The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Practical Improvement of An Efficient Public-Key framework and Its Application

효율적인 공개키 프레임워크에 대한 실용적 개선과 응용

  • 양종필 (큐슈대학교 시스템정보과학부) ;
  • 신원 (동명정보대학교 정보보호학과) ;
  • 이경현 (부경대학교 전자컴퓨터정보통신공학부)
  • Published : 2006.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

J. Zhou et al. proposed a new public-key framewort in which the maximum lifetime of a certificate is divided into short periods and the certificate could be expired at the end of any period under the control of the certificate owner(or his manager in a corporate environment). However, J. Zhou et al.'s public-key framework is not suitable on implementation in real world. Therefore, we review some security Parameters to change them into more suitable ones for implementation and remove an unnecessary trust party of J. Zhou et al.'s public-key framework. Then, we propose an improved scheme for realistic solution. Moreover, we present a practical application based on the improved framework.

J. Zhou 등이 제안한 공개키 프레임워크는 인증서의 유효 기간은 여러 짧은 갱신 기간으로 나뉘어 지며, 각 인증서는 인증서 소유자(또는 조직적인 환경에서는 소유자의 관리자)의 제어를 통하여 각 갱신 기간의 종료 지점에서 취소될 수 있다. J. Zhou 등의 공개키 프레임워크는 인증서 검증자의 계산 및 통신 부담을 줄임으로써 효율성을 상당히 증진시키지만 실제 환경에 구현하여 적용할 경우 많은 문제점을 내포하고 있다. 따라서, 본 논문에서는 J. Zhou 등의 공개키 프레임워크 내의 보안 파라메타들을 재조명한 후, 실제 구현 환경에 적합하도록 개선하며, J. Zhou 등의 공개키 프레임워크에서 불필요한 신뢰기관을 제거함으로써 보다 실용적인 공개키 프레임워크를 제안한다. 그리고, 개선된 공개키 프레임워크를 기반한 실질적인 응용을 소개한다.

Keywords

References

  1. C. Adams and S. Lloyd, 'Understanding public-key infrastructure: concepts, standard, and deployment considerations,' Indianapolis: Macmillan Technical Publishing, (1999)
  2. D. Cooper, 'A more efficient use of delta-CRLs,' Proceeding of 2000 IEEE Symposium on Security and Privacy, pp.190-202, (2000)
  3. J. Zhou, F. Bao and R. Deng, 'An Efficient Public-Key Framework,' 5th International Conference on Information and Communications Security, LNCS 2836, pp.88-99, (2003)
  4. J. Yang, W. Shin and K. Rhee, 'An end-to-end authentication protocol in Wireless Application Protocol,' ACISP 2001, LNCS 2119, pp.247-259, (2001)
  5. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, 'X.509 Internet public key infrastructure on-line certificate status protocol (OCSP),' RFC 2560, (1999)
  6. N. Asokan, G.Tsudik and M.Waidner, 'Server-Supported Signatures,' European Symposium on Research in Computer Security, pp.131-143, (1996)
  7. N. Haller, 'The S/Key One-time Password System,' Proceeding of ISOC Symposium on Network and Distributed System Security, pp.151-157, (1994)
  8. M. Naor and K. Nissim, 'Certificate revocation and certificate update,' Proceedings 7th USENIX Security Symposium, San Antonio, Texas, pp.217-228, (1998)
  9. Peter Buhler, Thomas Eirich, Michael Stenier and Michael Waidner, 'Secure Password-Based Cipher Suite For TLS,' In Symposium on Network and Distributed Systems Security (NDSS '00), pp.129-142, (2000)
  10. P. McDaniel and S. Jamin, 'Windowed certificate revocation,' Proceedings of IEEE INFOCOM'2000, Tel-Aviv, Israel, pp.1406-1414, (2000)
  11. R. Housley, W. Ford, W. Polk and D. Solo, 'Internet X.509 public key infrastructure certificate and CRL profile,' RFC 2459, (1999)
  12. S. Halevi and H. Krawczyk, 'Public-Key Cryptography And Password Protocols,' In 5th ACM Conference on Computer and Communication Security, San Francisco, California, pp.122-131, (1998)
  13. S. Micali, 'Efficient Certificate revocation,' Technical Memo MIT/LCS/TM-542b, (1996)
  14. Steven M. Bellovin, 'Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,' Proceedings of the IEEE Symposium on research in Security and Privacy, Oakland, , pp.72-84, (1992)