Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.25

A Study on Timeliness Advance Increment of Certificate Verification Using an Observer  

권오인 (광운대학교)
김진철 (한국전력 KD)
오영환 (광운대학교)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.4, 2004 , pp. 25-37 More about this Journal
Abstract
A certificate is expected to use for its entire validity period. However, a false information record of user and compromise of private key may cause a certificate to become invalid prior to the expiration of the validity period. The CA needs to revoke the certificate. The CA periodically updates a signed data structure called a certificate revocation list(CRL) at directory server. but as CA updates a new CRL at directory server. the user can use a revoked certificate. Not only does this paper analyzes a structure of CRL and a characteristic of certificate status conviction, OCSP method but also it proposes a new certificate status verification method adding an observer information in handshake process between user and server.
Keywords
OCSP; CRL; Observer; verify both the current status of X.509 certificate and the short-lived server certificate;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. A. Cooper. 'A Model of Certificate Revocation.'Proceedings of the' 15th Annual Computer Security Applications Conference. pp.1-6. 1999
2 이만영, 김지홍, 류재철, 송유진, 염흥열, 이임영. '전자 상거래 보안 기술' 생능 출판사. 1999
3 S. Berkovits. J. C. Herzog. 'A Comparison of Certificate Validation Methods for Use In a Web Environment.' MITRE Technical Report
4 Jose. L. Munoz Jordi Fome Juan C. Castro. 'Evaluation of Certificate Revocation Policies : OCSP Vs Overissued- CRL.' IEEE, pp.1-5, 2002
5 A. Ames. S. J. Knapskog. 'Selecting Revocation Solutions for PKI,' NORSEC 2000. pp.1-7. 2000
6 P. McDaniel. S. Jamin. 'Windowed Certificate Revocation,' IEEE INFOCOM, pp.I-4, 2000
7 김명희 전문석, '공개키 기반구조의 인증서 상태확인 기법' SK Telecom Telecommunications Review, 제 12권 1호 pp.1-8, 2002
8 이만영, 원동호, 이민섭, 송주석, 임종인, 박춘식,'현대 암호학 및 응용' 생능 출판사, pp. 368-36
9 R. Housley. W. Ford. T. Polk. D.solo. 'Internet X.509 Public Key Infrastructure Certificate and CRL Profile'. RFC 2459. pp .1-64. 1999
10 Naor. K. Nissim. 'Certificate Revocation and Certificate Update.' Proceedings of the 7th USENIX Security Symposium. pp.1-3. 1998. November, pp.12-21 1998. 2002
11 M. Myers, R. Ankney, and C. Adams. 'Online Certificate Status Protocol Version 2.'pp.I-6. 2000. IETF Internet Draft Draft-ietf-pkixocspv2 -00. txt
12 William. Stallings,'Cryptography and Network Security' Principles and Practice. Prentice Hall. pp.444-460
13 D. A. Cooper. "A More Efficient Use of Delta-CRLs. In Proceedings of the 2000 IEEE Symposium on ecurity and Privacy. pp.1-10. 2000