A Method for Detecting the Exposure of OCSP Responder’s Session Private Key in D-OCSP-KIS

  • Younggyo Lee
  • Injung Kim
  • Seungjoo Kim
  • Dongho Won
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3545)


D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number of OCSP Responder’s certificate but also offers the certificate status validation about OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder’s session private key in a time period (e.g., one day), she cannot derive any other OCSP Responder’s private key unless she obtains master private key. And she cannot derive the hash value of previous period because the hash value is impossible in inverse computation. But, the attacker can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on E-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of OCSP Responder’s session private key and the abuse of hash value in D-OCSP-KIS. In our proposal, the hash value is only used one time for the status validation of OCSP Responder’s session private key and the load for computation of X-chain in CA is distributed to each OCSP Responder.


D-OCSP D-OCSP-KIS OCSP Responder hash function 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Malpani, A., Housley, R., Freeman, T.: Simple Certificate Validation Protocol(SCVP), IETF Internet Draft (June 2002)Google Scholar
  2. 2.
    Adams, C., Sylvestor, P., Zolotarev, M., Zuccherato, R.: Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols. IETF RFC 3029 (February 2001)Google Scholar
  3. 3.
    Yum, D.H., Lee, P.J.: A distributed online certificate status protocol based on GQ signature scheme. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 471–480. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    ITU/ISO Recommendation.: X.509 Information Technology Open Systems Interconnection-The Directory:Authentication Frameworks (2000)Google Scholar
  5. 5.
    Muñoz, J.L., Forné, J., Esparza, O., Soriano, B.M.: A certificate status checking protocol for the authenticated dictionary. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 255–266. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Reyzin, L.: General Time/Storage Tradeoffs for Hash-Chain Re-comoutation, unpublished manuscriptGoogle Scholar
  7. 7.
    Myers, M., Ankney, R., Mappani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, IETF RFC 2560 (June 1999)Google Scholar
  8. 8.
    NIST FIPS (Federal Information Processing Standards Publication) 186-1.: Digital Signature Standard (December 1998)Google Scholar
  9. 9.
    Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Kocher, P.: A Quick Introduction to Certificate Revocation Tree(CRTs), Technical Report, Valicert (1999)Google Scholar
  11. 11.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 2458 (January 1999)Google Scholar
  12. 12.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 3280 (April 2002)Google Scholar
  13. 13.
    Koga, S., Sakurai, K.: A distributed online certificate status protocol with a single public key. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 389–401. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Micali, S.: NOVOMODO; Scable Certificate Validation And Simplified PKI Management. In: 1st Annual PKI Research Workshop Preproceedings, pp. 15–25 (2002)Google Scholar
  15. 15.

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Younggyo Lee
    • 1
  • Injung Kim
    • 2
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Department of Computer EngineeringSungkyunkwan UniversityRepublic of Korea
  2. 2.Electronics and Telecommunication Research InstituteRepublic of Korea

Personalised recommendations