Abstract
The Public Key Infrastructure (PKI) technology is very important to support secure global electronic commerce and digital communications on networks. The Online Certificate Status Protocol (OCSP) is the standard protocol for retrieving certificate revocation information in PKI. To minimize the damages caused by OCSP responder’s private key exposure, a distributed OCSP composed of multiple responders is needed. This paper presents a new distributed OCSP with a single public key by using key-insulated signature scheme [6]. In proposed distributed OCSP, each responder has the different private key, but corresponding public key remains fixed, so the client simply obtains and stores one certificate and can verify any responses by using a single public key.
Chapter PDF
Similar content being viewed by others
Keywords
References
Arnes, A., Just, M., Knapskog, S.J., Lloyd, S., Meijer, H.: Selecting Revocation Solutions for PKI. In: 5th Nordic Workshop on Secure IT Systems, NORDSEC 2000 (2000), http://www.pvv.ntnu.no/ andrearn/certrev/
Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Canetti, R., Gennaro, R., Herzberg, A., Naor, D.: Proactive Security: Long-term protection against break-ins. In: RSA CryptoBytes, vol. 3(1) (1997), http://www.rsasecurity.com/rsalabs/cryptobytes/
Desmedt, Y., Frankel, Y.: Threshold Cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)
Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong Key-Insulated Signature Schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2002)
Housley, R., Polk, W., Ford, W., Solo, D.: Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 3280 (2002), http://www.ietf.org/rfc/rfc3280.txt
Itkis, G., Reyzin, L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)
ITU/ISO Recommendation. X.509 Information Technology Open Sysytems Interconnection - The Directory: Authentication Frameworks (2000)
Kikuchi, H., Abe, K., Nakanishi, S.: Performance Evaluation of Certificate Revocation Using k-Valued Hash Tree. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, pp. 103–117. Springer, Heidelberg (1999)
Kikuchi, H., Abe, K., Nakanishi, S.: Certificate Revocation Protocol Using k-Ary Hash Tree. IEICE Trans. Commun. E84-B(8) (2001)
Kocher, P.C.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Malpani, A., Housley, R., Freeman, T.: Simple Certificate Validation Protocol CIETF Internet-Draft (2003), http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-13.txt
Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Micali, S.: Efficient Certificate Revocation, Technical Memo MIT/LCS/TM-542b, Massachusetts Institute of Technology (1996)
Micali, S.: NOVOMODO; Scalable Certificate Validation And Simplified PKI Management. In: 1st Annual PKI Research Workshop, pp. 15–25 (2002), http://www.cs.dartmouth.edu/pki02/
Munoz, J.L., Forne, J., Esparza, O., Bernable, I., Soriano, M.: Using OCSP to Secure Certificate-Using Transactions in M-commerce. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 280–292. Springer, Heidelberg (2003)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Publik Key Infrastructure Online Certificate Status Protocol-OCSP, IETF RFC 2560 (1999), http://www.ietf.org/rfc/rfc2560.txt
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. In: 7th USENIX Security Symposium, pp. 217–228 (1998), http://www.usenix.org/publications/library/proceedings/usenix98/
Nash, W., Duane, C.: Joseph, and D. Brink, PKI - Implementing and Managing E-Security, Osborne Media Group (2001)
National Institute of Standards and Technology (NIST), Security Requirements for Cryptographic Modules, FIPS 140-2 (2001), http://csrc.nist.gov/publications/fips/
Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC 3379 (2002), http://www.ietf.org/rfc/rfc3379.txt
Rivest, R.L.: Can We Eliminate Certificate Revocation Lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koga, S., Sakurai, K. (2004). A Distributed Online Certificate Status Protocol with a Single Public Key. In: Bao, F., Deng, R., Zhou, J. (eds) Public Key Cryptography – PKC 2004. PKC 2004. Lecture Notes in Computer Science, vol 2947. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24632-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-24632-9_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21018-4
Online ISBN: 978-3-540-24632-9
eBook Packages: Springer Book Archive