Abstract
Adil Alsaid and Chris J. Mitchell proposed the possibility of fake root public key installation by an attacker in user’s PC and showed its countermeasures in 2005. The root public keys are used to verify the certificates for applet providers. Therefore the insertion of false public keys allows arbitrary numbers of rogue application to be executed on a user’s PC. We propose a protection method for installing fake root keys in a user’s PC. The method uses the one-time hash chain based on NOVOMODO. In the proposal, as the computation costs and the storage amounts for hash chain are very small, the proposed method will not be a big load to the publisher of the browser, the applet provision agent and the user. The implementation of the method is simple and it offers convenient authentication of the root to the user. Therefore, the method can provide a intelligent and secure agent technique for the digital content distribution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alsaid, A., Mitchell, C.J.: Installing Fake Root Keys in a PC. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 227–239. Springer, Heidelberg (2005)
Zhou, J., Bao, F., Deng, R.: An Efficient Public-Key Framework. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 88–99. Springer, Heidelberg (2003)
Yang, J.-P., Sur, C., Jang, H.-S., Rhee, K.-H.: Practial Modification of An Efficient Public-Key Framework. In: 2004 IEEE International Conference on e-Technology (March 2004)
Reyzin, L.: General Time/Storage Tradeoffs for Hash-Chain Re-comoutation. Unpublished manuscript
Myers, M., Ankney, R., Mappani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF RFC 2560 (June 1999)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC 3280 (April 2002)
Koga, S., Sakurai, K.: A Distributed Online Certificate Status Protocol with a Single Public Key. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 389–401. Springer, Heidelberg (2004)
Micali, S.: NOVOMODO: Scable Certificate Validation And Simplified PKI Management. In: 1st Annual PKI Research Workshop Preproceedings, pp. 15–25 (2002)
Lee, Y., Kim, I.J., Kim, S., Won, D.H.: A Method for Detecting the Exposure of OCSP Responder’s Session Private Key in D-OCSP-KIS. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 215–226. Springer, Heidelberg (2005)
Lee, Y., Ahn, J., Kim, S., Won, D.: A Method for Detecting the Exposure of an OCSP Responder’s Private Key using One-Time Hash Value. IJCSNS International Journal of Computer Science and Network Security 5(8), 179–186 (2005)
Lee, Y., Ahn, J., Kim, S., Won, D.H.: A PKI System for Detecting the Exposure of a User’s Secret Key. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 248–250. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, Y., Ahn, J., Kim, S., Won, D. (2007). A Countermeasure of Fake Root Key Installation Using One-Time Hash Chain. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_107
Download citation
DOI: https://doi.org/10.1007/978-3-540-72830-6_107
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72829-0
Online ISBN: 978-3-540-72830-6
eBook Packages: Computer ScienceComputer Science (R0)