Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Construction of Efficient Distributed Authentication Server without Additional Key Management

부가적인 키관리를 필요로 하지 않는 효율적인 분산 인증서버의 구축

  • 홍성민 (한국과학기술원 전자전산학과) ;
  • 윤현수 (한국과학기술원 전자전산학과) ;
  • 이승원 (서울대학교 컴퓨터공학부) ;
  • 박용수 (서울대학교 컴퓨터공학부) ;
  • 조유근 (서울대학교 컴퓨터공학부)
  • Published : 2000.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Over the years, the extensive use of networks and distributed systems has increased the need for authentication and digital signatures. Inperforming authentication on a massive scale, authentication servers that use multiple workstations or PCs are more economical than servers that use one inicomputer or mainframe. However, the establishment of authentication servers with multiple platforms can cause some security problems and increases the cost of key management because all platforms within the server must have the private key of the authentication server. We propose a scheme which can solve these problems. The proposed scheme can establish a strong authentication server with no additional key management and improve the performance of the authentication server up to 13 times.

컴퓨터시스템과 네트웍이 발전하면서 인증과 전자서명의 필요성이 증가하고, 전자서명이나 인증을 반복적으로 많이 수행해야 하는 서버들의 필요성이 증대되고 있다. 대량으로 인증을 수행하는 서버를 구현하기 위해서, 한 대의 미니컴퓨터(minicomputer) 또는 메인프레임(mainframe)을 이용하는 것보다 저렴한 여러 대의 웍스테이션이나 PC를 이용하는 것이 경제적이다. 그러나, 여러 대의 플랫폼들로 서버를 구축하기 위해서는 모든 플랫폼들이 개인키(private key)를 가지고 있어야 하는데, 이는 많은 보안상 문제점을 야기시키고 키관리(key management) 비용을 증가시킨다. 본 논문에서는 이러한 문제점을 해결하기 위해, 한 개의 플랫폼에만 서명생성을 위한 개인키를 두며, 나머지 플랫폼들에는 개인키를 두지 않고 SASC (Server-Aided Secret Computation) 프로토콜을 이용하도록 하는 방법을 제시한다. 본 논문에서 제안하는 분산 인증서버는 사용하는 SASC 프로토콜에 따라 성능향상의 정도가 달라지므로, 이를 분석하고 실제적 적용가능성을 살펴보기 위해 구현하고 실험하였다. 본 논문에서 제안하는 방법을 이용하면, 키 관리비용의 증가 없이 여러 대의 웍스테이션 혹은 PC들을 이용해서 강력한 인증서버를 구축할 수 있다.

