Rogue Public Key Registration Attack and the Importance of 'Proof of Possession' in the PKI Environment(Application Information Security)
スポンサーリンク
概要
- 論文の詳細を見る
The security vulnerabilities of a number of provable secure proxy signature schemes are examined with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated.
- 社団法人電子情報通信学会の論文
- 2006-08-01
著者
-
Hong Seong-min
Cs Division At Kaist
-
Yoon Hyunsoo
Korea Advanced Inst. Of Sci. And Technol. (kaist) Kor
-
Yoon Hyunsoo
Cs Division At Kaist
-
LEE Younho
EECS Department at KAIST
-
PARK Yongsu
College of Information and Communications at Hanyang Univ.
-
LEE Younho
CS Division at KAIST
-
KIM Heeyoul
CS Division at KAIST
-
Park Yongsu
College Of Information And Communications Hanyang University
-
Kim Heeyoul
Cs Division Kaist
-
Yoon Hyunsoo
Eecs Department At Kaist
関連論文
- VAMSD : Voronoi Diagram Based Autonomous Mobile Sensor Deployment for Maximizing Coverage
- A Velocity-Based Bicasting Handover Scheme for 4G Mobile Systems
- Improving Handover Quality in 4G Mobile Systems
- Efficient and Secure Self-Organized Public Key Management for Mobile Ad Hoc Networks
- A New Binary Image Authentication Scheme with Small Distortion and Low False Negative Rates(Fundamental Theories for Communications)
- Reactive Key Management Scheme for Access Control in Group Communications(Fundamental Theories for Communications)
- Rogue Public Key Registration Attack and the Importance of 'Proof of Possession' in the PKI Environment(Application Information Security)
- Handoff Procedure for Seamless Service in IP and OFDM Based 4G Mobile Systems(Mobile Communication, Wireless Technologies and Computational Electromagnetics)
- Securing Mobile Agents by Integrity-Based Encryption(Software Agent and Its Applications)
- Autonomous Clustering Scheme for Wireless Sensor Networks Using Coverage Estimation-Based Self-Pruning(Network, Ubiquitous Networks)
- A Resilient and Efficient Replication Attack Detection Scheme for Wireless Sensor Networks
- A New MAC Protocol for Improving the End-to-End Performance in Multi-Hop Wireless Ad Hoc Networks(Ad Hoc Network)(Networking Technologies for Mobile Internet Systems)
- A Decentralized Multi-Group Key Management Scheme
- An Efficient Mobile Code Authentication Scheme that Permits Overlapping of Execution and Downloading(Networks)
- Sensor Node Localization by Three Mobile Anchors in the Wireless Sensor Networks