1 / 11

An Introduction to Identity-based Cryptography

An Introduction to Identity-based Cryptography. Carl Youngblood CSEP 590 3/8/06. Problems with PKI. Sender must have recipient’s certificate Complexity of certificate management and CRLs Security paradox – Certificate database exposes organization. e3eab1253b682fda7af153f6550ccb6e.

lenore
Télécharger la présentation

An Introduction to Identity-based Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to Identity-based Cryptography Carl Youngblood CSEP 590 3/8/06

  2. Problems with PKI • Sender must have recipient’s certificate • Complexity of certificate management and CRLs • Security paradox – Certificate database exposes organization e3eab1253b682fda7af153f6550ccb6e

  3. Enter Identity-Based Cryptography • Cryptography for unprepared users • Public keys are some attribute of a user’s identity, such as an email address, phone number, or biometric data • Sender only needs to know recipient’s identity attribute to send an encrypted message • Recipient need not interact with the system until after receiving an encrypted message.

  4. History of IDC • Proposed by Shamir in 1984 • Shamir came up with a working system for identity-based signature (IDS), but no system for identity-based encryption (IDE) • First IDE system discovered in 2001 by Boneh and Franklin, based on Weil pairing. • Currently hot topic in cryptography

  5. Identity-based encryption (IDE)

  6. Identity-based signature (IDS)

  7. Security of IDC • Most IDC schemes are based on bilinear non-degenerate maps. These have the property: • Pair(a · X, b · Y) = Pair(b · X, a · Y) • Operator· refers to multiplication of a point on an elliptic curve by integers • Though unproven, the assumption is that these maps are one-way. • Bilinear Diffie-Hellman Assumption, because BDH problem reduces to it.

  8. Advantages of IDC • No user preparation required – most compelling advantage • No PKI management or certificate database • Inherent key escrow, though a drawback, allows for some additional benefits: • No client-side installation required; PKG can encrypt and sign messages for the user, in a web-based messaging application, for example. • Policy-based automatic outbound message encryption • Users’ keys may be kept on the PKG, which is more secure than users’ workstations. • “Chameleon” signatures – only recipient can verify

  9. Disadvantages of IDC • Inherent key escrow • Weakens non-repudiation • Variants being developed to overcome this weakness • No key revocation • If private key gets compromised, do I have to get a new identity? • Can be fixed by appending validity timestamp to public key • PKG requires extremely high level of assurance, since it holds all private keys and must remain online.

  10. Implementations • Stanford IBE system http://crypto.stanford.edu/ibe/ • MIRACL http://indigo.ie/~mscott/ • Voltage Security, Inc. http://www.voltage.com/ • Proofpoint, Inc. http://www.proofpoint.com/

  11. Summary • IBC has some weaknesses but is much easier to use than PKI • For its advocates, IBC provides a more reasonable balance between security and usability • High level of research is a good demonstration of its potential

More Related