A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks
- PDF / 493,884 Bytes
- 12 Pages / 595.28 x 793.7 pts Page_size
- 4 Downloads / 168 Views
REVIEW
Open Access
A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks Mohammad Masdari1*, Sam Jabbehdari2, Mohammad Reza Ahmadi3, Seyyed Mohsen Hashemi1, Jamshid Bagherzadeh4 and Ahmad Khadem-Zadeh3
Abstract Certificate authorities (CAs) are the main components of PKI that enable us for providing basic security services in wired networks and Internet. But, we cannot use centralized CAs, in mobile ad hoc networks (MANETs). So, many efforts have been made to adapt CA to the special characteristics of MANETs and new concepts such as distributed CAs (DCAs) have been proposed that distribute the functionality of CA between MANET nodes. In this article, we study various proposed DCA schemes for MANET and then classify these schemes according to their internal structures and techniques. Finally, we propose the characteristics of an ideal DCA system that can be used to verify the completeness of any DCA scheme. This classification and taxonomy identify the weakness and constraints of each scheme, and are very important for designing more secure, scalable, and high performance DCA systems for MANETs and other networks. Keywords: distributed certificate authority, threshold cryptography, registration authority (RA), PDCA, CA nodes, cluster head, communication overhead, OLSR protocol, encryption, digital signature
1.Introduction A mobile ad hoc network (MANET) is a set of mobile devices that are connected through wireless links. MANETs have characteristics such as limited bandwidth, absence of any fixed central structure, and ever changing topologies. Thus, implementing strong security services in such environments is very hard and MANETs are highly vulnerable to various security attacks. To solve security problems, public key cryptography must be used in MANETs without incurring heavy network traffic. One of the main components of PKI infrastructure is a certificate authority (CA), it is a trusted third party used for issuing, revoking, and managing of user certificates. Unfortunately, the CA itself can be attacked and finally compromised; in this case, the intruder can sign certificates using the CAs private key. The simplest approach to implement a CA is to assign CA task to single node. One of the main problems of this approach is its availability and it can bring the entire MANET to a halt if it moves out of the MANET. * Correspondence: [email protected] 1 Science and Research Branch, Computer Engineering Department, Islamic Azad University, Tehran, Iran Full list of author information is available at the end of the article
Furthermore, it acts as a single point of failure if it is compromised by an attacker. A replicated CAs can be used to solve availability problem of previous scheme [1]. Therefore, using x replica, the system can withstand (x - 1) failures because the CA service is available as long as there is at least one operational CA. But, this approach creates consistency problems when CA nodes cannot find each others. Also, if any CA node is compromised, we will ha
Data Loading...
