AN AGENT BASED CERTIFICATE REVOCATION SCHEME FOR PUBLIC KEY MANAGEMENT IN MOBILE AND WIRELESS ADHOC NETWORKS

摘要

The absence of centralized servers in mobile ad hoc networks such as wireless Wi-Fi based and other sensor based networks makes it highly difficult to implement public key infrastructure based security systems. The core entity in a public key infrastructure is 'trust relationships'. Every client which need to authenticate a server (authentication means establishing the fact that the server that the client in communicating with is the actual server what it claims to be) ultimately has to rely a certain entity vouching for the server's authenticity. This entity is called the Certificate Authority. However establishing certificates in non-centralized networks such as wireless ad hoc networks could be highly cumbersome. Many distributed solutions have been proposed to address this problem. An important segment in the design of public key infrastructure is provisions for outdated and misused certificates to be revoked. We postulate that the amount of compromise that any node in an ad hoc network has undergone will be reflected most efficiently by nodes in its immediate neighborhood. Based on this, in this paper we present an agent based solution that gleans misuse information of a certain node to determine if a client can accept the node's certificate or not. Agent based architectures are very useful in establishing intelligence in distributed network. We explore the effect of agents on one of the critical aspects of the Internet (vis-a-vis: network security) which has not embraced agent based models at practical levels. With our experiments we provide a platform where agents can be modeled for security practices over the Internet and practical enterprise organizations.