• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.147-154
• /
• 2006

The certificate status validation mechanism is a critical component of a public key infrastructure based on certificate system. The most generally mechanisms used these days are the use of the certificate revocation list and the real-time certificate status protocol. But the certificate revocation list can not give the real-time certificate status because the certificate is being delivered periodically, and the real-time certificate status protocol method will generate a concentrated load to the server because the protocol in the central server will be accessed whenever a certification is necessary. It will also take a long time to validate the certificate because each trade has to send mass information through the network. This paper will present that real-time validation is guaranteed as the real-time certificate status protocol method and the traffic congestion in the network Is reduced in a way that the certification would be requested using the user information hash value and would be validated using the user information kept in the certification authorities and the service providers. Based on the this study, we suggest a real-time certificate status validation mechanism which can reduce the certificate status validation time using the signed user information hash value. And we confirm speed of certificate status verification faster than existing CRL(Certificate Revocation List) and OCSP(Online Certificate Status Protocol) method by test.

• Journal of Internet Computing and Services
• /
• v.5 no.2
• /
• pp.33-40
• /
• 2004

PKI(Public Key Infrastructure) issues a certificate for providing Integrity of public key. and it Inspects the validity by downloading CRL(Certificate Revocation List) for checking the validity of certificate. But. it imposes a burden on processing of certificate due to Increase of user and the size of CRL, Lately, OCSP(Online Certificate Status Protocol), which examines the validity on online, is published as an alternative plan. But, it makes a problem due to concentration of just one certificate repository, Accordingly we propose the scheme that OCSP server is arranged in distributed area and then the information is safely transmitted to OCSP server.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.5
• /
• pp.958-964
• /
• 2005

WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.25-37
• /
• 2004

A certificate is expected to use for its entire validity period. However, a false information record of user and compromise of private key may cause a certificate to become invalid prior to the expiration of the validity period. The CA needs to revoke the certificate. The CA periodically updates a signed data structure called a certificate revocation list(CRL) at directory server. but as CA updates a new CRL at directory server. the user can use a revoked certificate. Not only does this paper analyzes a structure of CRL and a characteristic of certificate status conviction, OCSP method but also it proposes a new certificate status verification method adding an observer information in handshake process between user and server.

• Journal of Korea Multimedia Society
• /
• v.14 no.12
• /
• pp.1583-1590
• /
• 2011

A Certificate Revocation List(CRL) should be distributed quickly to all the vehicles for vehicular communications to protect them from malicious users and malfunctioning equipment as well as to increase the overall security and safety of vehicular networks. Thus, a major challenge in vehicular networks is how to efficiently distribute CRLs. This paper proposes a Multimedia Object Transfer(MOT) protocol based on CRL distribution scheme over T-DMB infrastructure. To complete the proposed scheme, a handoff method, CRL encoding rules based on the MOT protocol, and relative comparison are presented. The scheme can broaden breadth of network coverage and can get real-time delivery with enhanced transmission reliability. Even if road side units are sparsely deployed or, even not deployed, vehicles can obtain recent CRLs from T-DMB infrastructure effectively.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.550-552
• /
• 2002

인증서기반의 인터넷뱅킹과 온라인증권거래에서, 금융거래 서비스 제공자는 많은 사용자의 인증서상태 검증이 요구된다. 금융거래 서비스는 사용자 인증서상태를 실시간의 검증이 보장되어야 한다. 인증서 상태 검증을 위해 기존의 CRL(Certificate Revocation List), Delta CRL, Freshest CRL과 실시간 인증서상태 검증을 위하여 OCSP(Online Certificate Status Protocol)의 표준이 제안된 바 있다. 실시간성과 검증속도는 상호 대비되기 때문에 응용프로그램의 특성을 고려하여 인증서상태 검증방법을 채택한다. 본 논문에서는 CRL의 갱신되기 이전의 폐지에 대하여 실시간으로 전송하는 시스템을 설계한다. 제안하는 인증서폐지 전송서버는 서명자의 검증자 리스트를 관리하여 금융거래 사용자가 CA에 폐지를 요청하면 사용자가 이용하는 금융거래 서비스 제공자들에게 실시간으로 폐지를 고지한다. 본 논문은 CRL 생성이후 갱신까지의 인증서 폐지정보를 검증자에게 전송하여 인증서의 실시간 상태정보를 유지하면서 OCSP보다는 검증속도를 향상시켜 금융거래 환경에서 향상된 효율성을 제공한다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.13-20
• /
• 2023

In connected vehicles, drivers are exposed to attacks when they communicate with unauthenticated peers. This occurs when a vehicle relies on outdated information resulting in interactions with vehicles that have expired or revoked certificates claiming to be legitimate nodes. Vehicles must frequently receive or query an updated revoked certificate list to avoid communicating with suspicious vehicles to protect themselves. In this paper, we propose a scheme that works on a highway divided into clusters and managed by roadside units (RSUs) to ensure authenticity and preserve hidden identities of vehicles. The proposed scheme includes four main components each of which plays a major role. In the top hierarchy, we have the authority that is responsible for issuing long-term certificates and managing and controlling all descending intermediate authorities, which cover specific regions (e.g., RSUs) and provide vehicles with short-term pseudonyms certificates to hide their identity and avoid traceability. Every certificate-related operation is recorded in a blockchain storage to ensure integrity and transparency. To regulate communication among nodes, security managers were introduced to enable authorization and access right during communications. Together, these components provide vehicles with an immediately revoked certificate list through RSUs, which are provided with publish/subscribe brokers that enable a controlled messaging infrastructure. We validate our work in a simulated smart highway environment comprising interconnected RSUs to demonstrate our technique's effectiveness.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.7C
• /
• pp.584-591
• /
• 2012

Distributing a Certificate Revocation List (CRL) quickly to all vehicles in the system requires a very large number of road side units (RSUs) to be deployed. In reality, initial deployment stage of vehicle networks would be characterized by limited infrastructure as a result in very limited vehicle to infrastructure communication. However, every vehicle wants the most recent CRLs to protect itself from malicious users and malfunctioning equipments, as well as to increase the overall security of the vehicle networks. To address this challenge, we design and implement a nomadic device based CRL acquisition method using nomadic device's communication capability with cellular networks. When a vehicle could not directly communicate with nearby RSUs, the nomadic device acts as a security mediator to perform vehicle's security functions continuously through cellular networks. Therefore, even if RSUs are not deployed or sparsely deployed, vehicle's security threats could be minimized by receiving the most recent CRLs in a reasonable time.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.342-347
• /
• 2004

An ID certificate is digitally signed by a certificate authority for authentication and an attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. The dependencies between them should be maintained. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods. And we proposed a binding mechanism using one-time attribute certificates in order to solve their problems.

• The Journal of Information Technology
• /
• v.5 no.4
• /
• pp.81-88
• /
• 2002

An ID certificate is digitally signed by a certificate authority for authentication and a attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods and we proposed the new mechanism in order to solve their problems.