Skip to main content
SpringerLink
Log in

Improving OCSP-Based Certificate Validations in Wireless Ad Hoc Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Certificate status validation is one of the main operations conducted in all PKI-based security systems to ensure the validity of digital certificates. In this paper, a new certificate validation scheme is proposed which adjusts the OCSP responses validity period according to the trust level of certificate authority on the certificate owner. As a result, the OCSP responses validity period of more trusted nodes are increased while the less ones’ are decreased. On the client side, the OCSP responses validity period can be used to tune the certificate status information (CSI) caching period which has direct effect on the overheads and freshness of CSI in MANET. Our proposed solution improves the availability of CSI for more trusted nodes and better isolates the malicious ones. Extensive simulation results indicate that our solution efficiently reduces the CSI inconsistency problem and mitigates the overheads of certificate status validations in MANET.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Meghdadi, M., Ozdemir, S., & Güler, I. (2011). A survey of wormhole-based attacks and their countermeasures in wireless sensor networks. IETE Technical Review, 28, 89.

    Article  Google Scholar 

  2. Papapanagiotou, K., Marias, G. F., & Georgiadis, P. (2010). Revising centralized certificate validation standards for mobile and wireless communications. Computer Standards & Interfaces, 32, 281–287.

    Article  Google Scholar 

  3. Omar, M., Challal, Y., & Bouabdallah, A. (2012). Certification-based trust models in mobile ad hoc networks: A survey and taxonomy. Journal of Network and Computer Applications, 35, 268–286.

    Article  Google Scholar 

  4. Masdari, M., Jabbehdari, S., Ahmadi, M. R., Hashemi, S. M., Bagherzadeh, J., & Khadem-Zadeh, A. (2011). A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks. EURASIP Journal on Wireless Communications and Networking, 2011, 1–12.

    Article  Google Scholar 

  5. Masdari, M., & Pashaei, J. (2012). Distributed certificate management in mobile ad hoc networks. International Journal of Applied Information Systems, 1(1), 33–40.

    Google Scholar 

  6. Myers, M., Ankney, R., Malpani, A., Galperin, S., & Adams, C. (1999). X. 509 Internet public key infrastructure online certificate status protocol-OCSP. RFC 25601999.

  7. Deacon, A., & Hurst, R. (2007, September). The lightweight online certificate status protocol (OCSP) profile for high-volume environments. RFC 5019.

  8. Berbecaru, D. (2004). MBS-OCSP: An OCSP based certificate revocation system for wireless environments. In Proceedings of the fourth IEEE international symposium on signal processing and information technology, pp. 267–272.

  9. Forné, J., Muoz, J., Esparza, O., & Hinarejos, F. (2009). Certificate status validation in mobile ad hoc networks. IEEE Wireless Communications, 16, 55–62.

    Article  Google Scholar 

  10. Masdari, M., Barbin, J. P., & Bidaki, M. (2013). Towards scalable certificate status validation in mobile ad hoc networks. International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 5, 35–48.

    Article  Google Scholar 

  11. Zhao, X., Wenyan, Z., & Shanshan, C. (2009). New certificate status verification scheme based on OCSP for wireless environment. In IFCSTA09. International Forum on Computer Science-Technology and Applications, pp. 195–198.

  12. Wei, L., Nishiyama, H., Ansari, N., & Kato, N. (2011). A study on certificate revocation in mobile ad hoc networks. In IEEE international conference on communications (ICC), pp. 1–5.

  13. Perlines, Hormann T., Wrona, K., & Holtmanns, S. (2006). Evaluation of certificate validation mechanisms. Computer Communications, 29, 291–305.

    Article  Google Scholar 

  14. Marias, G., Papapanagiotou, K., & Georgiadis, P. (2005). ADOPT. A distributed OCSP for trust establishment in MANETs. In Wireless conference 2005-next generation wireless and mobile communications and services (European Wireless), 11th European, pp. 1–7.

  15. Marias, G., Papapanagiotou, K., & Georgiadis, P. (2005). Caching alternatives for a MANET-oriented OCSP scheme. in Workshop of the 1st international conference on security and privacy for emerging areas in communication networks, pp. 209–217.

