An Introduction to Identity
Download
Report
Transcript An Introduction to Identity
An Introduction to
Identity-based
Cryptography
Carl Youngblood
CSEP 590
3/8/06
Problems with PKI
Sender must have
recipient’s certificate
Complexity of certificate
management and CRLs
Security paradox –
Certificate database
exposes organization
Enter Identity-Based Cryptography
Cryptography for unprepared
users
Public keys are some attribute
of a user’s identity, such as an
email address, phone number,
or biometric data
Sender only needs to know
recipient’s identity attribute to
send an encrypted message
Recipient need not interact with
the system until after receiving
an encrypted message.
History of IDC
Proposed by Shamir in 1984
Shamir
came up with a working system for
identity-based signature (IDS), but no system
for identity-based encryption (IDE)
First IDE system discovered in 2001 by
Boneh and Franklin, based on Weil
pairing.
Currently hot topic in cryptography
Identity-based encryption (IDE)
Identity-based signature (IDS)
Security of IDC
Most IDC schemes are based on bilinear nondegenerate maps. These have the property:
Pair(a
· X, b · Y) = Pair(b · X, a · Y)
Operator · refers to multiplication of a point on an
elliptic curve by integers
Though unproven, the assumption is that these
maps are one-way.
Bilinear Diffie-Hellman Assumption, because
BDH problem reduces to it.
Advantages of IDC
No user preparation required – most compelling
advantage
No PKI management or certificate database
Inherent key escrow, though a drawback, allows
for some additional benefits:
No
client-side installation required; PKG can encrypt
and sign messages for the user, in a web-based
messaging application, for example.
Policy-based automatic outbound message
encryption
Users’ keys may be kept on the PKG, which is more
secure than users’ workstations.
“Chameleon” signatures – only recipient can verify
Disadvantages of IDC
Inherent key escrow
Weakens
non-repudiation
Variants being developed to overcome this weakness
No key revocation
If
private key gets compromised, do I have to get a
new identity?
Can be fixed by appending validity timestamp to
public key
PKG requires extremely high level of assurance,
since it holds all private keys and must remain
online.
Implementations
Stanford IBE system
http://crypto.stanford.edu/ibe/
MIRACL
http://indigo.ie/~mscott/
Voltage Security, Inc.
http://www.voltage.com/
Proofpoint, Inc.
http://www.proofpoint.com/
Summary
IBC has some weaknesses but is much
easier to use than PKI
For its advocates, IBC provides a more
reasonable balance between security and
usability
High level of research is a good
demonstration of its potential