Integrating a Trust Framework with a Distributed Certificate Validation Scheme for MANETs

Many trust establishment solutions in mobile ad hoc networks (MANETs) rely on public key certificates. Therefore, they should be accompanied by an efficient mechanism for certificate revocation and validation. Ad hoc distributed OCSP for trust (ADOPT) is a lightweight, distributed, on-demand scheme based on cached OCSP responses, which provides certificate status information to the nodes of a MANET. In this paper we discuss the ADOPT scheme and issues on its deployment over MANETs. We present some possible threats to ADOPT and suggest the use of a trust assessment and establishment framework, named ad hoc trust framework (ATF), to support ADOPT's robustness and efficiency. ADOPT is deployed as a trust-aware application that provides feedback to ATF, which calculates the trustworthiness of the peer nodes' functions and helps ADOPT to improve its performance by rapidly locating valid certificate status information. Moreover, we introduce the TrustSpan algorithm to reduce the overhead that ATF produces, and the TrustPath algorithm to identify and use trusted routes for propagating sensitive information, such as third parties' accusations. Simulation results show that ATF adds limited overhead compared to its efficiency in detecting and isolating malicious and selfish nodes. ADOPT's reliability is increased, since it can rapidly locate a legitimate response by using information provided by ATF.

[1]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[2]  Victor C. M. Leung,et al.  Secure routing with tamper resistant module for mobile Ad hoc networks , 2003, MOCO.

[3]  G.F. Marias,et al.  Performance evaluation of a distributed OCSP protocol over MANETs , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[4]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[5]  P. Georgiadis,et al.  Caching alternatives for a MANET-oriented OCSP scheme , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[6]  David Forster Web Cache Coordination Protocol V1.0 , 1999 .

[7]  Qi He,et al.  SORI: a secure and objective reputation-based incentive scheme for ad-hoc networks , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[8]  Jean-Yves Le Boudec,et al.  The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-hoc Networks , 2003 .

[9]  S. Buchegger,et al.  A Robust Reputation System for P2P and Mobile Ad-hoc Networks , 2004 .

[10]  Refik Molva,et al.  Security in wireless ad hoc networks , 2003 .

[11]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[12]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[13]  Mary Baker,et al.  Observation-based Cooperation Enforcement in Ad Hoc Networks , 2003, ArXiv.

[14]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[15]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[16]  P. Georgiadis,et al.  Performance evaluation of a self-evolving trust building framework , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[17]  André Årnes Public Key Certificate Revocation Schemes , 2000 .

[18]  David D. Clark,et al.  A knowledge plane for the internet , 2003, SIGCOMM '03.

[19]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[20]  Amitabh Mishra,et al.  Security in wireless ad hoc networks , 2003 .

[21]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[22]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[23]  Robin Kravets,et al.  MOCA : MObile Certificate Authority for Wireless Ad Hoc Networks , 2004 .

[24]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[25]  Rino Falcone,et al.  Trust is much more than subjective probability: mental components and sources of trust , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[26]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[27]  Srdjan Capkun,et al.  BISS: building secure routing out of an incomplete set of security associations , 2003, WiSe '03.

[28]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[29]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[30]  Julita Vassileva,et al.  Bayesian Network Trust Model in Peer-to-Peer Networks , 2003, AP2PC.