  16. Marias, G. F., Papapanagiotou, K., Tsetsos, V., Sekkas, O., & Georgiadis, P. (2006). Integrating a trust framework with a distributed certificate validation scheme for manets. EURASIP Journal on Wireless Communications and Networking, 2006, 77–77.

    Article  Google Scholar 

  17. Papapanagiotou, K., Marias, G., Georgiadis, P., & Gritzalis, S. (2006). Performance evaluation of a distributed OCSP protocol over MANETs. in 3rd IEEE consumer communications and networking conference, 2006. CCNC 2006, pp. 1–5.

  18. Papapanagiotou, K., Marias, G. F., & Georgiadis, P. (2007). A certificate validation protocol for vanets. In 2007 IEEE GLOBECOM workshops, pp. 1–9.

  19. Muñoz, J. L., Esparza, O., Gañán, C., & Parra-Arnau, J. (2009). Pkix certificate status in hybrid manets. In Information security theory and practice. Smart devices, pervasive systems, and ubiquitous networks, (pp. 153–166). Berlin: Springer.

  20. Chinni, S., Thomas, J., Ghinea, G., & Shen, Z. (2008). Trust model for certificate revocation in ad hoc networks. Ad Hoc Networks, 6, 441–457.

    Article  Google Scholar 

  21. Berbecaru, D. (2006). On the tradeoff between performance and security in OCSP-based certificate revocation systems for wireless environments, in Proceedings of the 11th IEEE symposium on computers and communications, 2006. ISCC’06, pp. 340–346.

  22. Crépeau, C., & Davis, C. R. (2003). A certificate revocation scheme for wireless ad hoc networks. In Proceedings of the 1st ACM workshop on security of ad hoc and sensor networks, pp. 54–61.

  23. Bilogrevic, I., Manshaei, M. H., Raya, M., & Hubaux, J.-P. (2010). Optimal revocations in ephemeral networks: A game-theoretic framework. In 2010 proceedings of the 8th international symposium on Modeling and optimization in mobile, ad hoc and wireless networks (WiOpt), pp. 21–30.

  24. Fraga, D., Bankovic, Z., & Moya, J. M. (2012). A taxonomy of trust and reputation system attacks, in trust, security and privacy. In IEEE 11th international conference on computing and communications (TrustCom), 2012, pp. 41–50.

  25. Liu, B., Chiang, J. T., & Hu, Y.-C. (2010). Limits on revocation in vanets. In 8th international conference on applied cryptography and network security, pp. 38–52.

  26. Park, K., Nishiyama, H., Ansari, N., & Kato, N. (2010). Certificate revocation to cope with false accusations in mobile ad hoc networks. In Vehicular technology conference (VTC 2010-Spring), 2010 IEEE 71st, pp. 1–5.

  27. Clulow, J., & Moore, T. (2006). Suicide for the common good: A new strategy for credential revocation in self-organizing systems. ACM SIGOPS Operating Systems Review, 40, 18–21.

    Article  Google Scholar 

  28. Moore, T., Clulow, J., Nagaraja, S., & Anderson, R. (2007). New strategies for revocation in ad-hoc networks. In Security and privacy in ad-hoc and sensor networks, (pp. 232–246). Springer, Berlin.

  29. INET frameworks http://inet.omnetpp.org/. Accessed on 5 March 2014.

  30. OMNeT++ Simulator. http://www.omnetpp.org. Accessed on 5 March 2014.

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, Islamic Azad University, Urmia Branch, Urmia, Iran

    Mohammad Masdari

  2. Computer Engineering Department, Islamic Azad University, North Tehran Branch, Tehran, Iran

    Sam Jabbehdari

  3. Computer Engineering Department, Urmia University, Urmia, Iran

    Jamshid Bagherzadeh

Authors
  1. Mohammad Masdari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sam Jabbehdari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jamshid Bagherzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Masdari.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Masdari, M., Jabbehdari, S. & Bagherzadeh, J. Improving OCSP-Based Certificate Validations in Wireless Ad Hoc Networks. Wireless Pers Commun 82, 377–400 (2015). https://doi.org/10.1007/s11277-014-2213-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-2213-1

Keywords

Search

Navigation