Keywords

References

  1. C. Boyd and A. Mathuria, 'Key establishment protocols for secure mobile communications: A selective survey,' in ACISP'98, Lecture Notes in Computer Science, Vol. 1438, pp. 344-355, 1998 https://doi.org/10.1007/BFb0053746
  2. K. Vedder, 'Security aspects of mobile communications,' in Computer Security and Industrial Cryptography, LNCS 741, pp. 193-210, Springer Verlag, 1993 https://doi.org/10.1007/3-540-57341-0_63
  3. S. Lee, S.- M. Hong, H. Yoon, and Y. Cho, 'Accelerating key establisment protocol in mobile communication,' in to be appeared in LNCS series - Information Security and Privacy, 1999 https://doi.org/10.1007/3-540-48970-3_5
  4. W.Diffie and M.E.Hellman, 'New direction in cryptography,' IEEE Trans. Computers, Vol. IT-22, pp. 644-654, June 1976
  5. L. Gong, 'Increasing availability and security of an authentication service,' IEEE Journal on Selected Areas in Communications, Vol. 11, no. 5, pp. 657-662, 1993 https://doi.org/10.1109/49.223866
  6. U. Blumenthal, N.C.Hien, and J.H.Rooney, 'Low-cost secure server connection with limited-privilege clients,' in ACISP'98, Lecture Notes in Computer Science No.1438 (C. Boyd and E. Dawson, eds.), pp. 90-98, 1998 https://doi.org/10.1007/BFb0053724
  7. ISO, Open systems interconnection reference model-part 2: Security architecture,' ISO nternational Standard 7498-2, 1988
  8. W. Fumy and P. Landrock, 'Principles of key management,' IEEE journal on Selected Areas in Communications, Vol. 11, no. 5, pp. 785-793, 1993 https://doi.org/10.1109/49.223881
  9. T.Matsumoto, K.Kato, and H.Imai. 'Speeding up secret computations with insecure auxiliary devices,' in Crypto'88, pp. 497-506, 1988
  10. A. Shamir, 'How to share a secret,' Communications of the ACM, Vol. 22, no. 11, pp. 612-613, 1979 https://doi.org/10.1145/359168.359176
  11. G.R.Blakley, 'Safeguarding cryptographic keys,' in Proceedings of National Computer Conference (AFIPS'79), pp. 313-317, 1979
  12. M.P.Herlihy and J.D.Tygar, 'How to make replicated data secure,' in Advances in Cryp-tology - Proceedings of Crypto'87, LNCS 293, pp. 379-391, 1987
  13. M. Bellare, J. A Garay, and T. Rabin, 'Fast batch veri cation for modular exponentiatio and digital signature,' in Advances in Cryptology EUROCRYPT'98, LNCS1403, pp. 236-250, Springer Verlag, 1998 https://doi.org/10.1007/BFb0054130
  14. A. Fiat, 'Batch RSA,' Journal of Cryptology, Vol. 10, no. 2, pp. 75-88, 1997 https://doi.org/10.1007/s001459900021
  15. Y. Yacobi and M. J. Beller, 'Batch diffe-hellman key agreement systems,' Journal of Cryptology, Vol. 10, no. 2, pp. 89-96, 1997 https://doi.org/10.1007/s001459900022
  16. D. M'Raihi and D. Naccache, 'Batch exponentiation - a fast dlp based signature generation strategy,' in 3rd ACM Conference on Computer and Communications Security, pp. 58-61, ACM, 1994 https://doi.org/10.1145/238168.238187
  17. S.-M.Yen, 'Cryptanalysis of secure addition chain for sasc applications,' Electronics Letters, Vol. 31, no. 3, pp. 175-176, 1995 https://doi.org/10.1049/el:19950130
  18. S.-M.Yen and C.-S.Laih, 'More about the active attak on the server-aided secret computation protocol,' Electronics Letters, Vol. 28, no. 24, p. 2250, 1992 https://doi.org/10.1049/el:19921446
  19. R.J.Anderson, 'Attack on server assisted authentication protocols,' Electronics Letters, Vol. 28, no. 15, p. 1473, 1992 https://doi.org/10.1049/el:19920937
  20. B.Pfitzmann and M.Waidner, 'Attacks on protocols for server-aided RSA computation,' in Eurocrypt'92, pp. 153-162, 1992
  21. C.H.Lim and P.J.Lee, 'Security and performance of server-aided RSA computation protocols,' in Crypto'95, pp. 70-83, 1995
  22. J.Burns and C.J.Mitchell, 'Parameter selection for server-aided RSA computation schemes,' IEEE Trans. on Computers, Vol. 43, no. 2, pp. 163-174, 1994 https://doi.org/10.1109/12.262121
  23. C.HLim and P.J.Lee, 'Server(prover/signer)-aided verification of identity proofs and signature,' in Eurocrypt'95, pp. 64-78, 1995
  24. S.Kawamura and AShimbo, 'Fast server-aided secret computation protocols for modular exponentiation,' IEEE JSAC, Vol. 11, no. 5, pp. 778-784, 1993 https://doi.org/10.1109/49.223880
  25. S.-M. Hong, J.-B. Shin, H.Lee-Kwnag, and H. Yoon, 'A new approach to server-aided secret computation,' In International Conference on Information Secuirty and Cryptology (ICISC'98), pp. 33-45, 1998
  26. P. Nguyen and J. Stern, 'The beguin-quisquater server-aided RSA protocol from crypto'95 is not secure,' In Advances In Cryptology Asiacrypt'98, LNCS 1514, pp. 372-379, Springer Verlag, 1998
  27. P. Beguin and J.-J. Quisquater, 'Secure acceleration of DSS signatures using insecure server,' in Asiacrypt'94, pp. 249-259, 1994 https://doi.org/10.1007/BFb0000439
  28. Rivest, R., A. Shamir and L. Adleman, 'A Method for Obtaining Digital Signature and Public Key Cryptosystems', Comm. of ACM, 21, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  29. P.Beguin and J.J.Quisquater, 'Fast server-aided RSA signatures secure against active attacks,' in Crypto'95, pp. 57-69, 1995
  30. CCITT (Consultative Committee on International Telegraphy and Telephony), Recommen-dation X:509: The DirectoryAuthentication Framework, 1988
  31. J.- J. Quisquater and C.Couvreur, 'Fast decipherment algorithm for RSA public-key cryptosystem,' Electronics Letters, Vol. 18, no. 21, pp. 905-907, 1982 https://doi.org/10.1049/el:19820617
  32. D.E.Knuth, The art of computer programming Vol.2. Addition-Wesley.Inc., 1981
  33. E. F.Brickell, D. M.Gordon, K. S.McCurley, and D. B.Wilson, 'Fast exponentiation with precomputation,' in Advances in Cryptology - Eurocrypt'92, LNCS 658, pp. 200-207, 1993