A distributed certificate revocation scheme based on one-way hash chain for wireless ad hoc networks

In contrast with conventional wired networks, ad-hoc networks are characterized by the lack of a centralized administration and any fixed network infrastructure. Public key infrastructure (PKI) is a natural choice for establishing trust in such networks. However, the traditional certificate revocation schemes (e.g., the CRL) that require on-line trusted authorities or certificate repositories are not well suited for securing ad-hoc networks. In this paper, we propose a new distributed certificate revocation scheme based on one-way hash chain for ad-hoc networks. In our scheme, prior to entering a network, a mobile node is required to have a valid PKC issued by an off-line trusted CA. Specifically, no centralized authority holds responsibility to collect and publish certificate status information. Instead, the individual mobile node takes charge of its own certificate status by releasing a periodically updated hash value. Finally we analyze the security, efficiency and scalability of this scheme in some details