Abstract
ABSTRACT A Public Key Infrastructure (PKI) is security standards to mana ge and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functi onality on insecure channel, such as E-banking and E-commerce o n Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption.In this paper, we proposed a new method that detects private ke y compromise and is probabilistically secure against a brute-force password attack though soft-token private key is le aked. The main idea of the proposed method is to use a genuine signature key pair and () fake signature key pairs to make an attacker difficult to generate a valid signature with probability even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function o f the existing PKI and SSL/TLS.Keywords: Public Key Infrastructure, key compromise detection, certificate revocation, revocation notification 접수일(2014년 6월 3일), 수정일(2014년 9월 11일), 게재확정일(2014년 9월 25일)* 이 논문은 2014년도 정부(미래창조과학부)의 재원으로 한국연구재단-차세대정보・컴퓨팅기술개발사업의 지원을 받 아 수행된 연구임(No. 2010-0020726)†주저자, rudrnrwlska@naver.com‡교신저자, donghlee@korea.ac.kr(Corresponding author)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have