• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.227-230
• /
• 2003

본 논문은 공개된 네트워크를 통해 교환되는 기밀정보의 무결성과 인증을 위해 사용되는 공기키 인증서에 대한 새로운 인증방법을 제안한다. 제안된 새로운 방법은 인증된 딕셔너리［1］기반하에 RSA 일방향 어큐뮬레이터를 이용하여 인증서 폐기목록(CRL： Certificate Revocation List) 원소들의 존재 유무에 대한 증거값들을 미리 생성하고 사용자가 인증서의 유효성을 알아보기 위해 해당 원소에 대한 질의를 보내게 되면 미리 계산되어진 증거값을 바로 제시해줌으로써 계산시간이나 전송용량의 효율성을 극대화시켰다. 또한 파라미터값을 주어 CRL을 여러개의 부분집합으로 나눔으로써 계산량을 동적으로 분산시켜 사용자가 소형기기나 무선 네트워크 환경에 있더라도 활용이 가능하도록 하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.3
• /
• pp.507-513
• /
• 2007

In this paper, we propose an efficient authentication protocol based on certificateless signature scheme, which does not need anyinfrastructure to deal with certification of public keys, among the vehicles in Vehicular Ad-hoc Networks. Moreover, due to the characteristicsof VANET nodes (i.e., vehicles) that is fast and movement, the proposed protocol introduces the concept of interval signing key to overcome efficiently the problem of certificate revocation in traditional Public Key Infrastructure(PKI).

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1107-1110
• /
• 2004

PKI(Public key Infrastructure)기반에서 CA(Certificate Authority)는 사용자를 인증하기 위해서 인증서를 생성하고, 인증서의 상태를 검증하기위해서 CRL(Certificate Revocation List)를 발행하여 인증서 취소 상태를 확인하도록 한다. CRL을 사용할 경우 사용자의 증가로 인하여 CRL의 크기가 증가 함으로써 많은 부담과 실시간 처리가 어렵다. 이와 같은 단점을 보안하기 위해서 최근에는 실시간 처리가 가능한 OCSP(Online Certificate Status Protocol)방법이 제안되었지만 이 또한 사용자의 급증으로 하나의 OCSP 서버에 집중화 됨으로써 OCSP 서버의 부하가 많이 생긴다. 본 논문에서는 집중 OCSP 서버에서 생기는 부하를 줄이기 위해 여러 개의 OCSP 서버를 두고, 각 OCSP 서버의 응답 처리 시간을 빠르게 하기 위해서 CA가 실시간으로 인증서 취소 정보를 해당 OCSP 서버에게 분배하여 전달하고 Front Server를 둠으로써 각 OCSP의 Load를 모니터링하여 부하가 적게 걸린 OCSP에게 인증서 상태 검증을 함으로써 신뢰성과 각 OCSP 서버의 부하를 줄이는 방안을 제시한다.

• Journal of Auto-vehicle Safety Association
• /
• v.13 no.1
• /
• pp.31-37
• /
• 2021

SCMS is a security credential management system for V2X communication, which performs generation/ provision/validation of device's security certificates. In this paper, we will explain about the main functions of SCMS and the role of each institution, and propose the following improvement measures in the process of establishing the Korean V2X security certification system. First, connection scheme of ERA (Enrollment certificate RA) between SCMS and Vehicle Manager Information System (VIMS) will be proposed. Second part is the problem of certificate revocation and proposal of improvements.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.743-745
• /
• 2010

기 구축된 Public Key Infrastructure(이하 PKI) 에서 발급된 디지털인증서를 외부 네트워크와 단절된 인트라넷 환경에서 사용하기 외부 네트워크에 지정된 인증서 검증 서버에 접속할 수가 없기 때문에 인증서 유효성 검증의 문제를 발생시켜 사용이 불가능하다. 이러한 문제점을 해결하기 위해 인트라넷 환경을 위한 인증서유효목록 검증 시스템을 제안한다. 인증서유효목록 검증 시스템은 기존의 PKI 에서 인증서 검증을 위해서 사용하는 Certificate Revocation List (이하 CRL)를 대체하는 Certificate Valid List (이하 CVL)를 사용하여 외부 네트워크와 접속이 단절된 인트라넷 환경에서도 기 구축된 PKI 에서 발급된 디지털 인증서의 유효성을 검증할 수 있다. 인증서유효목록 검증 시스템은 CVL 의 생성을 위한 Certificate Valid List Manager (이하 CVLM)와 주기적인 CVL 발급 및 게시를 위한 Certificate Valid List Issuer (이하 CVLI), 응용서비스에서 사용하는 User Agent (이하 UA) 를 포함한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1165-1168
• /
• 2010

