ADOPT. A Distributed OCSP for Trust Establishment in MANETs

Abstract:
The establishment of trust in mobile ad hoc networks (MANET) has been receiving increasing attention during the last few years. Due to the infrastructure-less nature of MANETs, the design and implementation of adequate security and trust mechanisms is imperative. Many trust establishment solutions, including recent proposals for secure routing protocols, rely on public key certificates. The use of certificates in ad hoc networks must be accompanied by an efficient mechanism for certificate revocation and validation. In this paper we address this open issue, and a distributed, on-demand, OCSP-based scheme is proposed. This scheme, called Ad-hoc Distributed OCSP for Trust (ADOPT), uses caches of OCSP responses that are distributed and stored on intermediate nodes, avoiding the exchange of extended certificate status lists among the ad-hoc nodes. The method takes into account the status of intermediate nodes, such as network topology, energy thresholds, and cellular connectivity, to materialise the caching of OCSP responses. The paper discusses alternative design approaches that enable the revision and distribution of up-to-date OCSP responses.