The effect of a MANET proxy overlay for certificate validation services

Certificate validation based on PKIX protocols does not work well under the particular conditions found in a MANET: Episodic connectivity and low bandwidth. We propose an overlay network of validation proxy servers which exploit cooperative caching of recent validation results. The proxy overlay improves the availability of the validation service and reduces the network traffic. The design employs the XKMS certificate validation protocols and a cross-layer approach to the construction of the proxy overlay. The justification and design of the proxy overlay was presented on MILCOM´08. This paper will report from a comprehensive experiment where a prototype implementation of the proxy overlay has been evaluated in a MANET emulation testbed. The emulation testbed employs a novel mobility model based on recent research results. Experimental results show that the proxy overlay has large effect on the network traffic during a series of validation operation. The effect on service availability is significant, but depends on the mobility scenario used in the emulation testbed. The paper provides an analysis on how the mobility conditions affects the performance of the proxy overlay network. The results from the experiment is not only relevant to a certificate validation service, but also to a wide range of lookup and retrieval services where similar request receive similar responses.