• Title/Summary/Keyword: Resource PKI

Search Result 15, Processing Time 0.021 seconds

Designing Reliable P2P Transmission Mechanism Against MITM Attack (MITM 공격에 안전한 P2P 신뢰전송 메커니즘의 설계)

  • Kim, Sang-Choon;Kwon, Hyeonk-Chan;Nah, Jae-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.103-109
    • /
    • 2008
  • Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

IPv4 Address Trading Using Resource Certificate

  • Park, Cheol-Soon;Ryou, Jae-Cheol;Park, Yong-Tae
    • Journal of Information Processing Systems
    • /
    • v.6 no.1
    • /
    • pp.107-120
    • /
    • 2010
  • The Internet has been growing at unprecedented rates. The problem of an address shortage could act as a barrier on this growth. In principle, a new Internet standard, IPv6 solves the problem of the address shortage because it has a very large address space. But IPv6 is not yet compatible with the IPv4 and during the IPv4-to-IPv6 transition period IPv4 address will continue to be in demand. Thus for quite some time, the problem of IP address shortage will persist. To solve the problem, we propose the mechanism of secure IP address trading. This mechanism is based on the Resource PKI (RPKI). The RPKI is the working item of IETF. This proposed mechanism maximizes the trust of IP address trading using RPKI.

A Study of Cross Certification between Realms in Public Key Infrastructure based on X.509 (X.509기반 PKI의 영역간 상호인증 프로토콜에 관한 연구)

  • 신광철
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.6
    • /
    • pp.845-852
    • /
    • 2001
  • Electronic commerce and application service is to universal on the internet, and a large quantity information transmitted on the network, It's needs procedure to access only permit objects for the integrity of information. In order to provide regional services is authentication for control resource and client identification. In particular, public key system is to implement in distributed environment, it is able to insurance users convenience and integrity at the same time. In this paper designed mechanism of cross certification between realms in PKI based on X.509 associated with DNS (Domain Name System) that is presented.

  • PDF

A Method on Maintaining Consistency of Certificates in public Key Infrastructure using DNS (DNS를 사용한 공개키 인증서의 일치성 보장에 관한연구)

  • 석우진
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.2
    • /
    • pp.3-12
    • /
    • 2000
  • In this paper we propose a new algorithm which resolves the inconsistency problems occurring when DNS severs are employed as elements of PKI. The inconsistency may take place between primary name servers and secondary name servers and between cached certificate and original certificate. The former can be removed by adapting RFC 1996 NOTIFY opcode for DNS. In order to eliminate the latter type of inconsistency we develope a new algorithm which is implemented with two additional RR(Resource Record). The present algorithm is designed such that DNS contacts the destination DNS prior to returning public key to users. Therefore the inconsistency problem occurring when DNS is operated as PKI can be eliminated by using the proposed adaptation and algorithm.

An efficient user authentication protocol for cloud computing environments (클라우드 컴퓨팅 환경에서 효과적인 사용자 인증 프로토콜)

  • Moon, Jeong-Kyung;Kim, Jin-Mook;Kim, Hwang-Rae
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.5
    • /
    • pp.2353-2359
    • /
    • 2011
  • The request of Green-IT technology and recommend of computer hardware resource are increasing explosively. So, necessity of Cloud computing is increasing rapidly. Berkeley Univ. announced teens constituent that threat Cloud computing in 2009 and problem for user authentication should be solved as is urgentest among them. So, We wish to propose effective user authentication protocol in Cloud computing environment. Secure safety for user quotation through Kerberos's ticket issue that is existent representative user authentication techniques, and defined authentication procedure of two steps that flow user authentication and service authentication through PKI's. Is uncomplicated structurally more than efficiency for certification protocol and examination result about safety, existent PKI that propose and simplify achievement procedure and system configuration more than Kerberos and reduced response time.

