A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

Younggyo Lee, Injung Kim, Seungjoo Kim, Dongho Won

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

Original languageEnglish
Title of host publicationPublic Key Infrastructure - Second European PKI Workshop
Subtitle of host publicationResearch and Applications, EuroPKI 2005, Revised Selected Papers
PublisherSpringer Verlag
Pages215-226
Number of pages12
ISBN (Print)3540280626, 9783540280620
DOIs
Publication statusPublished - 2005
Externally publishedYes
Event2nd European PKI Workshop: Research and Applications, EuroPKI 2005 - Canterbury, United Kingdom
Duration: 2005 Jun 302005 Jul 1

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3545 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd European PKI Workshop: Research and Applications, EuroPKI 2005
CountryUnited Kingdom
CityCanterbury
Period05/6/3005/7/1

Keywords

  • D-OCSP
  • D-OCSP-KIS
  • Hash function
  • OCSP Responder

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS'. Together they form a unique fingerprint.

Cite this