The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지

A Study on the Realtime Cert-Validation of Certification based on DARC

DARC 기반에서의 실시간 인증서 유효성 검증에 관한 연구

  • Published : 2001.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

There are cases that revoke the certification because of disclosure of private key, deprivation of qualification and the expiration of a term of validity based on PKI. So, a user have to confirm the public key whether valid or invalid in the certification. There are many method such as CRL, Delta-CRL, OCSP for the cert-validation of certification. But these method many problems which are overload traffic on network and the CRL server because of processing for cert-validation of certification. In this paper we proposed the realtime cert-validation of certification method which solved problems that are data integrity by different time between transmission and receiving for CRL, and overload traffic on network and the CRL server based on DARC.

공개키 기반 인증시스템에서 사용자의 실수로 비밀키가 노출되었거나 자격의 박탈, 유효기간 만료 등의 이유로 인증서를 폐지해야 할 경우가 있다. 이에 따라서 각 사용자는 수신한 인증서가 유효한 것인지를 확인해야만 한다. 이 인증서 폐지 여부를 확인하는 방법으로는 CRL. Delta- CRL, OCSP 등의 방식이 개발되었다. 하지만 이 모든 방식에서의 인증서 유효성 검증은 실시간으로 처리해야 하므로 많은 통신량을 발생시키는 문제점을 가지고 있다. 본 논문에서는 CRL관리의 문제점인 전송시점 차이에 따른 무결성 문제와 실시간 처리로 인한 서버와 네트웍의 과도한 트래픽 발생을 해결한 DARC(DAta Radio Channel)를 이용한 효율적인 CRL 구축 방안을 제안하였다.

Keywords

References

  1. ITU-T Recommandation X.509 (1997) ISO/IEC 9594-8. 1997, Information Technology-Open Systems Interconneetion The Directory : Authentiation Framework, 1997
  2. IETF, Online Certification State Protocol
  3. W. Diffie and M.E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6) : 644-654, November 1976
  4. R. Housley, W. Ford. W. Polk, and D. Solo, RFC2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, January 1999
  5. RFC2560, Internet X.509 Public Key Infrastructure Online Certificate Status Protocol(OCSP)-Version 2.0L. Draft-ietf pkix-ocspv2 02.txt, March 2001
  6. Linda Zeger, 'Analysis and simulation of Multipath Interference of FM Subcarrier Digital Signal,' Proc. of the third IEEE Symposium on Computer and Communication, pp. 35-41, June 1998 https://doi.org/10.1109/ISCC.1998.702430
  7. Irving S. Reed, Xuemin Chen, 'Error-Control coding for Data Networks,' KAP, 1999
  8. P, Scomazzon, R. Andersson, 'SWIFT EU 1197-A multiapplicative services using a high rate data system implemented in the Terrestrial FM Radio Network,' Proc. of the 5th IEEE International Symposium on the Personal Indoor and Mobile Radio Communication, Vol.1, September, 1995
  9. 'United States RBDS Standard,' National Radio System Committee, 1998
  10. 'FM 다중방송 연구보고서', MBC, 1996
  11. 김창언, 김신령, '데이터통신이론', 대영사, 1998
  12. S. Micali, Efficient Certificate Revocation Technical Memo MIT/ LCS/TM-524b, 1996