Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Identity-based Cryptography

Published byFrederick Rich Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to Identity-based Cryptography"— Presentation transcript:

1 An Introduction to Identity-based Cryptography
Carl Youngblood CSEP 590 3/8/06

2 Problems with PKI Sender must have recipient’s certificate
Complexity of certificate management and CRLs Security paradox – Certificate database exposes organization e3eab1253b682fda7af153f6550ccb6e Anecdote about PGP plugin for mail client and girlfriend’s disinterest Crypto still fails to pass the Grandma test Anecdote about Boeing and SAIC on FCS joint project

3 Enter Identity-Based Cryptography
Cryptography for unprepared users Public keys are some attribute of a user’s identity, such as an address, phone number, or biometric data Sender only needs to know recipient’s identity attribute to send an encrypted message Recipient need not interact with the system until after receiving an encrypted message.

4 History of IDC Proposed by Shamir in 1984
Shamir came up with a working system for identity-based signature (IDS), but no system for identity-based encryption (IDE) First IDE system discovered in 2001 by Boneh and Franklin, based on Weil pairing. Currently hot topic in cryptography One paper I found said it was the most active field of research in cryptography today. Another said over 200 papers have been written on it in the last 5 years alone.

5 Identity-based encryption (IDE)
Alice prepares plaintext message M for Bob using IDbob and master public key Bob receives C from Alice. In most implementations it is assumed that C comes with plaintext instructions for contacting the PKG to get the private key required to decrypt it. Bob authenticates with the PKG and retrieves his key over a secure channel. (possible explain authentication process with addresses) Bob decrypts C using his private key to recover plaintext message M One variation allows the PKG to decrypt the message for Bob

6 Identity-based signature (IDS)
Alice authenticates with the PKG and receives her private key skIDAlice Using her private key she generates a signature (sigma) and transmits it to Bob along with the message M. Bob checks whether sig is genuine sig on M using Alice’s identity IDAlice and pkPKG.

7 Security of IDC Most IDC schemes are based on bilinear non-degenerate maps. These have the property: Pair(a · X, b · Y) = Pair(b · X, a · Y) Operator · refers to multiplication of a point on an elliptic curve by integers Though unproven, the assumption is that these maps are one-way. Bilinear Diffie-Hellman Assumption, because BDH problem reduces to it. Unproven in the same way we don’t know for sure if P = NP

8 Advantages of IDC No user preparation required – most compelling advantage No PKI management or certificate database Inherent key escrow, though a drawback, allows for some additional benefits: No client-side installation required; PKG can encrypt and sign messages for the user, in a web-based messaging application, for example. Policy-based automatic outbound message encryption Users’ keys may be kept on the PKG, which is more secure than users’ workstations. “Chameleon” signatures – only recipient can verify

9 Disadvantages of IDC Inherent key escrow No key revocation
Weakens non-repudiation Variants being developed to overcome this weakness No key revocation If private key gets compromised, do I have to get a new identity? Can be fixed by appending validity timestamp to public key PKG requires extremely high level of assurance, since it holds all private keys and must remain online. Like Brian has said, perfect non-repudiation does not exist. Even PKI has some non-repudiation issues. With IBC, level of non-repudiation is tied to trust in the PKG. If you trust PKG not to sign messages or only to sign messages at the user’s request, then you still have non-repudiation.

10 Implementations Stanford IBE system http://crypto.stanford.edu/ibe/
MIRACL Voltage Security, Inc. Proofpoint, Inc. Proofpoint licenses Voltage’s technology to provide features.

11 Summary IBC has some weaknesses but is much easier to use than PKI
For its advocates, IBC provides a more reasonable balance between security and usability High level of research is a good demonstration of its potential (may mention “ivory-tower” cryptography) In the interest of security, the barrier to entry has been made high enough that nobody uses cryptography, so we’re trading an ultra-high level of security for none at all, when we could perhaps gain a reasonable level of security that people could still figure out how to use.

Download ppt "An Introduction to Identity-based Cryptography"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
PAR for P1363.3 Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P1363.3.

PAR for P Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,

RIKE Using Revocable Identities to Support Key Escrow in PKIs Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao State Key Laboratory of Information Security,
Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)

Identity-Based Cryptography for Grid Security Hoon Wei Lim Information Security Group Royal Holloway, University of London (Joint work with Kenny Paterson)
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Cryptography for Backup Navigation

Cryptography for Backup Navigation
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google