Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Framework for Distributed OCSP without Responders Certificate Young-Ho Park Kyung-Hyune Rhee Pukyong National.

Similar presentations


Presentation on theme: "A Framework for Distributed OCSP without Responders Certificate Young-Ho Park Kyung-Hyune Rhee Pukyong National."— Presentation transcript:

1 A Framework for Distributed OCSP without Responders Certificate Young-Ho Park (pyhoya@mail1.pknu.ac.kr) Kyung-Hyune Rhee (khrhee@pknu.ac.kr) Pukyong National University WISA 2004

2 Lab. of Information security & Internet Applications, PKNU2 Public Key Certificate Public Key Infrastructure(PKI) The main architecture for security services over the Internet Public Key Certificate Bind a public key to the owners identity information Digitally signed and certified by a trusted certificate authority(CA) Certificates Revocation Compromising of the key or abuse of the owner Certificates Revocation List (CRL) Online Certificate Status Protocol (OCSP)

3 Lab. of Information security & Internet Applications, PKNU3 Online Certificate Status Protocol To check the validity of a certificate at the time of a given transaction OCSP responder provides a digitally signed response Client can retrieve timely certificate status with a moderated resource usage Single Responder Most workloads converge into the responder Digital signature is a computation consuming operation Denial of service CA Responder X.500 directory Request Response Good, Revoked or Unknown Validity Interval..... Signature

4 Lab. of Information security & Internet Applications, PKNU4 Distributed OCSP Composed of multiple OCSP responders Sharing and balancing the workload of OCSP response Client can choose one responder Certificate of responder is required to verify the signature in response of both OCSP and D-OCSP In D-OCSP Using the same private signing key for every responder Easy key management but high risk for key exposure Using different private key Increasing the complexity of key management

5 Lab. of Information security & Internet Applications, PKNU5 KIS-D-OCSP (1) [S. Koga and K. Sakurai, PKC 2004] One solution for efficient certificate management of multiple responders Key insulated signature(KIS) scheme and hash chain Different private key for every responders but the same public key for signature verification Only one certificate is required for multiple responders Private key exposure of one responder does not effect other responders Hash chain is used for checking the validity of a responder at the given time period

6 Lab. of Information security & Internet Applications, PKNU6 KIS-D-OCSP (2) Key Generation CA distributes private keys for every responders CA Master Key.. R1R1 R2R2 RnRn Key Generator Private key for signature Public Key Secure channel

7 Lab. of Information security & Internet Applications, PKNU7 KIS-D-OCSP (3) Hash chain For total time periods and responders CA provides at time period to responder Validity checks at for responder Checking if is true Responder Certificate: SN : serial numberI, J : Issuer and SubjectV : Valid time period CA keeps securely

8 Lab. of Information security & Internet Applications, PKNU8 KIS-D-OCSP (4) System.. CA R1R1 RnRn Generates and distributes private keys for every responders Provides hash values for the current time period Requests for service to one responder Response, KIS-Signature, Responder Certificate - Verifying CA signature and checking expiration of the certificate - Checking hash chain - Verifying signature in response

9 Lab. of Information security & Internet Applications, PKNU9 Motivations It is possible to generate different private keys from the same master key with different identifier strings Identifier itself can be used function for public key Removing the overhead of certificate management for responders KIS-D-OCSP requires at least one certificate Date information can be encoded into keying material Date is common knowledge Hash chain is not required to check the validity for the given time period IBS-D-OCSP (1) Applying identity-based signature(IBS) scheme OCSP responders certificates for certificate management?

10 Lab. of Information security & Internet Applications, PKNU10 IBS-D-OCSP (2) Implementing Issues Identity-based Signature Scheme [J. Cha and J. Cheon, PKC2003] Bilinear Pairing Weil and Tate pairing on elliptic curve Identifiers of responders Certificate contains OCSP_URI Certified by the CA Ex.) Keying ID = CA || Responder_URI || 20040818 ID itself is public key for IBS verification

11 Lab. of Information security & Internet Applications, PKNU11 IBS-D-OCSP (3) Key Generation CA generates private keys for responders identifiers CA Master Key identifier 1.. Date info. R1R1 RnRn Key Generator Secure channel

12 Lab. of Information security & Internet Applications, PKNU12 IBS-D-OCSP (4) System.. CA R1R1 RnRn Distributes private keys for given time period Requests for service to one of responders Response, IBS-Signature - Calculating public key with responder identifier and date info. -Verifying signature in response

13 Lab. of Information security & Internet Applications, PKNU13 Security Security of a signature is relying on the underlying IBS Assuming that CA is a trusted authority Master key is not disclosed Difficult to compute private key from identifier without knowing the master key DLP(Discrete Logarithm Problem) Date information is encoded in keying material Keys are only valid for the given time period

14 Lab. of Information security & Internet Applications, PKNU14 Efficiency Compare KIS-D-OCSP & IBS-D-OCSP Master public key size is proportional to the number of responders Master public key size is constant to the number of responders At least one certificate for responders No certificate for responders CA stores hash values securely CA stores no hash values Return : {response, signature, hash} Return : {response, signature} 2 signature verifications + ( t-I ) hashing 1 signature verification Hash chains to check timely validity Encoding date info. into keying material Refresh private keys every time period Update hash values every time period KIS-D-OCSP IBS-D-OCSP

15 Lab. of Information security & Internet Applications, PKNU15 Conclusion Public key certificate is essential for secure Internet Certificate validity checking is required OCSP is one solution Proposed an efficient D-OCSP framework IBS-D-OCSP Remove responders certificate Dont require additional certificate management Any other efficient IBS schemes can be applied to the system


Download ppt "A Framework for Distributed OCSP without Responders Certificate Young-Ho Park Kyung-Hyune Rhee Pukyong National."

Similar presentations


Ads by Google