Article Preview
Top1. Introduction
PKI or public key infrastructure provides strong security services and protects the networks’ assets against the attackers and malicious nodes. Normally conventional networks use centralized certificate authorities for digital certificates management. But in mobile ad hoc networks with the absence of any infrastructure, centralized CA cannot be used. Numerous schemes have been presented to establish the CA services in a distributed form and in (Masdari et al., 2011; Masdari & Pashaei, 2012) the distributed CA schemes have been analyzed and their advantages and limitations studied. After digital certificates are issued, they may be may be revoked for many reasons such as private key disclosure and maliciousness of certificate owner. The revocation of certificates keeps away misbehaving nodes which attempt to harm the valid nodes and increases the network security. But certificate revocation makes it necessary that in a secure communication each node verify the validation of its communication parties’ certificates before any transaction. Otherwise, network users may falsely accept attackers as valid users. Internet and conventional networks use CRLs and OCSP protocol for certificate status validations. The OCSP or Online Certificate Status Protocol (Myers, Ankney, Malpani, Galperin, & Adams, 1999) which is the main topic of this paper is a request/response protocol that enables users to determine the status of an X.509 certificate (Omar, Challal, & Bouabdallah, 2012). However, OCSP cannot be used without any modification in the MANETs because OCSP clients need online connections to the OCSP servers which may not be guaranteed in ad hoc networks. As a result some schemes have been proposed to adapt OCSP to the special environment of MANET (Berbecaru, 2004, 2006; Muñoz-Tapia & Forné-Muñoz, 2002; Zhao, Wenyan, & Shanshan, 2009). One of these OCSP-based schemes is ADOPT which provide fresh CSI for the client nodes without necessarily contacting the OCSP responders. Generally, ADOPT is an on-demand and distributed OCSP-based certificate validation scheme which uses OCSP response caching to present CSI even in disconnected and offline states(Konstantinos Papapanagiotou, Marias, & Georgiadis, 2010). But ADOPT uses broadcast-based OCSP request distribution which incurs heavy traffic load on the ad hoc network. This problem is even worse when a number of nodes simultaneously send CSI requests to the ad hoc network.
In this paper, a certificate validation protocol called BP-ADOPT is proposed to improve the security, scalability and effectiveness of the main ADOPT protocol. The main contribution is a broadcast prevention method which decreases the messaging and processing overheads of certificate validation process. The paper is organized as follows: the description of ADOPT protocol is described in section 2; the proposed BP-ADOPT protocol is presented in section 3, and the analysis of the proposed solution and ADOPT is given in Section 4.