ORION: On-Demand Registration and Revocation in on-the-Move Networks

The management complexity, hardware limitations, and lack of scalability in the Marine Corps' traditional networking infrastructure creates an opportunity gap that can be filled by software-defined networking (SDN). At the same time, mobile ad-hoc networks (MANETs) have proved to be indispensable in austere environments, allowing tactical units to communicate without the need for permanent infrastructure. Anticipating the proliferation of mobile hand-held technology, a case is made for On-Demand Registration/Revocation in On-the-Move Networks (ORION), a flexible public key infrastructure (PKI) authentication framework for ad-hoc mobile devices. Resembling a localized extension of DISA's Purebred solution, ORION was designed specifically for tactical edge networks. ORION combines the centralized management and programmable capabilities of SDN with the decentralized, self-healing properties of MANET into one scalable, autonomous, interoperable system. The proposed model is designed, developed, and evaluated to demonstrate that forward-deployed, SDN-hosted Certificate Authorities are capable of providing PKI services to edge devices under adversarial network conditions characterized by low bandwidth, high latency, and high loss probabilities.