A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

Younggyo Lee; Injung Kim; Seungjoo Kim; Dongho Won

doi:10.1007/11533733_15

A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

Younggyo Lee, Injung Kim, Seungjoo Kim, Dongho Won

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

Original language	English
Title of host publication	Public Key Infrastructure - Second European PKI Workshop
Subtitle of host publication	Research and Applications, EuroPKI 2005, Revised Selected Papers
Publisher	Springer Verlag
Pages	215-226
Number of pages	12
ISBN (Print)	3540280626, 9783540280620
DOIs	https://doi.org/10.1007/11533733_15
Publication status	Published - 2005
Externally published	Yes
Event	2nd European PKI Workshop: Research and Applications, EuroPKI 2005 - Canterbury, United Kingdom Duration: 2005 Jun 30 → 2005 Jul 1

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3545 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	2nd European PKI Workshop: Research and Applications, EuroPKI 2005
Country/Territory	United Kingdom
City	Canterbury
Period	05/6/30 → 05/7/1

Keywords

D-OCSP
D-OCSP-KIS
Hash function
OCSP Responder

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11533733_15

Cite this

Lee, Y., Kim, I., Kim, S., & Won, D. (2005). A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. In Public Key Infrastructure - Second European PKI Workshop: Research and Applications, EuroPKI 2005, Revised Selected Papers (pp. 215-226). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3545 LNCS). Springer Verlag. https://doi.org/10.1007/11533733_15

A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. / Lee, Younggyo; Kim, Injung; Kim, Seungjoo et al.

Public Key Infrastructure - Second European PKI Workshop: Research and Applications, EuroPKI 2005, Revised Selected Papers. Springer Verlag, 2005. p. 215-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3545 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, Y, Kim, I, Kim, S & Won, D 2005, A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. in Public Key Infrastructure - Second European PKI Workshop: Research and Applications, EuroPKI 2005, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3545 LNCS, Springer Verlag, pp. 215-226, 2nd European PKI Workshop: Research and Applications, EuroPKI 2005, Canterbury, United Kingdom, 05/6/30. https://doi.org/10.1007/11533733_15

Lee Y, Kim I, Kim S, Won D. A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. In Public Key Infrastructure - Second European PKI Workshop: Research and Applications, EuroPKI 2005, Revised Selected Papers. Springer Verlag. 2005. p. 215-226. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11533733_15

Lee, Younggyo ; Kim, Injung ; Kim, Seungjoo et al. / A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. Public Key Infrastructure - Second European PKI Workshop: Research and Applications, EuroPKI 2005, Revised Selected Papers. Springer Verlag, 2005. pp. 215-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{60869fa6b5234661819e4a56b4a07cfb,

title = "A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS",

abstract = "D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.",

keywords = "D-OCSP, D-OCSP-KIS, Hash function, OCSP Responder",

author = "Younggyo Lee and Injung Kim and Seungjoo Kim and Dongho Won",

year = "2005",

doi = "10.1007/11533733_15",

language = "English",

isbn = "3540280626",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "215--226",

booktitle = "Public Key Infrastructure - Second European PKI Workshop",

note = "2nd European PKI Workshop: Research and Applications, EuroPKI 2005 ; Conference date: 30-06-2005 Through 01-07-2005",

}

TY - GEN

T1 - A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

AU - Lee, Younggyo

AU - Kim, Injung

AU - Kim, Seungjoo

AU - Won, Dongho

PY - 2005

Y1 - 2005

N2 - D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

AB - D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

KW - D-OCSP

KW - D-OCSP-KIS

KW - Hash function

KW - OCSP Responder

UR - http://www.scopus.com/inward/record.url?scp=33646020086&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646020086&partnerID=8YFLogxK

U2 - 10.1007/11533733_15

DO - 10.1007/11533733_15

M3 - Conference contribution

AN - SCOPUS:33646020086

SN - 3540280626

SN - 9783540280620

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 215

EP - 226

BT - Public Key Infrastructure - Second European PKI Workshop

PB - Springer Verlag

T2 - 2nd European PKI Workshop: Research and Applications, EuroPKI 2005

Y2 - 30 June 2005 through 1 July 2005

ER -

A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this