Wireless ad hoc network is one of the most suitable platforms for providing communication services to support mobile applications in public areas where no fixed communication infrastructure exists. However, due to the open nature of wireless links and lack of security infrastructure in an ad hoc network environment, applications operating on ad hoc network platforms are subjected to non-trivial security challenges. Asymmetric key management, which is widely adopted to be an effective basis for security services in an open network environment, typically plays a crucial role in meeting the security requirements of such applications. In this paper, we propose a secure asymmetric key management scheme, the Ubiquitous and Secure Certificate Service (USCS), which is based on a variant of the Distributed Certificate Authority (DCA) - the Fully Distributed Certificate Authority (FDCA). Similar to FDCA, USCS introduces the presence of 1-hop neighbors which hold shares of DCA's private signature key, and can collaborate to issue certificates, thereby providing asymmetric key management service. Both USCS and FDCA aim to achieve higher availability than the basic DCA scheme; however, USCS is more secure than FDCA in that the former achieves high availability by distributing existing shares to new members, rather than generating new shares as the FDCA scheme does. In order to realise the high availability potential of USCS, a share selection algorithm is also proposed. Experimental results demonstrated that USCS is a more secure approach of the DCA scheme in that it can achieve stronger security than FDCA while attaining high availability similar to that of FDCA. Experiments also showed that USCS incurs only moderate communication overheads.

Current Public Key Infrastructures suffer from a scaling problem, and some may have security problems, even given the topological simplification of bridge certification authorities. This paper analyzes the security problems in Bridge Certificate Authorities (BCA) model by using the concept of "impersonation risk," and proposes a new modified BCA model, which enhances its security, but is a bit more complex incertification path building and implementation than the existing one.