TY - GEN
T1 - A study on certificate revocation in mobile ad hoc networks
AU - Liu, Wei
AU - Nishiyama, Hiroki
AU - Ansari, Nirwan
AU - Kato, Nei
PY - 2011
Y1 - 2011
N2 - Certificate revocation is an important security component in mobile ad hoc networks (MANETs). Owing to their wireless and dynamic nature, MANETs are vulnerable to security attacks from malicious nodes. Certificate revocation mechanisms play an important role in securing a network. When the certificate of a malicious node is revoked, it is denied from all activities and isolated from the network. The main challenge for certificate revocation is to revoke the certificates of malicious nodes promptly and accurately. In this paper, we build upon our previously proposed scheme, a clustering-based certificate revocation scheme, which outperforms other techniques in terms of being able to quickly revoke attackers' certificates and recover falsely accused certificates. However, owing to a limitation in the scheme's certificate accusation and recovery mechanism, the number of nodes capable of accusing malicious nodes decreases over time. This can eventually lead to the case where malicious nodes can no longer be revoked in a timely manner. To solve this problem, we propose a new method to enhance the effectiveness and efficiency of the scheme by employing a threshold based approach to restore a node's accusation ability and to ensure sufficient normal nodes to accuse malicious nodes in MANETs. Extensive simulations show that the new method can effectively improve the performance of certificate revocation.
AB - Certificate revocation is an important security component in mobile ad hoc networks (MANETs). Owing to their wireless and dynamic nature, MANETs are vulnerable to security attacks from malicious nodes. Certificate revocation mechanisms play an important role in securing a network. When the certificate of a malicious node is revoked, it is denied from all activities and isolated from the network. The main challenge for certificate revocation is to revoke the certificates of malicious nodes promptly and accurately. In this paper, we build upon our previously proposed scheme, a clustering-based certificate revocation scheme, which outperforms other techniques in terms of being able to quickly revoke attackers' certificates and recover falsely accused certificates. However, owing to a limitation in the scheme's certificate accusation and recovery mechanism, the number of nodes capable of accusing malicious nodes decreases over time. This can eventually lead to the case where malicious nodes can no longer be revoked in a timely manner. To solve this problem, we propose a new method to enhance the effectiveness and efficiency of the scheme by employing a threshold based approach to restore a node's accusation ability and to ensure sufficient normal nodes to accuse malicious nodes in MANETs. Extensive simulations show that the new method can effectively improve the performance of certificate revocation.
KW - certificate revocation
KW - clustering
KW - mobile ad hoc networks
KW - recovery
UR - http://www.scopus.com/inward/record.url?scp=80052171349&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052171349&partnerID=8YFLogxK
U2 - 10.1109/icc.2011.5962925
DO - 10.1109/icc.2011.5962925
M3 - Conference contribution
AN - SCOPUS:80052171349
SN - 9781612842332
T3 - IEEE International Conference on Communications
BT - 2011 IEEE International Conference on Communications, ICC 2011
T2 - 2011 IEEE International Conference on Communications, ICC 2011
Y2 - 5 June 2011 through 9 June 2011
ER -