A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

Younggyo Lee, Injung Kim, Seung-Joo Kim, Dongho Won

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages215-226
Number of pages12
Volume3545 LNCS
Publication statusPublished - 2005 Dec 1
Externally publishedYes
Event2nd European PKI Workshop: Research and Applications, EuroPKI 2005 - Canterbury, United Kingdom
Duration: 2005 Jun 302005 Jul 1

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3545 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other2nd European PKI Workshop: Research and Applications, EuroPKI 2005
CountryUnited Kingdom
CityCanterbury
Period05/6/3005/7/1

Fingerprint

Certificate
Hash Chain
Electronic commerce
Communication Cost
Clay
Servers
Electronic Commerce
Immediately
Server
Damage
Communication
Costs and Cost Analysis
Costs
clay

Keywords

  • D-OCSP
  • D-OCSP-KIS
  • Hash function
  • OCSP Responder

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Lee, Y., Kim, I., Kim, S-J., & Won, D. (2005). A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3545 LNCS, pp. 215-226). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3545 LNCS).

A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. / Lee, Younggyo; Kim, Injung; Kim, Seung-Joo; Won, Dongho.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3545 LNCS 2005. p. 215-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3545 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, Y, Kim, I, Kim, S-J & Won, D 2005, A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 3545 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3545 LNCS, pp. 215-226, 2nd European PKI Workshop: Research and Applications, EuroPKI 2005, Canterbury, United Kingdom, 05/6/30.
Lee Y, Kim I, Kim S-J, Won D. A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3545 LNCS. 2005. p. 215-226. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Lee, Younggyo ; Kim, Injung ; Kim, Seung-Joo ; Won, Dongho. / A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3545 LNCS 2005. pp. 215-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{60869fa6b5234661819e4a56b4a07cfb,
title = "A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS",
abstract = "D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.",
keywords = "D-OCSP, D-OCSP-KIS, Hash function, OCSP Responder",
author = "Younggyo Lee and Injung Kim and Seung-Joo Kim and Dongho Won",
year = "2005",
month = "12",
day = "1",
language = "English",
isbn = "3540280626",
volume = "3545 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "215--226",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - A method for detecting the exposure of OCSP responder's session private key in D-OCSP-KIS

AU - Lee, Younggyo

AU - Kim, Injung

AU - Kim, Seung-Joo

AU - Won, Dongho

PY - 2005/12/1

Y1 - 2005/12/1

N2 - D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

AB - D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder's certificate but also offers the certificate status validation about, OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one clay), she cannot derive any other OCSP Responder's private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder's session private kory and the load for computation of X-chain in CA is distributed to each OCSP Responder.

KW - D-OCSP

KW - D-OCSP-KIS

KW - Hash function

KW - OCSP Responder

UR - http://www.scopus.com/inward/record.url?scp=33646020086&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646020086&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33646020086

SN - 3540280626

SN - 9783540280620

VL - 3545 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 215

EP - 226

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -