Document

Download Report

Transcript Document 

Identity Based
Cryptography
James Higdon, Sameer Sherwani
CpSc 624/424
Overview
• Type of encryption mechanisms
•
•
•
•
•
Types of encryptions
Basic Identity based encryption
Advantages
Disadvantages
Applications
Encryption
- process of transforming information(plaintext) using a cipher
(algorithm) to ciphertext.
Types of cryptographic mechanisms
• Key Authentication
o One way hash functions: MD5, SHA
o Digital signatures: Verify user: DSA
• Key exchange
o key distribution: Diffi-Hellman
• Key generation
o Block Ciphers: DES/AES; ATM, passwords
Types of keys(ciphers)
• Symmetric keys
• Traditional asymmetric keys
• Identity-based asymmetric keys
o Common public-key Algorithms
 ( RSA, Elliptic curve, Discrete logarithm based)
o Explain difference between traditional and Identity based
asymmetric keys
Symmetric Encryption
Asymmetric Encryption
(Public Key Infrastructure - PKI)
ID-based Encryption
Identity based Encryption(IBE)
"identity-based"... mainly about keys
The major differences between an identity-based
system and a traditional system are
• How to authenticate the key
• How to distribute the key
• How to use the key
Identity based Encryption(IBE)
• A public-key encryption system in which an arbitrary string
can be used as the public key.
 Any personal information:
 An e-mail address, a photo, and a postal address, etc
 Any terms and conditions, such as a time etc
• Developed by Adi Shamir in 1984
• However, the encryption schemes were not fully used or
created until 2001.
How it works
• Private Keys are generated by a third party Private Key
Generator (PKG)
• PKG publishes a public master key and retains the private
master key
• With the correct ID, users can contact the PKG to obtain the
private key
• This way, messages may be encrypted without a prior
distribution of keys between individuals
Advantages
Reduces the complexity of the encryption process
• No certificates needed. A recipient's public key is derived from his identity.
• No pre-enrollment required.
• Keys expire, so they don't need to be revoked. In a traditional public-key
system, keys must be revoked if compromised.
• Less vulnerable to spam.
• Enables postdating of messages for future decryption.
• Enables automatic expiration, rendering messages unreadable after a certain
date.
Disadvantages
• Requires a centralized server. IBE's centralized approach implies
that some keys must be created and held in escrow -- and are
therefore at greater risk of disclosure.
• Requires a secure channel between a sender or recipient and the
IBE server for transmitting the private key.
Real-World Application
• Voltage Security provide Identity-Based Encryption for
emails
• IBE Toolkit available to those who would like to use the
encryption services