PKIX Certificate Status in Hybrid MANETs

Authors:
Jose L. Muñoz;Oscar Esparza;Carlos Gañán;Javier Parra-Arnau
Affiliations:
Departament Enginyeria Telemàtica, Universitat Politècnica de Catalunya, Barcelona, Spain C3 08034;Departament Enginyeria Telemàtica, Universitat Politècnica de Catalunya, Barcelona, Spain C3 08034;Departament Enginyeria Telemàtica, Universitat Politècnica de Catalunya, Barcelona, Spain C3 08034;Departament Enginyeria Telemàtica, Universitat Politècnica de Catalunya, Barcelona, Spain C3 08034
Venue:
WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Year:
2009

Citing 9
Cited 1

The quest for security in mobile ad hoc networks

MobiHoc '01 Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing
COCA: A secure distributed online certification authority

ACM Transactions on Computer Systems (TOCS)
Threshold Cryptosystems

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Self-Organized Public-Key Management for Mobile Ad Hoc Networks

IEEE Transactions on Mobile Computing
Supporting Cooperative Caching in Ad Hoc Networks

IEEE Transactions on Mobile Computing
Performance evaluation on CRL distribution using flooding in mobile ad hoc networks (MANETs)

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Integrating a trust framework with a distributed certificate validation scheme for MANETs

EURASIP Journal on Wireless Communications and Networking
Certificate status validation in mobile ad hoc networks

IEEE Wireless Communications
Securing ad hoc networks

IEEE Network: The Magazine of Global Internetworking

BECSI: Bandwidth efficient certificate status information distribution mechanism for VANETs

Mobile Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Certificate status validation is a hard problem in general but it is particularly complex in Mobile Ad-hoc Networks (MANETs) because we require solutions to manage both the lack of fixed infrastructure inside the MANET and the possible absence of connectivity to trusted authorities when the certification validation has to be performed. In this sense, certificate acquisition is usually assumed as an initialization phase. However, certificate validation is a critical operation since the node needs to check the validity of certificates in real-time, that is, when a particular certificate is going to be used. In such MANET environments, it may happen that the node is placed in a part of the network that is disconnected from the source of status data at the moment the status checking is required. Proposals in the literature suggest the use of caching mechanisms so that the node itself or a neighbour node has some status checking material (typically on-line status responses or lists of revoked certificates). However, to the best of our knowledge the only criterion to evaluate the cached (obsolete) material is the time. In this paper, we analyse how to deploy a certificate status checking PKI service for hybrid MANET and we propose a new criterion based on risk to evaluate cached status data that is much more appropriate and absolute than time because it takes into account the revocation process.