Rogue public key registration attack and the importance of proof of possession in the PKI environment

The security vulnerabilities of a number of provable secure proxy signature schemes are examined,with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated [1].
Publisher
IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
Issue Date
2006-08
Language
ENG
Keywords

PROTECTED SIGNATURE SCHEMES; PROXY SIGNATURES

Citation

IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E89D, no.8, pp.2452 - 2455

ISSN
0916-8532
DOI
10.1093/ietisy/e89-d.8.2452
URI
http://hdl.handle.net/10203/3357
Appears in Collection
CS-Journal Papers(저널논문)
  • Hit : 374
  • Download : 1
  • Cited 0 times in thomson ci
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡClick to seewebofscience_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0