In recent reports on securing wireless ad hoc networks, several good security approaches have been proposed, and generally they can be categorized as asymmetric and symmetric schemes. Most of the approaches make an assumption that efficient key distribution and management is implemented by some kind of a key distribution center or certificate authority (CA), which has super power to keep serving the network and can not be compromised. However, to maintain the super server safely and also to keep it available when needed presents another big issue.
To mitigate this problem, the concept of threshold secret sharing has recently been introduced and there are two proposed approaches using threshold cryptography to distribute the services of certificate authority in wireless ad hoc networks. Zhou and Hass [4] firstly proposed a partially distributed certificate authority scheme, in which a group of special nodes is capable of generating partial certificates using their shares of the certificate signing key. A valid certificate can be obtained by combining k such partial certificates. The weakness of the solution is that it requires an administrative infrastructure available to distribute the shares to the special nodes. The scheme is further complicated by the normal nodes' need to locate the server nodes. Keeping the n special nodes available when needed makes the system maintenance difficult. In [5], Kong proposed another threshold cryptography scheme to wireless ad hoc networks by distributing the RSA certificate signing key to all the nodes in the network.
This scheme can be considered as a fully distributed certificate authority, in which the capabilities of certificate authority are distributed to all nodes and any operations requiring the certificate authority's private key can only be performed by a coalition of k or more nodes. This solution has a good availability since all nodes are part of the certificate authority service, it is easier for a node to locate k neighbor nodes and request the certificate authority service.