Performance evaluation of a distributed OCSP protocol over MANETs

Several methods that rely on public or private cryptographic systems have been proposed for trust establishment in mobile ad hoc networks (MANETs). Such methods aim to provide end-entity authentication, communications integrity and privacy. When public key certificates schemes are deployed in MANETs, they must be accompanied by efficient mechanisms for certificate revocation and validation. In this paper we address this issue, and a distributed, on-demand, OCSP-based scheme is adapted to be applicable over MANETs. This scheme, called ADOPT, uses caches of OCSP responses that are distributed and stored on intermediate nodes. ADOPT takes into account the status of intermediate nodes, such as network topology, energy thresholds, and connectivity, to materialize the caching of OCSP responses. This paper uses different MANET con-figurations to evaluate the efficiency of ADOPT. The simulation results show that ADOPT manages to rapidly identify and locate the status of a certificate without introducing significant communication or storage costs. Keywords-OCSP; MANETs; certificate status information; caching

[1]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[2]  Victor C. M. Leung,et al.  Secure routing with tamper resistant module for mobile Ad hoc networks , 2003, MOCO.

[3]  P. Georgiadis,et al.  Caching alternatives for a MANET-oriented OCSP scheme , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[4]  Stefan Schlott,et al.  Securing ad hoc routing protocols , 2004, Proceedings. 30th Euromicro Conference, 2004..

[5]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[6]  Bernhard Walke,et al.  IEEE 802.11 Wireless Local Area Networks , 2006 .

[7]  Alex Deacon,et al.  Lightweight OCSP Profile for High Volume Environments , 2003 .

[8]  Matthew S. Gast,et al.  802.11 Wireless Networks: The Definitive Guide , 2002 .

[9]  Giannis F. Marias,et al.  A generic framework towards trust building in self-organized, peer, networks , 2005 .

[10]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[11]  Srdjan Capkun,et al.  BISS: building secure routing out of an incomplete set of security associations , 2003, WiSe '03.

[12]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[13]  Srdjan Capkun,et al.  Mobility helps security in ad hoc networks , 2003, MobiHoc '03.

[14]  Dharma P. Agrawal,et al.  Security in Wireless Ad Hoc Networks , 2005, Handbook of Algorithms for Wireless Networking and Mobile Computing.

[15]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[16]  Diomidis Spinellis,et al.  Towards a framework for evaluating certificate status information mechanisms , 2003, Comput. Commun..

[17]  André Årnes Public Key Certificate Revocation Schemes , 2000 .

[18]  S. Santesson Certificate and Certificate Revocation List (CRL) Profile , 2005 .

[19]  Giannis F. Marias,et al.  ADOPT. A Distributed OCSP for Trust Establishment in MANETs , 2005 .

[20]  Amitabh Mishra,et al.  Security in wireless ad hoc networks , 2003 .

[21]  Robin Kravets,et al.  MOCA : MObile Certificate Authority for Wireless Ad Hoc Networks , 2004 .