• Title/Summary/Keyword: Public-key certificate

Search Result 218, Processing Time 0.022 seconds

Effective Certificate Verification of Wireless PKI Based in WAP (WAP에서 무선 PKI기반의 효율적인 인증서 검증)

  • Shin Jung-Won;Choi Seong-Kwon;Ji Hong-Il;Lee Byong-Rok;Cho Yong-Hwan
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2005.11a
    • /
    • pp.175-180
    • /
    • 2005
  • To data service is offered successfully including electronic commercial transaction in radio Internet, security problem should be solved. Security protocole for radio internet does certification and key exchange by leitmotif and designed because suppose WPKI(WAP Public Key Infrastructure) mainly and use certificate. Wish to discuss efficient certificate verification of PKI that consider radio surrounding hereupon.

  • PDF

On Design of the Recoverable Cryptosystem in Public Key Infrastructure (PKI 연동 키복구 암호 시스템 설계에 관한 연구)

  • 최희봉;오수현;홍순좌;원동호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.1
    • /
    • pp.11-20
    • /
    • 2002
  • In 1998, A. Young and M. Yung proposed the auto-recovery auto-certificate cryptosystem in public key infrastructure. We propose the new recoverable cryptosystem in public key infrastructure which is designed with the concept of A. Young et al's auto-recovery auto-certificate cryptosystem. It has the private/public key pairs of the user and the master private/public key pairs of the escrow authority. It is based on RSA cryptosystem and has efficiency and security.

A Forward-Secure Certificate-Based Signature Scheme with Enhanced Security in the Standard Model

  • Lu, Yang;Li, Jiguo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.3
    • /
    • pp.1502-1522
    • /
    • 2019
  • Leakage of secret keys may be the most devastating problem in public key cryptosystems because it means that all security guarantees are missing. The forward security mechanism allows users to update secret keys frequently without updating public keys. Meanwhile, it ensures that an attacker is unable to derive a user's secret keys for any past time, even if it compromises the user's current secret key. Therefore, it offers an effective cryptographic approach to address the private key leakage problem. As an extension of the forward security mechanism in certificate-based public key cryptography, forward-secure certificate-based signature (FS-CBS) has many appealing merits, such as no key escrow, no secure channel and implicit authentication. Until now, there is only one FS-CBS scheme that does not employ the random oracles. Unfortunately, our cryptanalysis indicates that the scheme is subject to the security vulnerability due to the existential forgery attack from the malicious CA. Our attack demonstrates that a CA can destroy its existential unforgeability by implanting trapdoors in system parameters without knowing the target user's secret key. Therefore, it is fair to say that to design a FS-CBS scheme secure against malicious CAs without lying random oracles is still an unsolved issue. To address this problem, we put forward an enhanced FS-CBS scheme without random oracles. Our FS-CBS scheme not only fixes the security weakness in the original scheme, but also significantly optimizes the scheme efficiency. In the standard model, we formally prove its security under the complexity assumption of the square computational Diffie-Hellman problem. In addition, the comparison with the original FS-CBS scheme shows that our scheme offers stronger security guarantee and enjoys better performance.

A Proposal for Transmission Method of Safety CRL to Distributed OCSP Group (분산된 OCSP 그룹으로 안전한 인증서 취소 목록 전달 방법에 관한 연구)

  • Ko Hoon;Jang Uijin;Shin Yongtae
    • Journal of Internet Computing and Services
    • /
    • v.5 no.2
    • /
    • pp.33-40
    • /
    • 2004
  • PKI(Public Key Infrastructure) issues a certificate for providing Integrity of public key. and it Inspects the validity by downloading CRL(Certificate Revocation List) for checking the validity of certificate. But. it imposes a burden on processing of certificate due to Increase of user and the size of CRL, Lately, OCSP(Online Certificate Status Protocol), which examines the validity on online, is published as an alternative plan. But, it makes a problem due to concentration of just one certificate repository, Accordingly we propose the scheme that OCSP server is arranged in distributed area and then the information is safely transmitted to OCSP server.

  • PDF

Inter-Domain Verifiable Self-certified public keys (상이한 도메인에서 검증 가능한 자체 인증 공개키)

  • 정영석;한종수;오수현;원동호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.71-84
    • /
    • 2003
  • Self-certified public keys need not be accompanied with a separate certificate to be authenticated by other users because the public keys are computed by both the authority and the user. At this point, verifiable self-certified public keys are proposed that can determine which is wrong signatures or public keys if public keys are used in signature scheme and then verification of signatures does not succeed. To verify these public keys, key generation center's public key trusted by users is required. If all users trust same key generation center, public keys can be verified simply. But among users in different domains, rusty relationship between two key generation centers must be accomplished. In this paper we propose inter-domain verifiable self-certified public keys that can be verified without certificate between users under key generation centers whose trusty relationship is accomplished. Also we present the execution of signature and key distribution between users under key generation centers use different public key parameters.

Security of two public key schemes with implicit certifications (함축적인 인증을 제공하는 두 가지 공개키 암호 알고리즘의 안전성)

  • Park, Je-Hong;Lee, Dong-Hoon;Park, Sang-Woo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.3-10
    • /
    • 2007
  • In this paper, we show that the status certificate-based encryption(SCBE) scheme proposed at ICISC 2004 and the certificateless signature(CLS) scheme proposed at EUC workshops 2006 are insecure. Both schemes are claimed that an adversary has no advantage if it controls only one of two participants making a cryptographic key such as a decryption key in SCBE or a signing key in CLS. But we will show that an adversary considered in the security model of each scheme can generate a valid cryptographic key by replacing the public key of a user.

The Secure Key Store to prevent leakage accident of a Private Key and a Certificate (인증서와 개인키 유출 방지를 위한 보안키 저장소 Secure Key Store)

  • Park, Young-Jin;Kim, Seon-Jong;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.31-40
    • /
    • 2014
  • In Korea, the Public Key Infrastructure (PKI) has been introduced. For secure information transmission and identification, the electronic signature authorization system of a certificate-based is built, and then the service provide.The certificate is stored in location what users can easily access and copy. Thus, there is a risk that can be stolen by malware or web account hacking. In addition, private key passwords can be exposed by the logging tool, after keyboard security features are disabled. Each of these security weaknesses is a potential conduit for identity theft, property/asset theft, and theft of the actual certificates. The present study proposes a method to prevent the private key file access illegally. When a certificate is stored, the private key is encrypted by the dependent element of the device, and it is stored securely. If private key leakage occurs, the retrieved key could not be used on other devices.

A Comparative Analysis of PKI Authentication and FIDO Authentication (PKI 인증과 FIDO 인증에 대한 비교 분석)

  • Park, Seungchul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.7
    • /
    • pp.1411-1419
    • /
    • 2017
  • The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

A Study on Multi_Kerberos Authentication Mechanism based on Certificate (인증서기반의 Multi_Kerberos 인증시스템에 관한 연구)

  • Shin, Kwang-Cheul;Cho, Sung-Je
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.3
    • /
    • pp.57-66
    • /
    • 2006
  • In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

  • PDF

Efficient and Practical Appraoch to Check Certificate Revocation Status of the WLAN Authentication Server's Public Key (WLAN 인증서버의 인증서 폐지상태 확인 기술)

  • Park DongGook;Cho Kyung-Ryong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.5
    • /
    • pp.958-964
    • /
    • 2005
  • WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.