Efficient and Practical Appraoch to Check Certificate Revocation Status of the WLAN Authentication Server's Public Key

WLAN 인증서버의 인증서 폐지상태 확인 기술

  • 박동국 (순천대학교 정보통신공학부) ;
  • 조경룡 (순천대학교 정보통신공학부)
  • Published : 2005.08.01

Abstract

WLAN user authentication is mostly based on user password resulting in vulnerability to the notorious 'offline dictionary attack'. As a way around this problem. EAP-TTLS and PEAP protocols are increasing finding their way into WLANs, which are a sort of combination of password protocols and the TLS public-key protocol. This leads to the use of the public-key certificate of the WLAM authentication server, and naturally the concern arises about its revocation status. It seems, however, that any proper soulution has not been provided to address this concern. We propose a very efficent and proper solution to check the certificate revocation status.

WLAN 사용자 인증을 위한 EAP (Extensible Authentication Protocol) 프로토콜에 결합하여 쓰는 인증 메커니즘으로 최근에 공개키 기반의 EAP-TTLS(EAP-Tunneled TLS)나 PEAP(Protected EAP) 방식이 등장하였다. 이는 패스워드 추측 공격을 막을 수 있는 훌륭한 대안이지만, 상용화된 관련 솔루션 및 시스템에는 인증 서버의 인증서가 노출되었을 때를 대비한 인증서 갱신 처리 방법이 전혀 제공되고 있지 않은 실정이다. 본 논문에서는 이런 문제를 해결할 수 있는 매우 경제적인 메커니즘을 제안하였다.

Keywords

References

  1. L. Blunk and J. Vollbrecht, 'PPP Extensible Authentication Protocol (EAP),' IETF RFC 2284, March 1998
  2. The International Engineering Consortium, 'EAP Methods for 802.11 Wireless LAN Security', Web ProForum Tutorials, http://www.iec.org/online/ tutorials/eap_methods/to pic04.html
  3. W. Simpson, 'PPP Challenge Handshake authentication Protocol (CHAP)', IETF RFC 1994, Aug. 1996
  4. S. Bosworth and M.E. Kabay (editors), Computer Security Handbook, Wiley, 4th Ed., 2002
  5. B. Schneier, Applied Cryptography, 2nd Ed. Wiley, 1996, pp. 171-173
  6. T. Dierks and C. Allen, 'The TLS Protocol', IETF RFC 2246, 1999
  7. P. Funk and S. Blake-Wilson, 'EAP Tunneled TLS Authentication Protocol (EAP-TTLS)', IETF draft, July 2004
  8. A. Palekar, et al., 'Protected EAP Protocol (PEAP)', IETF draft, July 2004
  9. IETF Public-Key Infrastructure (X.509) charter: www.ietf.org/html.charters/pkix-ch arter.html