Dynamic Distributed Certificate Authority Services for Mobile Ad Hoc Networks

Many secure protocols in mobile ad hoc networks rely on the public key infrastructure. Due to the vulnerability of nodes in MANETs, multiple certificate authorities (CAs) distributed over the network, each with a periodically updated share of the private key, is usually adopted. Existing approaches either assume that all nodes are CAs which is not realistic or assign each cluster head to be a CA based on the cluster architecture which may not be efficient since CA service may involve nodes in many clusters. In a previous work, we enhance the latter approach by allowing other nodes to be CAs. All these schemes do not allow the number of CAs to be changed adaptively due to the changes in the size of the network which is common in MANETs. In this paper, we propose a new framework to provide distributed authority services in cluster-based MANETs. In each cluster, a set of nodes are chosen as CAs. The size of the CA set is adaptive to network changes. We further require the shares in different clusters to be independent, and periodically updated.