Improving OCSP-Based Certificate Validations in Wireless Ad Hoc Networks

Certificate status validation is one of the main operations conducted in all PKI-based security systems to ensure the validity of digital certificates. In this paper, a new certificate validation scheme is proposed which adjusts the OCSP responses validity period according to the trust level of certificate authority on the certificate owner. As a result, the OCSP responses validity period of more trusted nodes are increased while the less ones' are decreased. On the client side, the OCSP responses validity period can be used to tune the certificate status information (CSI) caching period which has direct effect on the overheads and freshness of CSI in MANET. Our proposed solution improves the availability of CSI for more trusted nodes and better isolates the malicious ones. Extensive simulation results indicate that our solution efficiently reduces the CSI inconsistency problem and mitigates the overheads of certificate status validations in MANET.