• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.1-9
• /
• 2005

In a role based access control through attribute certificate, the use of role assignment certificates and role specification certificates can reduce management cost and the overhead incurred by changing roles, Highly distributed computing environments such as ubiquitous computing environments not having global or broad control. need another attribute certificate management technique, Actually just having role specification certificate separately reduce management cost, But for better performance we structure role specification, We group roles and make the role group relation tree, It results secure and efficient role renewing and distribution, For scalable role specification certificate distribution, the multicasting of packets is used, We take into account the packet lass and quantify performance enhancements of structuring role specification certificates.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.85-92
• /
• 2005

For an efficient role based access control in highly distributed computing environment to reduce management cost, we utilize attribute certificates. Especially highly distributed computing environments such as ubiquitous computing environments which cannot have global or broad control, need another attribute certificate management technique. The techniques for transmission of the attribute certificates and management of the group keys should be considered to reduce management cost. For better performance we structure attribute certificates. We group roles and make the role group relation tree. It results secure and efficient role renewing and distribution. For scalable attribute certificate distribution, multicasting packets are used. We take into account the packet loss and quantifying performance enhancements of structuring attribute certificates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.3-13
• /
• 2002

There are cases that revoke the certification because of disclosure of private key, deprivation of qualification and the expiration of a term of validity on PKI. So, a user has to confirm the public key whether valid or invalid in the certification. There are many methods such as CRL, Delta-CRL, OCSP for the cert-validation of certification. But these methods have many problems, which cause overload traffic on network and the CRL server because of realtime processing for cert-validation of certification. In this paper we proposed cert-validation of certification improvement method based on FM Subcarrier Broadcasting, which solved problems that are data integrity by different time between transmission and receiving for CRL, and overload traffic on network and the CRL server the realtime management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.83-91
• /
• 2008

IISO/IEC 9594-8 defines the public key framework and attribute certificate framework. Attribute certificate framework deals with privilege management infrastructure(PMI). In PMI, for privilege management using attribute certificates, role assignment certificates and role specification certificates are used to assign and specify privileges independently. Role specification certificates includes privilege specifications and the details far privilege management of network environments. Privilege management of unreliable network environment tries to enhance the reliability and efficiency of privilege information transmission forwarding over unreliable routes in the presence of potentially faulty nodes and edges. Each node forms a role specification tree based on role specification relationship data collected from the network. In this paper privilege management cost with the role specification certificates tree structure is evaluated trying to reduce the overhead incurred by role creation and modification of privileges. The multicasting of packets are used for scalability. We establish management cost model taking into account the packet loss and node reliability which continuously join and leave for network. We present quantitative results which demonstrate the effectiveness of the proposed privilege management scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.4
• /
• pp.744-752
• /
• 2017

ECQV implicit certificate reconstructs the public key from the certificate without validation of the signature unlike the explicit certificate. Like this, the certificate and the public key is implicitly validated when a public key is reconstructed from a certificate. Hence, ECQV implicit certificate is shorter than the explicit certificate due to be only comprised of the public key reconstruction data instead of the signature and the public key, and faster to reconstruct the public key from the certificate than validating the signature. Furthermore, ECQV is well suited for environments and application that resources such as memory and bandwidth are limited because it is shorter the key length, and faster the performance than other cipher cryptography due to be run on ECC. In this paper, we describe prerequisites of ECQV specified in the SECG SEC 4 and issuance of an implicit certificate, reconstruction of the public key from an implicit certificate. Also we designed and implemented ECQV, and measured the performance of it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.3-14
• /
• 2001

CRLs are the most common way to handle certificate revocation. But, They have several problems. Since the validity period of certificates is long and the number of users it immense, CRLs can grow extremely long. Therefore, a great amount of data needs to be transmitted. Moreover, CRLs cannot provide immediate revocation. In this paper, we propose a new certificate revocation mechanism using mECC and Weil pairing in elliptic curve crypto-system. Our certificate revocation mechanism simplifies the process of certificate revocation and provides the immediate revocation.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.1193-1195
• /
• 2023

전 세계적으로 PQC migration 을 위한 암호 표준화, 로드맵 발표 등 많은 관심이 집중되고 있다. 그 중, 인터넷 환경에 필수적으로 사용되는 TLS 는 PQC 전환이 필수적이다. 하지만 NIST 표준으로 선정된 PQC 서명 알고리즘들은 기존 서명 알고리즘에 비해 공개키와 서명의 크기가 크다. 따라서 TLS 통신에 필요한 인증서를 PQC 서명알고리즘을 통해 생성하게 되면 통신 오버헤드가 급증하는 문제가 있다. 이에, 본 논문에서는 TLS 에 사용되는 인증서에 RFP8879 에 정의된 3 가지 압축알고리즘(Zlib, Z-standard, Brotli)과, CBOR 인코딩 기법을 사용하여 인증서 압축성능을 비교해본다.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.53-61
• /
• 2017

IoT technology is evolving and related services and technologies are spreading throughout the life. These IoT technologies make life easier for users, but they also have big threats like double-edged swords. Therefore, the importance of security is emerging and related researches are actively proceeding. Existing researches have focused on reducing the computational load on the constrained devices, performing the DTLS for the end-to-end security from a network architecture perspective. In this paper, we propose a DTLS protocol that uses ECQV certificate instead of existing X.509 certificate to reduce the load of DTLS protocol from the network perspective. In addition, the proposed scheme is implemented and compared with PSK and RPK modes.