Abstract
Certificate authorities (CAs) are the main components of PKI that enable us for providing basic security services in wired networks and Internet. But, we cannot use centralized CAs, in mobile ad hoc networks (MANETs). So, many efforts have been made to adapt CA to the special characteristics of MANETs and new concepts such as distributed CAs (DCAs) have been proposed that distribute the functionality of CA between MANET nodes. In this article, we study various proposed DCA schemes for MANET and then classify these schemes according to their internal structures and techniques. Finally, we propose the characteristics of an ideal DCA system that can be used to verify the completeness of any DCA scheme. This classification and taxonomy identify the weakness and constraints of each scheme, and are very important for designing more secure, scalable, and high performance DCA systems for MANETs and other networks.
Highlights
A mobile ad hoc network (MANET) is a set of mobile devices that are connected through wireless links
In partially implemented distributed CAs (DCAs) (PDCA), services of the Certificate authorities (CAs) are distributed to a set of specialized server nodes using secret sharing
Number of server nodes: Selecting the right number of nodes for PDCA is not an easy task and we cannot specify the exact number of them. They should be a function of the network size, the degree of resilience required against attacks and number of operations that DCA supports
Summary
A mobile ad hoc network (MANET) is a set of mobile devices that are connected through wireless links. It acts as a single point of failure if it is compromised by an attacker. Using x replica, the system can withstand (x - 1) failures because the CA service is available as long as there is at least one operational CA This approach creates consistency problems when CA nodes cannot find each others. In partially implemented DCA (PDCA), services of the CA are distributed to a set of specialized server nodes using secret sharing. Each of these nodes can generate partial certificates and a client can create a valid certificate by combining enough number of these partial certificates.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
