Rogue public key registration attack and the importance of 'proof of possession' in the PKI environment

Younho Lee; Yongsu Park; Heeyoul Kim; Seong Min Hong; Hyunsoo Yoon

doi:10.1093/ietisy/e89-d.8.2452

Rogue public key registration attack and the importance of 'proof of possession' in the PKI environment

Younho Lee, Yongsu Park, Heeyoul Kim, Seong Min Hong, Hyunsoo Yoon

Dept. of Industrial Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

The security vulnerabilities of a number of provable secure proxy signature schemes are examined with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated [1].

Original language	English
Pages (from-to)	2452-2455
Number of pages	4
Journal	IEICE Transactions on Information and Systems
Volume	E89-D
Issue number	8
DOIs	https://doi.org/10.1093/ietisy/e89-d.8.2452
State	Published - Aug 2006

Keywords

Cryptanalysis
Digital signature
Proxy signature

Access to Document

10.1093/ietisy/e89-d.8.2452

Cite this

@article{6c68497ae5894a5aa0ce76740edb637f,

title = "Rogue public key registration attack and the importance of 'proof of possession' in the PKI environment",

abstract = "The security vulnerabilities of a number of provable secure proxy signature schemes are examined with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated [1].",

keywords = "Cryptanalysis, Digital signature, Proxy signature",

author = "Younho Lee and Yongsu Park and Heeyoul Kim and Hong, \{Seong Min\} and Hyunsoo Yoon",

year = "2006",

month = aug,

doi = "10.1093/ietisy/e89-d.8.2452",

language = "English",

volume = "E89-D",

pages = "2452--2455",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

number = "8",

}

TY - JOUR

T1 - Rogue public key registration attack and the importance of 'proof of possession' in the PKI environment

AU - Lee, Younho

AU - Park, Yongsu

AU - Kim, Heeyoul

AU - Hong, Seong Min

AU - Yoon, Hyunsoo

PY - 2006/8

Y1 - 2006/8

N2 - The security vulnerabilities of a number of provable secure proxy signature schemes are examined with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated [1].

AB - The security vulnerabilities of a number of provable secure proxy signature schemes are examined with the assumption that users can register their public keys without having corresponding private keys. This assumption is different from that of a standard proxy signature in which the public keys of users are authentic. Under this assumption, both the Triple Schnorr scheme and Kang et al's scheme are shown to be vulnerable to a rogue public key registration attack. This attack gives an adversary the ability to generate a proxy signature without the valid agreement of the original signer. Moreover, it is shown that an adversary can manipulate the description of a delegated signing right at will. This work can be considered as an awakening to the importance of Proof of Possession (PoP) in the PKI environment, as in many cases certificate authorities do not require the PoP protocol, as has been stated [1].

KW - Cryptanalysis

KW - Digital signature

KW - Proxy signature

UR - https://www.scopus.com/pages/publications/33747848597

U2 - 10.1093/ietisy/e89-d.8.2452

DO - 10.1093/ietisy/e89-d.8.2452

M3 - Article

AN - SCOPUS:33747848597

SN - 0916-8532

VL - E89-D

SP - 2452

EP - 2455

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 8

ER -

Rogue public key registration attack and the importance of 'proof of possession' in the PKI environment

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this