Sciweavers

NDSS
1999
IEEE

Addressing the Problem of Undetected Signature Key Compromise

14 years 4 months ago
Addressing the Problem of Undetected Signature Key Compromise
Suppose that messages have been signed using a user's signature private key during the period of time after a key compromise but before the compromise is detected. This is a period of undetected key compromise. Various techniques for detecting a compromise and preventing forged signature acceptance are presented. Attack protection is achieved by requiring a second level of authentication for the acceptance of signatures, based on information shared with a trusted authority, independent of the signature private key and signing algorithm. Alternatively, attack detection is achieved with an independent sychronization with the authority, using a second factor adaptive non-secret parameter. Preventing forged signature acceptance subsequent to the detection is achieved by the use of a cooling-o or latency period, combined with periodic resynchronization.
Mike Just, Paul C. van Oorschot
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where NDSS
Authors Mike Just, Paul C. van Oorschot
Comments (0)