An Introduction to Identity

Download Report

Transcript An Introduction to Identity

An Introduction to
Identity-based
Cryptography
Carl Youngblood
CSEP 590
3/8/06
Problems with PKI
Sender must have
recipient’s certificate
 Complexity of certificate
management and CRLs
 Security paradox –
Certificate database
exposes organization

Enter Identity-Based Cryptography




Cryptography for unprepared
users
Public keys are some attribute
of a user’s identity, such as an
email address, phone number,
or biometric data
Sender only needs to know
recipient’s identity attribute to
send an encrypted message
Recipient need not interact with
the system until after receiving
an encrypted message.
History of IDC

Proposed by Shamir in 1984
 Shamir
came up with a working system for
identity-based signature (IDS), but no system
for identity-based encryption (IDE)
First IDE system discovered in 2001 by
Boneh and Franklin, based on Weil
pairing.
 Currently hot topic in cryptography

Identity-based encryption (IDE)
Identity-based signature (IDS)
Security of IDC

Most IDC schemes are based on bilinear nondegenerate maps. These have the property:
 Pair(a
· X, b · Y) = Pair(b · X, a · Y)
 Operator · refers to multiplication of a point on an
elliptic curve by integers


Though unproven, the assumption is that these
maps are one-way.
Bilinear Diffie-Hellman Assumption, because
BDH problem reduces to it.
Advantages of IDC



No user preparation required – most compelling
advantage
No PKI management or certificate database
Inherent key escrow, though a drawback, allows
for some additional benefits:
 No
client-side installation required; PKG can encrypt
and sign messages for the user, in a web-based
messaging application, for example.
 Policy-based automatic outbound message
encryption
 Users’ keys may be kept on the PKG, which is more
secure than users’ workstations.
 “Chameleon” signatures – only recipient can verify
Disadvantages of IDC

Inherent key escrow
 Weakens
non-repudiation
 Variants being developed to overcome this weakness

No key revocation
 If
private key gets compromised, do I have to get a
new identity?
 Can be fixed by appending validity timestamp to
public key

PKG requires extremely high level of assurance,
since it holds all private keys and must remain
online.
Implementations
Stanford IBE system
http://crypto.stanford.edu/ibe/
 MIRACL
http://indigo.ie/~mscott/
 Voltage Security, Inc.
http://www.voltage.com/
 Proofpoint, Inc.
http://www.proofpoint.com/

Summary
IBC has some weaknesses but is much
easier to use than PKI
 For its advocates, IBC provides a more
reasonable balance between security and
usability
 High level of research is a good
demonstration of its potential
