• Journal of the Korea Society of Computer and Information
• /
• v.21 no.10
• /
• pp.77-83
• /
• 2016

To verify the trustworthiness of messages, public key certificates and certificate revocation list(CRL) has been standardized for vehicular networks. However, timely distribution of large CRLs to vehicles should be more elaborated with low bandwidth utilization from a practical point of view. To address this concern, we propose a CRL distribution scheme using long term evolution(LTE) point-to-multicast transmission, namely the enhanced multimedia broadcast multicast service(eMBMS). The schem is much more resource efficient than the existing unicast CRL distribution schemes for vehicular networks and it allows realizing the regional CRL distribution schemes efficiently in LTE network. By means of ns-3 simulation, we analyze the performance, latency, and execution time of the scheme in terms of varying coverage of the multimedia broadcast multicast service over single frequency network (MBFSN).

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.12
• /
• pp.109-116
• /
• 2017

Short-lived pseudonym certificates as vehicle identities could satisfy both security and privacy requirements. However, to remove revoked certificates especially in vehicle communications, pseudonym certificate revocation list (CRL) should be distributed resource-efficiently from a practical deployment point of view and in a timely manner. In this paper, we propose a novel CRL distribution scheme capable of CRL multicast to only activated vehicles registered to the CRL multicast group using the group communication system enabler, namely, the GCSE which is being standardized. The scheme is resource efficient by using CRL distribution paths instead of paging processes to find out multicast vehicle(s) within a certain region. The analyzed results show that the proposed scheme outperforms in terms of paging cost, packets transmission cost, and the processing cost at the respective entities compared to the existing four schemes in the literature.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.1
• /
• pp.91-99
• /
• 2016

A certificate revocation list(CRL) should be distributed quickly to all the vehicles in the network to protect them from malicious users and malfunctioning equipments as well as to increase the overall security and safety of vehicular networks. However, a major challenge is how to distribute CRLs efficiently. In this paper, we propose a novel Regional CRL distribution method based on the vehicle location registration locally to manage vehicle mobility. The method makes Regional CRLs based on the vehicles' location and distributes them, which can reduce CRL size and distribution time efficiently. According to the simulation results, the proposed method's signaling performance of vehicle's registration is enhanced from 22% to 37% compared to the existing Regional CRL distribution method. It's CRL distribution time is also decreased from 37% to 67% compared to the existing Full CRL distribution method.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.91-97
• /
• 2008

The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI (Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates' status for clients. In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.15-27
• /
• 2002

The purpose of this paper is to present both the specification of delta-CRL and the polices for delta CRL in order to solve the problem involved in issuing and maintaining the certificate revocation lists for the mobile communication network. If the user request to revoke the certificate issued by certification authority, the certification should be revoked and listed up in the certificate revocation list. In general, the certificate revocation list is issued regularly. Therefore PKI application should download the CRL and prove the validity of CRL. The traffic size of the exchanged traffic should be reduced for the mobile communication environment. The result if this paper can be used for the mobile communication various environments to reduce the size of CRL.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.04a
• /
• pp.743-745
• /
• 2010

기 구축된 Public Key Infrastructure(이하 PKI) 에서 발급된 디지털인증서를 외부 네트워크와 단절된 인트라넷 환경에서 사용하기 외부 네트워크에 지정된 인증서 검증 서버에 접속할 수가 없기 때문에 인증서 유효성 검증의 문제를 발생시켜 사용이 불가능하다. 이러한 문제점을 해결하기 위해 인트라넷 환경을 위한 인증서유효목록 검증 시스템을 제안한다. 인증서유효목록 검증 시스템은 기존의 PKI 에서 인증서 검증을 위해서 사용하는 Certificate Revocation List (이하 CRL)를 대체하는 Certificate Valid List (이하 CVL)를 사용하여 외부 네트워크와 접속이 단절된 인트라넷 환경에서도 기 구축된 PKI 에서 발급된 디지털 인증서의 유효성을 검증할 수 있다. 인증서유효목록 검증 시스템은 CVL 의 생성을 위한 Certificate Valid List Manager (이하 CVLM)와 주기적인 CVL 발급 및 게시를 위한 Certificate Valid List Issuer (이하 CVLI), 응용서비스에서 사용하는 User Agent (이하 UA) 를 포함한다.

• The KIPS Transactions:PartC
• /
• v.14C no.7
• /
• pp.553-558
• /
• 2007

In this paper, we introduce a set of structures and algorithms for communication efficient public key revocation in wireless sensor networks. Unlike the traditional networks, wireless sensor network is subjected to resources constraints. Thus, traditional public key revocation mechanisms such like the ordinary certificate revocation list is unsuitable to be used. This unsuitability is due to the huge size of required representation space for the different keys' identifiers and the revocation communication as the set of revoked keys grow. In this work, we introduce two communication-efficient schemes for the certificate revocation. In the first scheme, we utilize the complete subtree mechanism for the identifiers representation which is widely used in the broadcast encryption/user revocation. In the second scheme, we introduce a novel bit vector representation BVS which uses vector of relative identifiers occurrence representation. We introduce different revocation policies and present corresponding modifications of our scheme. Finally, we show how the encoding could reduce the communication overhead as well. Simulation results and comparisons are provided to show the value of our work.

• Journal of Internet Computing and Services
• /
• v.5 no.2
• /
• pp.33-40
• /
• 2004

PKI(Public Key Infrastructure) issues a certificate for providing Integrity of public key. and it Inspects the validity by downloading CRL(Certificate Revocation List) for checking the validity of certificate. But. it imposes a burden on processing of certificate due to Increase of user and the size of CRL, Lately, OCSP(Online Certificate Status Protocol), which examines the validity on online, is published as an alternative plan. But, it makes a problem due to concentration of just one certificate repository, Accordingly we propose the scheme that OCSP server is arranged in distributed area and then the information is safely transmitted to OCSP server.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.147-154
• /
• 2006

The certificate status validation mechanism is a critical component of a public key infrastructure based on certificate system. The most generally mechanisms used these days are the use of the certificate revocation list and the real-time certificate status protocol. But the certificate revocation list can not give the real-time certificate status because the certificate is being delivered periodically, and the real-time certificate status protocol method will generate a concentrated load to the server because the protocol in the central server will be accessed whenever a certification is necessary. It will also take a long time to validate the certificate because each trade has to send mass information through the network. This paper will present that real-time validation is guaranteed as the real-time certificate status protocol method and the traffic congestion in the network Is reduced in a way that the certification would be requested using the user information hash value and would be validated using the user information kept in the certification authorities and the service providers. Based on the this study, we suggest a real-time certificate status validation mechanism which can reduce the certificate status validation time using the signed user information hash value. And we confirm speed of certificate status verification faster than existing CRL(Certificate Revocation List) and OCSP(Online Certificate Status Protocol) method by test.