Towards Scalable Certificate Status Validation in Mobile Ad Hoc Networks

Towards Scalable Certificate Status Validation in Mobile Ad Hoc Networks

Mohammad Masdari (Department of Computer Engineering, Islamic Azad University, Urmia, Iran), Javad Pashaei Barbin (Department of Computer Engineering, Islamic Azad University, Naghadeh, Iran) and Moazam Bidaki (Department of Computer Engineering, Islamic Azad University, Neyshabur, Iran)
DOI: 10.4018/ijmcmc.2013100103
OnDemand PDF Download:
List Price: $37.50


Certificate validation is an important operation in the PKI-based security systems and its overheads have direct impact on the performance of PKI system. ADOPT is an effective certificate validation protocol that tries to tune the OCSP protocol to multihop wireless networks by using caching techniques. In this paper, the authors present a protocol called BP-ADOPT to decrease the overheads of the ADOPT-based certificate validations in mobile ad hoc networks. This solution also increases the security of ADOPT protocol by making it more resilient against the DoS attacks and improves its scalability and throughput. Finally, the authors present an analysis of our solution and ADOPT protocol in mobile ad hoc networks.
Article Preview

1. Introduction

PKI or public key infrastructure provides strong security services and protects the networks’ assets against the attackers and malicious nodes. Normally conventional networks use centralized certificate authorities for digital certificates management. But in mobile ad hoc networks with the absence of any infrastructure, centralized CA cannot be used. Numerous schemes have been presented to establish the CA services in a distributed form and in (Masdari et al., 2011; Masdari & Pashaei, 2012) the distributed CA schemes have been analyzed and their advantages and limitations studied. After digital certificates are issued, they may be may be revoked for many reasons such as private key disclosure and maliciousness of certificate owner. The revocation of certificates keeps away misbehaving nodes which attempt to harm the valid nodes and increases the network security. But certificate revocation makes it necessary that in a secure communication each node verify the validation of its communication parties’ certificates before any transaction. Otherwise, network users may falsely accept attackers as valid users. Internet and conventional networks use CRLs and OCSP protocol for certificate status validations. The OCSP or Online Certificate Status Protocol (Myers, Ankney, Malpani, Galperin, & Adams, 1999) which is the main topic of this paper is a request/response protocol that enables users to determine the status of an X.509 certificate (Omar, Challal, & Bouabdallah, 2012). However, OCSP cannot be used without any modification in the MANETs because OCSP clients need online connections to the OCSP servers which may not be guaranteed in ad hoc networks. As a result some schemes have been proposed to adapt OCSP to the special environment of MANET (Berbecaru, 2004, 2006; Muñoz-Tapia & Forné-Muñoz, 2002; Zhao, Wenyan, & Shanshan, 2009). One of these OCSP-based schemes is ADOPT which provide fresh CSI for the client nodes without necessarily contacting the OCSP responders. Generally, ADOPT is an on-demand and distributed OCSP-based certificate validation scheme which uses OCSP response caching to present CSI even in disconnected and offline states(Konstantinos Papapanagiotou, Marias, & Georgiadis, 2010). But ADOPT uses broadcast-based OCSP request distribution which incurs heavy traffic load on the ad hoc network. This problem is even worse when a number of nodes simultaneously send CSI requests to the ad hoc network.

In this paper, a certificate validation protocol called BP-ADOPT is proposed to improve the security, scalability and effectiveness of the main ADOPT protocol. The main contribution is a broadcast prevention method which decreases the messaging and processing overheads of certificate validation process. The paper is organized as follows: the description of ADOPT protocol is described in section 2; the proposed BP-ADOPT protocol is presented in section 3, and the analysis of the proposed solution and ADOPT is given in Section 4.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing