새로운 공개키 프레임워크와 PAN을 위한 응용

Abstract

Without doubt, the promise of Public Key Infrastructure (PKI) technology has attracted a significant amount of attention to support secure and authenticated services in the heterogeneous networks. The IETF PKIX Working Group is developing the Internet standards to support an X.509-based PKI, which provides a framework on services related to issuing public key certificates and distributing revocation information. The lack of a mechanism that provides efficient and timely distribution of certification revocatino information is a main issue for implementing more efficient PKI environment. The existing certificate revocation schemes place a considerable processing. commucication. and storage overheads on certificate authority(CA) as well as the relying parties. In this thesis, the main target of our research is to provide a new public key framework which reduces the overheads of computation for digital signature generation/verification and communication for verifying the validity of X.509 certificate. Specially, we focus on developing new public key frameworks in Internet and Personal Area Network (PAN) environment. For Internet environment, we review J. Zhou et al's public key framework from the view point of the actual deployment, and propose a new public key framework by changing security parameters into more suitable ones to enhance the actuality and reduce the overheads of computation and communication. Moreover, we analyze the security of our new public key framework from the vulnerability window point of view. A PAN is the interconnection of fixed, portable, or moving components within a range of an individual operating space, typically within a range of 10 meters. In PAN the communication between components should be secure and authenticated since private information and personal data will be transmitted over radio links. Secure and authenticated communication can be achieved by means of proper security protocols and appropriate security associations among PAN components. For the sake of supporting key management in a PAN, a personal CA in the personal PKI concept is responsible for generating public key certificates for all mobile devices within the PAN. The personal CA is used by an ordinary user at home or small office deployment distinguished from large scale or global CA functions. Although the personal PKI concept seems to be properly applied to PAN environment, the adaptation of PKI concept to PAN is not suitable due to the limited resource of the mobile devices. For PAN environment, we propose a new public key framework that reduces computational overheads for generating and verifying signatures on mobile devices. Especially. we focus on eliminating the traditional public key operations on mobile devices by means of one-time signature scheme, and differentiating it from previously proposed server-assisted signatures relied on assistances of a signature server. As a result, the proposed protocol gets rid of inherent drawbacks of server-assisted signatures such as problematic disputes, and high computational and storage requirements on the server side. Moreover, our framework provides simplified procedure for certificate status management based on hash chain to alleviate communication and computational costs for checking certificate status information.