A framework for distributed ocsp without responders certificate
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

A Framework for Distributed OCSP without Responders Certificate PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

A Framework for Distributed OCSP without Responders Certificate. Young-Ho Park ([email protected]) Kyung-Hyune Rhee ([email protected]) Pukyong National University WISA 2004. Public Key Certificate. Public Key Infrastructure(PKI)

Download Presentation

A Framework for Distributed OCSP without Responders Certificate

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


A framework for distributed ocsp without responders certificate

A Framework for Distributed OCSPwithout Responders Certificate

Young-Ho Park ([email protected])

Kyung-Hyune Rhee ([email protected])

Pukyong National University

WISA 2004


Public key certificate

Public Key Certificate

  • Public Key Infrastructure(PKI)

    • The main architecture for security services over the Internet

  • Public Key Certificate

    • Bind a public key to the owner’s identity information

    • Digitally signed and certified by a trusted certificate authority(CA)

  • Certificates Revocation

    • Compromising of the key or abuse of the owner

    • Certificates Revocation List (CRL)

    • Online Certificate Status Protocol (OCSP)

Lab. of Information security & Internet Applications, PKNU


Online certificate status protocol

Response

Good, Revoked or Unknown

Validity Interval

. . . . .

Signature

Request

Responder

CA

X.500directory

Online Certificate Status Protocol

  • To check the validity of a certificate at the time of a given transaction

    • OCSP responder provides a digitally signed response

    • Client can retrieve timely certificate status with a moderated resource usage

  • Single Responder

    • Most workloads converge intothe responder

    • Digital signature is a computationconsuming operation

    • Denial of service

Lab. of Information security & Internet Applications, PKNU


Distributed ocsp

Distributed OCSP

  • Composed of multiple OCSP responders

    • Sharing and balancing the workload of OCSP response

    • Client can choose one responder

  • Certificate of responder is required to verify the signature in response of both OCSP and D-OCSP

  • In D-OCSP

    • Using the same private signing key for every responder

      • Easy key management but high risk for key exposure

    • Using different private key

      • Increasing the complexity of key management

Lab. of Information security & Internet Applications, PKNU


Kis d ocsp 1

KIS-D-OCSP (1)

  • [S. Koga and K. Sakurai, PKC 2004]

  • One solution for efficient certificate management of multiple responders

    • Key insulated signature(KIS) scheme and hash chain

    • Different private key for every responders but the same public key for signature verification

      • Only one certificate is required for multiple responders

      • Private key exposure of one responder does not effect other responders

    • Hash chain is used for checking the validity of a responder at the given time period

Lab. of Information security & Internet Applications, PKNU


Kis d ocsp 2

KIS-D-OCSP (2)

  • Key Generation

    • CA distributes private keys for every responders

CA

R1

Private keyfor signature

KeyGenerator

R2

. . . .

Master Key

Rn

Public Key

Secure channel

Lab. of Information security & Internet Applications, PKNU


Kis d ocsp 3

KIS-D-OCSP (3)

  • Hash chain

    • For total time periods and responders

    • CA provides at time period to responder

    • Validity checks at for responder

      • Checking if is true

    • Responder Certificate:

CA keeps securely

SN : serial number

I, J : Issuer and Subject

V : Valid time period

Lab. of Information security & Internet Applications, PKNU


Kis d ocsp 4

Generates and distributes private keys for every responders

Provides hash values for the current time period

  • - Verifying CA signature and checking expiration of the certificate

  • Checking hash chain

  • - Verifying signature in response

Responder Certificate

Requests for service to one responder

Response,KIS-Signature,

KIS-D-OCSP (4)

  • System

CA

. . . .

R1

Rn

Lab. of Information security & Internet Applications, PKNU


Ibs d ocsp 1

OCSP responders certificates for certificate management?

IBS-D-OCSP (1)

  • Applying identity-based signature(IBS) scheme

  • Motivations

    • It is possible to generate different private keys from the same master key with different identifier strings

    • Identifier itself can be used function for public key

      • Removing the overhead of certificate management for responders

      • KIS-D-OCSP requires at least one certificate

    • Date information can be encoded into keying material

      • Date is common knowledge

      • Hash chain is not required to check the validity for the given time period

Lab. of Information security & Internet Applications, PKNU


Ibs d ocsp 2

IBS-D-OCSP (2)

  • Implementing Issues

    • Identity-based Signature Scheme [J. Cha and J. Cheon, PKC2003]

    • Bilinear Pairing

      • Weil and Tate pairing on elliptic curve

    • Identifiers of responders

      • Certificate contains OCSP_URI

      • Certified by the CA

      • Ex.) Keying ID = “CA || Responder_URI || 20040818”

      • ID itself is public key for IBS verification

Lab. of Information security & Internet Applications, PKNU


Ibs d ocsp 3

IBS-D-OCSP (3)

  • Key Generation

    • CA generates private keys for responders’ identifiers

CA

Date info.

R1

KeyGenerator

. . . .

Master Key

identifier1

Rn

Secure channel

Lab. of Information security & Internet Applications, PKNU


Ibs d ocsp 4

  • - Calculating public key with responder identifier and date info.

  • Verifying signature in response

Distributes private keys for given time period

Requests for service to one of responders

Response,IBS-Signature

IBS-D-OCSP (4)

  • System

CA

. . . .

R1

Rn

Lab. of Information security & Internet Applications, PKNU


Security

Security

  • Security of a signature is relying on the underlying IBS

  • Assuming that CA is a trusted authority

    • Master key is not disclosed

  • Difficult to compute private key from identifier without knowing the master key

    • DLP(Discrete Logarithm Problem)

  • Date information is encoded in keying material

    • Keys are only valid for the given time period

Lab. of Information security & Internet Applications, PKNU


Efficiency

  • Master public key size is proportional tothe number of responders

  • Master public key size is constant tothe number of responders

  • At least one certificate for responders

  • No certificate for responders

  • CA stores hash values securely

  • CA stores no hash values

  • Return : {response, signature, hash}

  • Return : {response, signature}

  • 2 signature verifications + ( t-I ) hashing

  • 1 signature verification

  • Hash chains to check timely validity

  • Encoding date info. into keying material

  • Update hash values every time period

  • Refresh private keys every time period

Efficiency

KIS-D-OCSP

IBS-D-OCSP

  • Compare KIS-D-OCSP & IBS-D-OCSP

Lab. of Information security & Internet Applications, PKNU


Conclusion

Conclusion

  • Public key certificate is essential for secure Internet

    • Certificate validity checking is required

    • OCSP is one solution

  • Proposed an efficient D-OCSP framework

    • IBS-D-OCSP

    • Remove responders certificate

      • Don’t require additional certificate management

    • Any other efficient IBS schemes can be applied to the system

Lab. of Information security & Internet Applications, PKNU


  • Login