Abstract
Recently the concept of password-enabled PKI is an emerging issue to support user mobility. Virtual soft token and virtual smartcard were proposed as the password-enabled PKI. However, the virtual soft token does not support key disabling. In the virtual smartcard, the user must interact with remote entity per signing operation. In addition, both schemes do not support forward secrecy and instant revocation.
In this paper, we propose a new approach that supports user mobility. The proposed approach supports key disabling and the user does not need interaction with the remote entity for each signature. Moreover, the proposed scheme allows instant key revocation. Thereby, the distribution of CRL is not required. Furthermore, the proposed scheme supports forward secrecy. In this sense, our scheme, implemented only software, is stronger than a long-term private key with physical smart cards. By forward secrecy and instant revocation, signing documents using a time-stamp provided by a trusted authority is not required to protect from modifying signed document by the adversary who knows private key.
This work was supported by the Soongsil University Research Fund.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Perlman, R., Kaufman, C.: Secure password-based protocol for downloading a private key. In: Proc. ISOC Network and Distributed System Security Symposium (1999)
Ford, W., Kaliski, B.: Server-assisted generation of a strong secret from a password. In: Proc. IEEE International Workshop on Enterprise Security (2000)
Jablon, D.P.: Password authentication using multiple servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)
Ganesan, R., Yaksha: Argumenting kerberos with public-key cryptography. In: Proceedings of the ISOC Network and Distributed System Security Symposium (1995)
Sandhu, M.B.R., Ganesan, R.: Password-enabled pki: Virtual smart-cards versus virtual soft token. In: Proc. of 1th Annual PKI Resarch Workshop, pp. 89–96 (2002)
Wang, X.: Intrusion-tolerant passwqord-enabled pki. In: Proceedings of the 2nd Annual PKI Research Workshop, pp. 44–53 (2004)
Kwon, T.: Virtual software tokens - a practical way to secure pki roaming. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 288–302. Springer, Heidelberg (2002)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)
Jablon, D.: Strong password-only authenticated key exchange. In: Proceedings RSA Conference. LNCS, Internet Society (2001)
Wu, T.: The secure remote password protocol. In: Proceedings of the Symposium on Network and Distributed Systems Security (NDSS 1998), San Diego, California, Internet Society, pp. 97–111 (1998)
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. J. Cryptology 3, 99–111 (1991)
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13, 361–396 (2000)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. IETF (1999)
Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory 31, 469–472 (1985)
Tsiounis, Y., Yung, M.: On the security of elgamal based encryption. In: Public Key Cryptography, pp. 117–134 (1998)
Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jung, S.W., Jung, S. (2006). Forward Secure Password-Enabled PKI with Instant Revocation. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_5
Download citation
DOI: https://doi.org/10.1007/11774716_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35151-1
Online ISBN: 978-3-540-35152-8
eBook Packages: Computer ScienceComputer Science (R0)