본 논문에서는 Bethencourt등의 CP-ABE에서 효율적인 속성값 철회 기법에 대해 알아본다. 기존에 제안된 속성값 철회 기법은 대부분 KP-ABE에 대한 것이며, CP-ABE에서 속성값 철회는 철회를 위한 메시지 크기가 철회자에 비례해 커지고 NOT연산을 필요로 한다는 측면에서 효율적이지 못하다. 이에 대해 Bethencourt등의 CP-ABE와 기존의 속성값 철회 기법에 대해 알아본 후 Bethencourt등의 CP-ABE에서 효율적인 속성값 철회 기법에 대해 제시하고자 한다.

• Journal of Arbitration Studies
• /
• v.27 no.1
• /
• pp.59-84
• /
• 2017

The effects of an arbitration agreement depend on the legislative policy of the nation where arbitral awards are made and where awards are worked out in the private procedures. According to the main body of Article 35 of the Korean Arbitration Act, arbitral awards have the same effects on the parties as the final and conclusive judgment of the court. This is only possible if the awards are formed by satisfying all the legal requirements, have gone into effect, and have become final and conclusive. It is for the legal stability and the effectiveness of the settlement of disputes that the Act grants arbitral awards. While investigating the effects of an arbitral award, the character of the arbitration in which the party's autonomy applies should be considered, along with the substance of the disputes which parties intend to resolve by an arbitration agreement. The proviso of Article 35, which was added in the 2016 Act, says that the main body of the Article shall not apply if recognition or enforcement of arbitral awards is refused under Article 38. Two stances have been proposed in interpreting the proviso. One of them is that there are grounds for refusing the recognition and enforcement of the awards. The other one is that the ruling of the dismissal of a request for enforcement has been final and conclusive. According to the former, it is really unexplained as to its relations with the action for setting aside arbitral awards to court and the distinction between nullity and revocation, and so on. Therefore, its meaning must be comprehended on the basis of the latter so that the current Act system with revocation litigation could be kept. The procedures of setting aside, recognizing, and enforcing arbitral awards are independent of one another under the Act. It is apprehended that the duplicate regulations may lead to the concurrence or contradiction of a court's judgment and ruling. Thus, we need to take proper measures against the negative sides by interfacing and conciliating these proceedings.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.161-170
• /
• 2005

The Certificate Revocation List(CRL) or the Online Certificate Status Protocol(OCSP)has been used to validate certificates. However, the CRL cannot validate certificates in realtime because of the Time-Gap problem and the OCSP server overloads in a large scale secure system. In addition, the client cannot access a wired LAN until the client has been authenticated by the authentication server on the IEEE 802. 1x framework. Therefore, the client cannot validate the authentication server's certificate using a certificate validation server. Thus, the client cannot authenticate the authentication server in realtime. To solve these problems this paper designed a secure system that can protect the content of communications and authenticate users in realtime on a wireless LAN The designed certificate validation protocol was proved that the stability and efficiency of the system was very high, the result of the validation had the presence, the speed of the validation was not affected by the system scale, the number of authorities user must trust was reduced to one, and the overload of the validation server was Protected. And the designed user authentication and key exchange protocols were Proved that the mutual authentication was possible in realtime and the fact of the authentication could be authorized by the CA because of using the authorized certificates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1203-1209
• /
• 2004

A huge growth the wireless internet services, which are based on the wireless mobile network technology and internet technology, poses demand for the end-to-end secure connections. Restrictions of wireless mobile environment and mobile devices make difficult to adapt present secure protocols to wireless internet services. In this paper, we analyze existing certificate status verification methods in WPKI and propose a new method, adding a observer information in handshake protocol. The method with observer makes it more efficient for relying parties to verify both the current status of the X.509 certificate and the short-lived WTLS server certificate.