Chapter

Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks

Volume 5746 of the series Lecture Notes in Computer Science pp 153-166

PKIX Certificate Status in Hybrid MANETs

  • Jose L. MuñozAffiliated withDepartament Enginyeria Telemàtica, Universitat Politècnica de Catalunya
  • , Oscar EsparzaAffiliated withDepartament Enginyeria Telemàtica, Universitat Politècnica de Catalunya
  • , Carlos GañánAffiliated withDepartament Enginyeria Telemàtica, Universitat Politècnica de Catalunya
  • , Javier Parra-ArnauAffiliated withDepartament Enginyeria Telemàtica, Universitat Politècnica de Catalunya

Abstract

Certificate status validation is a hard problem in general but it is particularly complex in Mobile Ad-hoc Networks (MANETs) because we require solutions to manage both the lack of fixed infrastructure inside the MANET and the possible absence of connectivity to trusted authorities when the certification validation has to be performed. In this sense, certificate acquisition is usually assumed as an initialization phase. However, certificate validation is a critical operation since the node needs to check the validity of certificates in real-time, that is, when a particular certificate is going to be used. In such MANET environments, it may happen that the node is placed in a part of the network that is disconnected from the source of status data at the moment the status checking is required. Proposals in the literature suggest the use of caching mechanisms so that the node itself or a neighbour node has some status checking material (typically on-line status responses or lists of revoked certificates). However, to the best of our knowledge the only criterion to evaluate the cached (obsolete) material is the time. In this paper, we analyse how to deploy a certificate status checking PKI service for hybrid MANET and we propose a new criterion based on risk to evaluate cached status data that is much more appropriate and absolute than time because it takes into account the revocation process.

Keywords

Certification Public Key Infrastructure Revocation Hybrid MANET Risk