A Study on Sharing Web Application between Battlefield Management System based on PKI Authentication (PKI 인증기반 전장관리체계 웹 연동에 관한 연구)

  • Kim, Young-Sung;Lee, Yun-Ho;Lee, Soo-Jin
    • Journal of the military operations research society of Korea
    • /
    • v.36 no.1
    • /
    • pp.123-140
    • /
    • 2010
  • Interworking Web Application to share the resource between Battlefield Management Systems(BMS) is critical issues for accomplishment of information superior. However, authentication system of BMS differ from each other because of having the independent plan for system build. This problem causes inefficiency such as the information insufficiency owing to not share web application and the need of additional laptops. To solve the problem, in this paper, we propose the improved certificate acquisition and verification algorithm for the user of different BMS. By testing the proposed algorithm appling to the real field, we verify the performance of proposed method.

Distributed OCSP Certificate Verification Model for Reducing Response Time (응답시간 단축을 위한 분산 OCSP 인증서 검증 모델)

  • Choi Seung kwon;Jang Yoon sik;Ji Hong il;Shin Seung soo;Cho Yong hwan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.4A
    • /
    • pp.304-311
    • /
    • 2005
  • OCSP has specific characters which can suspend, close, and correct in real time. But, as more clients use the OCSP server verification, more updated information is needed, which can lead to jamming in the OCSP server. To apply this technique of Distributed OCSP server so as to reduce the certificate verification OCSP from jamming. Also, the Distributed OCSP server will solve the problems of the intensive central structure. Simulation results show that the average reply time of certificate verification request and server load are reduced in the case using distributed OCSP. In addition to this advantage, resource distribution and fault tolerance are acquired because of multiple OCSP.

An E-Mail Protocol Providing Forward Secrecy without Using Certificated Public Keys (공개키 인증서를 사용하지 않는 전방향 안전성을 보장하는 E-mail 프로토콜)

  • Kwon, Jeong-Ok;Koo, Young-Ju;Jeong, Ik-Rae;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.1
    • /
    • pp.3-11
    • /
    • 2009
  • Forward secrecy in an e-mail system means that the compromising of the long-term secret keys of the mail users and mail servers does not affect the confidentiality of the previous e-mail messages. Previous forward-secure e-mail protocols used the certified public keys of the users and thus needed PKI(Public Key Infrastructure). In this paper, we propose a password-based authenticated e-mail protocol providing forward secrecy. The proposed protocol does not require certified public keys and is sufficiently efficient to be executed on resource-restricted mobile devices.

Design and Implementation of Arbitrary Precision Class for Public Key Crypto API based on Java Card (자바카드 기반 공개키 암호 API를 위한 임의의 정수 클래스 설계 및 구현)

  • Kim, Sung-Jun;Lee, Hei-Gyu;Cho, Han-Jin;Lee, Jae-Kwang
    • The KIPS Transactions:PartC
    • /
    • v.9C no.2
    • /
    • pp.163-172
    • /
    • 2002
  • Java Card API porvide benifit for development program based on smart card using limmited resource. This APIs does not support arithmetic operations such as modular arithmetic, greatest common divisor calculation, and generation and certification of prime number, which is necessary arithmetic in PKI algorithm implementation. In this paper, we implement class BigInteger acted in the Java Card platform because that Java Card APIs does not support class BigInteger necessary in implementation of PKI algorithm.

A Study of Automatically Authentication System for Virtual Resource Organization on Grid (그리드상의 가상 자원 조직에 대한 자동 인증 시스템 연구)

  • 최병선;이원구;이재광
    • Proceedings of the Korea Contents Association Conference
    • /
    • 2004.05a
    • /
    • pp.301-306
    • /
    • 2004
  • The Grid VO(Virtual Organization) is temporary VO where gather indivisual, authority, or system resource, differ from previous VO concept that controled by internal principal and policy set. It have many problems in case of indivisuals, authorities, or system resources that became member\ulcorner of some Grid VO at same time and combination followed changing condition of system resource for building Grid VO. This paper propose lightweighted Grid VO authentication system based on XML security to solve the authentication of the problems occuring in building Grid VO. In this paper, Grid VO authentication system is including Grid VO authentication module that is intermediate management system in PH to previous authentication service structure and provide effective authentication service to Grid VO.

  • PDF