Problems of certificate status validation methods using hash chain and their countermeasure (해쉬체인을 이용한 인증서 상태 검증 방법들의 문제점과 해결 방법)

Hyun-Joong Kang (강현중); 안정희

Problems of certificate status validation methods using hash chain and their countermeasure

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2008, 13(1), pp.161-168
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Hyun-Joong Kang ¹, 안정희 ²

¹서일대학
²두원공과대학

Accredited

ABSTRACT

As the authentication and the integrity methods based on the hash chain are popular, several certificate status validation methods based on the same function are proposed at the moment. In NOVOMODO, a CA generates and releases the hash value to each user. In Jianying Zhou’s framework and Jong-Phil Yang’s framework, a user generates and releases the hash value to verifier. Therefore, the CA loads are distributed to each user. However, these frameworks are based on the assumption that the CA’s secret key is not lost or compromised and the certificates issued by the CA are error-free. Therefore, these frameworks are not suitable in real PKI environments. In this paper, as one hash value generated by CA is included in the user’s certificate in addition, the certificate revocation published by CA using that value can be managed. The hash value included in user’s certificate is the same for all users. The computation costs, the storage amounts and the release costs are small in the CA. And we modify the procedure for the signature and its validation in Jong-Phil Yang’s framework. Our solution is more suitable than those frameworks in real PKI environments.

KEYWORDS

PKI, 해쉬체인(Hash Chain), 인증서 상태 검증(Certificate Status Validation)

Citation status

* References for papers published after 2023 are currently being built.

[book] A. Malpani / 2002 / Simple Certificate Validation Protocol(SCVP) / IETFInternetDraft

[book] C. Adams / 2001 / Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols / IETFRFC3029

[book] Jianying Zhou / 2003 / An Efficient Public-Key Framework / ICICS 2003, LNCS 2836 : 88~99

[confproc] Jong-Phil Yang / 2004 / Practial Modification of An Efficient Public-Key Framework / 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service

[book] Jose L. Munoz / 2003 / A Certificate Status Checking Protocol for the Authenticated Dictionary / MMM-ACNS 2003, LNCS2776 : 255~266

[book] M. Myers / 1999 / X.509InternetPublicKeyInfrastructureOnlineCertificateStatusProtocol–OCSP / IETFRFC2560

[book] NIST FIPS (Federal Information Processing Standards Publication) 186-1 / 1998 / Digital Signature Standard

[book] Paul. Kocher / 1999 / Quick Introduction to Certificate Revocation Tree (CRTs) / Technical Report

[book] R. Housley / 1999 / Internet X.509 Public Key Infrastructure Certificate and CRL Profile / IETF RFC 2458

[book] R. Housley / 2002 / Internet X.509 Public Key Infrastructure Certificate and CRL Profile / IETF RFC 3280

[confproc] Silvio Micali / 2002 / NOVOMODO ; Scable Certificate Validation and Simplified PKI Management / 1st Annual PKI Research Workshop Preproceedings : 15~25

[confproc] Younggyo Lee / 2005 / A Method for Detecting the Exposure of an OCSP Responder’s Session Private Key in D-OCSP-KIS / Euro PKI 2005, LNCS 3545 : 215~226

[journal] YounggyoLee / 2005 / A Method for Detecting the Exposure of an OCSP Responder’s Private Key using One-Time Hash Value / IJCSNS International Journal of Computer Science and Network Security 5(8) : 179~186

[book] Younggyo Lee / 2006 / A PKI System for Detecting the Exposure of a User’s Secret Key / Euro PKI 2006, LNCS 4043 : 248~250

[journal] 이호 / 2006 / A Study on CRL Distributing Method based on Group Key Agreement in D-OCSP / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 11(1) : 35~44

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65