A Countermeasure of Fake Root Key Installation Using One-Time Hash Chain

  • Younggyo Lee
  • Jeonghee Ahn
  • Seungjoo Kim
  • Dongho Won
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4496)


Adil Alsaid and Chris J. Mitchell proposed the possibility of fake root public key installation by an attacker in user’s PC and showed its countermeasures in 2005. The root public keys are used to verify the certificates for applet providers. Therefore the insertion of false public keys allows arbitrary numbers of rogue application to be executed on a user’s PC. We propose a protection method for installing fake root keys in a user’s PC. The method uses the one-time hash chain based on NOVOMODO. In the proposal, as the computation costs and the storage amounts for hash chain are very small, the proposed method will not be a big load to the publisher of the browser, the applet provision agent and the user. The implementation of the method is simple and it offers convenient authentication of the root to the user. Therefore, the method can provide a intelligent and secure agent technique for the digital content distribution.


root public key hash chain publisher of the browser web browser applet provider applet distribution agent 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alsaid, A., Mitchell, C.J.: Installing Fake Root Keys in a PC. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 227–239. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Zhou, J., Bao, F., Deng, R.: An Efficient Public-Key Framework. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 88–99. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Yang, J.-P., Sur, C., Jang, H.-S., Rhee, K.-H.: Practial Modification of An Efficient Public-Key Framework. In: 2004 IEEE International Conference on e-Technology (March 2004)Google Scholar
  4. 4.
    Reyzin, L.: General Time/Storage Tradeoffs for Hash-Chain Re-comoutation. Unpublished manuscriptGoogle Scholar
  5. 5.
    Myers, M., Ankney, R., Mappani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF RFC 2560 (June 1999)Google Scholar
  6. 6.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC 3280 (April 2002)Google Scholar
  7. 7.
    Koga, S., Sakurai, K.: A Distributed Online Certificate Status Protocol with a Single Public Key. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 389–401. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Micali, S.: NOVOMODO: Scable Certificate Validation And Simplified PKI Management. In: 1st Annual PKI Research Workshop Preproceedings, pp. 15–25 (2002)Google Scholar
  9. 9.
    Lee, Y., Kim, I.J., Kim, S., Won, D.H.: A Method for Detecting the Exposure of OCSP Responder’s Session Private Key in D-OCSP-KIS. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 215–226. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Lee, Y., Ahn, J., Kim, S., Won, D.: A Method for Detecting the Exposure of an OCSP Responder’s Private Key using One-Time Hash Value. IJCSNS International Journal of Computer Science and Network Security 5(8), 179–186 (2005)Google Scholar
  11. 11.
    Lee, Y., Ahn, J., Kim, S., Won, D.H.: A PKI System for Detecting the Exposure of a User’s Secret Key. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 248–250. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Younggyo Lee
    • 1
  • Jeonghee Ahn
    • 2
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Information Security Group, Department of Computer Engineering, Sungkyunkwan University, 300 Chunchun-dong, Jangan-gu, Suwon, Kyunggi-do, 440-746Korea
  2. 2.Department of Computer Science, Doowon Technical College, 678 Jangwon-ri, Juksan-myoun, Anseong, Kyunggi-do, 456-718Korea

Personalised recommendations