A Distributed A Distributed Online Certificate Status Protocol - - PowerPoint PPT Presentation

a distributed a distributed online certificate status
SMART_READER_LITE
LIVE PREVIEW

A Distributed A Distributed Online Certificate Status Protocol - - PowerPoint PPT Presentation

Feb 18, 2023 233 likes •350 views

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

slide-1
SLIDE 1

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol

Satoshi Koga Satoshi Koga, Kouichi Sakurai Kyushu University, Japan

slide-2
SLIDE 2

Background Background

  • Certificate Revocation Problem

Certificate Revocation Problem

– The certificate should be revoked in case that:

  • User’s private key is compromised
  • User’s personal information is changed

– The user should check whether the certificate has been revoked or not

  • Online Certificate Status Protocol (OCSP)
slide-3
SLIDE 3

OCSP OCSP

The standard protocol of online revocation system

  • 1. The client requests to OCSP responder
  • Is this certificate valid or not ?
  • 2. The OCSP responder responses to the user
  • OCSP responder digitally signs the response

Certification Certification Authority(CA Authority(CA) )

Up-to-date CRL

user response responder responder request

slide-4
SLIDE 4

Problems Problems

– – If responder is centralized If responder is centralized, it’s vulnerable to Denial of Service (DoS) attacks –Compromise of responder’s private key is affected the entire system

slide-5
SLIDE 5

Distributed OCSP Distributed OCSP

  • Private key exposures appear to be unavoidable

– Minimizing the damage caused by responder’s key exposures is important

  • A D

Distributed istributed OCSP OCSP (D (D-

  • OCSP)

OCSP) composed of the multiple responders – Each responder has own private key – If the responder’s private key is compromised, the others are not affected

slide-6
SLIDE 6

D D-

  • OCSP

OCSP

CA’s certificate responder’s certificate

response + signature

CA CA

Client Client

responder responder 1 1 responder n responder n

1 1 SK

, PK

n n SK

, PK

slide-7
SLIDE 7

Motivation Motivation

  • General D-OCSP

– Every time the client receives the response, he should download responder’s certificate – The client needs to obtain the different responder’s certificates [Goals]

  • Minimize the damage caused by responder’s

private key exposures

  • Reduce the load of users
slide-8
SLIDE 8

Our Method Our Method

  • Key-Insulated Signature Scheme [D03]

– The private key can be changed frequently, but the corresponding public key remains fixed [Our Method]

  • The multiple private keys are generated and

assigned each responder – The user can verify any responses using a single public key !!

[D03] Y.Dodis et al. , “Strong Key-Insulated Signature Schemes”, PKC 2003

slide-9
SLIDE 9

Proposed D Proposed D-

  • OCSP

OCSP

responder’s certificate Single Public key CA’s certificate

CA CA

user user

responder responder 1 1 responder n responder n

1

SK

n

SK

slide-10
SLIDE 10

Thank you !!

satoshi@itslab.csce.kyushu-u.ac.jp