• Title/Summary/Keyword: public certificate

Search Result 336, Processing Time 0.023 seconds

A Certificate Revocation List Distribution Scheme over the eMBMS for Vehicular Networks

  • Kim, Hyun-Gon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.10
    • /
    • pp.77-83
    • /
    • 2016
  • To verify the trustworthiness of messages, public key certificates and certificate revocation list(CRL) has been standardized for vehicular networks. However, timely distribution of large CRLs to vehicles should be more elaborated with low bandwidth utilization from a practical point of view. To address this concern, we propose a CRL distribution scheme using long term evolution(LTE) point-to-multicast transmission, namely the enhanced multimedia broadcast multicast service(eMBMS). The schem is much more resource efficient than the existing unicast CRL distribution schemes for vehicular networks and it allows realizing the regional CRL distribution schemes efficiently in LTE network. By means of ns-3 simulation, we analyze the performance, latency, and execution time of the scheme in terms of varying coverage of the multimedia broadcast multicast service over single frequency network (MBFSN).

Applying PKI for Internet Voting System

  • Kim, Jinho;Kim, Kwangjo;Lee, Byoungcheon
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.318-321
    • /
    • 2001
  • We have designed an Internet voting system applicable for worldwide voting which is based on Ohkubo et. al,'s scheme[9] combined with Public Key Infrastructure (PKI). To the best of our knowledge, this is the first trial to serve secure Internet voting system to the world. In our system, voter's privacy is guaranteed by using blind signature and mix-net, and robustness is provided through the threshold encryption scheme. By employing Java technology, we propose a way of typical implementation for internet voting system. Furthermore, PKI permits worldwide key distribution and achieve “one certificate/one vote” policy. Therefore, anyone can participate in the voting if he gets a certificate from Certificate Authority (CA). By the joint work between Korean and Japanese teams, the implementation aims to select MVPs in 2002 FIFA World Cup Korea-Japan$\^$TM/ in easy and friendly manner for any Internet user to participate and enjoy Internet voting.

  • PDF

Efficient Protocol for Authentication and Certificate Status Management in PAN (PAN에서 인증 및 인증서 상태 관리를 위한 효율적인 프로토콜)

  • Jang, Hwa-Sik;Rhee, Kyung-Hyune
    • Journal of Korea Multimedia Society
    • /
    • v.10 no.3
    • /
    • pp.373-380
    • /
    • 2007
  • In this paper we propose a new efficient authentication protocol that reduces overheads of computation for digital signature generation/verification on mobile devices in the Personal Area Network (PAN). In particular, we focus on eliminating the traditional public key operations on mobile devices without any assistance of a signature server. Moreover, the proposed protocol provides a simplified procedure for certificate status management to alleviate communication and computational costs on mobile devices in the PAN.

  • PDF

The Secure Key Store to prevent leakage accident of a Private Key and a Certificate (인증서와 개인키 유출 방지를 위한 보안키 저장소 Secure Key Store)

  • Park, Young-Jin;Kim, Seon-Jong;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.31-40
    • /
    • 2014
  • In Korea, the Public Key Infrastructure (PKI) has been introduced. For secure information transmission and identification, the electronic signature authorization system of a certificate-based is built, and then the service provide.The certificate is stored in location what users can easily access and copy. Thus, there is a risk that can be stolen by malware or web account hacking. In addition, private key passwords can be exposed by the logging tool, after keyboard security features are disabled. Each of these security weaknesses is a potential conduit for identity theft, property/asset theft, and theft of the actual certificates. The present study proposes a method to prevent the private key file access illegally. When a certificate is stored, the private key is encrypted by the dependent element of the device, and it is stored securely. If private key leakage occurs, the retrieved key could not be used on other devices.

