Abstract
Suppose that messages have been signed using a user's signature private key during the period of time after a key compromise but before the compromise is detected. This is a period of undetected key compromise. Various techniques for detecting a compromise and preventing forged signature acceptance are presented. Attack protection is achieved by requiring a second level of authentication for the acceptance of signatures, based on information shared with a trusted authority, independent of the signature private key and signing algorithm. Alternatively, attack detection is achieved with an independent sychronization with the authority, using a second factor/adaptive (non-secret) parameter. Preventing forged signature acceptance
subsequent to the detection is achieved by the use of a cooling-off or latency period, combined with periodic resynchronization.
subsequent to the detection is achieved by the use of a cooling-off or latency period, combined with periodic resynchronization.
Original language | English |
---|---|
Title of host publication | Proceedings of the Network and Distributed System Security Symposium, NDSS 1999, San Diego, California, USA |
Place of Publication | Reston (Virginia) |
Publisher | The Internet Society |
Number of pages | 12 |
ISBN (Print) | 1891562045 |
Publication status | Published - 1999 |