responses validity period can be used to tune the certificate status information (CSI) caching period which has direct effect on the overheads and freshness of CSI in MANET. Our proposed solution improves the availability of CSI for more trusted nodes and better isolates the malicious ones. Extensive simulation results indicate that our solution efficiently reduces the CSI inconsistency problem and mitigates the overheads of certificate status validations in MANET.

[1]  Jolyon Clulow,et al.  Suicide for the common good: a new strategy for credential revocation in self-organizing systems , 2006, OPSR.

[2]  İnan Güler,et al.  A Survey of Wormhole-based Attacks and their Countermeasures in Wireless Sensor Networks , 2011 .

[3]  Silke Holtmanns,et al.  Evaluation of certificate validation mechanisms , 2006, Comput. Commun..

[4]  Ryan Hurst,et al.  The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments , 2007, RFC.

[5]  Jose L. Muñoz,et al.  PKIX Certificate Status in Hybrid MANETs , 2009, WISTP.

[6]  G.F. Marias,et al.  Performance evaluation of a distributed OCSP protocol over MANETs , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[7]  Diana Berbecaru,et al.  On the Tradeoff between Performance and Security in OCSP-Based Certificate Revocation Systems for Wireless Environments , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[8]  Giannis F. Marias,et al.  Integrating a Trust Framework with a Distributed Certificate Validation Scheme for MANETs , 2006, EURASIP J. Wirel. Commun. Netw..

[9]  José Manuel Moya,et al.  A Taxonomy of Trust and Reputation System Attacks , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Ahmad Khademzadeh,et al.  A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks , 2011, EURASIP J. Wirel. Commun. Netw..

[11]  Nei Kato,et al.  Certificate Revocation to Cope with False Accusations in Mobile Ad Hoc Networks , 2010, 2010 IEEE 71st Vehicular Technology Conference.

[12]  George Ghinea,et al.  Trust model for certificate revocation in ad hoc networks , 2008, Ad Hoc Networks.

[13]  Giannis F. Marias,et al.  Revising centralized certificate validation standards for mobile and wireless communications , 2010, Comput. Stand. Interfaces.

[14]  D. Berbecaru,et al.  MBS-OCSP: an OCSP based certificate revocation system for wireless environments , 2004, Proceedings of the Fourth IEEE International Symposium on Signal Processing and Information Technology, 2004..

[15]  Giannis F. Marias,et al.  ADOPT. A Distributed OCSP for Trust Establishment in MANETs , 2005 .

[16]  Yacine Challal,et al.  Certification-based trust models in mobile ad hoc networks: A survey and taxonomy , 2012, J. Netw. Comput. Appl..

[17]  Xu Zhao,et al.  New Certificate Status Verification Scheme Based on OCSP for Wireless Environment , 2009, 2009 International Forum on Computer Science-Technology and Applications.

[18]  G.F. Marias,et al.  A Certificate Validation Protocol for VANETs , 2007, 2007 IEEE Globecom Workshops.

[19]  Mohammad Masdari,et al.  Towards Scalable Certificate Status Validation in Mobile Ad Hoc Networks , 2013, Int. J. Mob. Comput. Multim. Commun..

[20]  Maxim Raya,et al.  Optimal revocations in ephemeral networks: A game-theoretic framework , 2010, 8th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks.

[21]  Jose L. Muñoz,et al.  Certificate status validation in mobile ad hoc networks , 2009, IEEE Wireless Communications.

[22]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[23]  P. Georgiadis,et al.  Caching alternatives for a MANET-oriented OCSP scheme , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[24]  Claude Crépeau,et al.  A certificate revocation scheme for wireless ad hoc networks , 2003, SASN '03.

[25]  Flavio Fabbri,et al.  A Sociability-Based Routing Scheme for Delay-Tolerant Networks , 2011, EURASIP J. Wirel. Commun. Netw..

[26]  Atul Patel,et al.  A Novel Algorithm HSHA to Secure Wireless Ad hoc Network , 2012 .

[27]  Nei Kato,et al.  A Study on Certificate Revocation in Mobile Ad Hoc Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[28]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.