Communication-Efficient Representations for Certificate Revocation in Wireless Sensor Network (WSN에서의 효율적 통신을 위한 인증서 폐지 목록 표현 기법)

  • Maeng, Young-Jae;Mohaisen, Abedelaziz;Lee, Kyung-Hee;Nyang, Dae-Hun
    • The KIPS Transactions:PartC
    • /
    • v.14C no.7
    • /
    • pp.553-558
    • /
    • 2007
  • In this paper, we introduce a set of structures and algorithms for communication efficient public key revocation in wireless sensor networks. Unlike the traditional networks, wireless sensor network is subjected to resources constraints. Thus, traditional public key revocation mechanisms such like the ordinary certificate revocation list is unsuitable to be used. This unsuitability is due to the huge size of required representation space for the different keys' identifiers and the revocation communication as the set of revoked keys grow. In this work, we introduce two communication-efficient schemes for the certificate revocation. In the first scheme, we utilize the complete subtree mechanism for the identifiers representation which is widely used in the broadcast encryption/user revocation. In the second scheme, we introduce a novel bit vector representation BVS which uses vector of relative identifiers occurrence representation. We introduce different revocation policies and present corresponding modifications of our scheme. Finally, we show how the encoding could reduce the communication overhead as well. Simulation results and comparisons are provided to show the value of our work.

Study on a Secure Authentication and Authorization Protocol based on Kerberos (커버로스 기반의 안전한 인증 및 허가 프로토콜 에 관한 연구)

  • 김은환;김명희;전문석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.5C
    • /
    • pp.737-749
    • /
    • 2004
  • Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

Certificate Issuing using Proxy Signature and Threshold Signature in Self-initialized Ad Hoc Network (자기 초기화하는 Ad Hoc 네트워크에서의 대리 서명과 임계 서명 기법을 이용한 인증서 발급 기법)

  • Kang, Jeon-Il;Choi, Young-Geun;Kim, Koon-Soon;Nyang, Dae-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.55-67
    • /
    • 2007
  • In ad hoc network, especially in the environment which the system authority only exists at the beginning of the network, it is very important problem how to issue the certificates in self-initialized public key scheme that a node generates its certificate with public and private key pair and is signed that by the system authority. In order to solve this problem, early works present some suggestions; remove the system authority itself and use certificate chain, or make nodes as system authorities for other nodes' certificates. In this paper, we suggest another solution, which can solve many problem still in those suggestions, using proxy signature and threshold signature, and prove its performance using simulation and analyse its security strength in many aspects.

The Integrated Identification Number Checking and Key Management Protocol with Certificates (인증서를 이용한 개인식별번호 확인 및 키분배 통합 프로토콜)

  • Kim Sung Duk;Jung Jae Dong;Won Dong Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.317-322
    • /
    • 2005
  • The existing certificate based authentication or identification just verifies whether the owner of private key corresponding to public key of certificate is the DN user set in the user field in the certificate or not, then we cannot find out who is the actual private key owner in a real world. To make up for this weak points, the method to insert the identification number like the resident registration number into the certificate extension field is applied as a technical standard to current domestic PKI system. In this paper, we propose the ECC based integrated identification, identification number checking and key management protocol providing user validation during the login.

Designing Reliable P2P Transmission Mechanism Against MITM Attack (MITM 공격에 안전한 P2P 신뢰전송 메커니즘의 설계)

  • Kim, Sang-Choon;Kwon, Hyeonk-Chan;Nah, Jae-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.103-109
    • /
    • 2008
  • Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

Authentication Model of PKI-based Security Gateway using Blockchain having Integrity (무결성이 보장된 블록체인 기술을 활용한 PKI 기반 보안 게이트웨이의 인증 모델)

  • Kim, Young Soo;Mun, Hyung-Jin
    • Journal of Digital Convergence
    • /
    • v.19 no.10
    • /
    • pp.287-293
    • /
    • 2021
  • Recently, public certificates issued by nationally-recognized certification bodies have been abolished, and internet companies have issued their own common certificates as certification authority. The Electronic Signature Act was amended in a way to assign responsibility to Internet companies. As the use of a joint certificate issued by Internet companies as a certification authority is allowed, it is expected that the fraud damage caused by the theft of public key certificates will increase. We propose an authentication model that can be used in a security gateway that combines PKI with a blockchain with integrity and security. and to evaluate its practicality, we evaluated the security of the authentication model using Sugeno's hierarchical fuzzy integral, an evaluation method that excludes human subjectivity and importance degree using Delphi method by expert group. The blockchain-based joint certificate is expected to be used as a base technology for services that prevent reckless issuance and misuse of public certificates, and secure security and convenience.