Transcript Document
Identity Based Cryptography James Higdon, Sameer Sherwani CpSc 624/424 Overview • Type of encryption mechanisms • • • • • Types of encryptions Basic Identity based encryption Advantages Disadvantages Applications Encryption - process of transforming information(plaintext) using a cipher (algorithm) to ciphertext. Types of cryptographic mechanisms • Key Authentication o One way hash functions: MD5, SHA o Digital signatures: Verify user: DSA • Key exchange o key distribution: Diffi-Hellman • Key generation o Block Ciphers: DES/AES; ATM, passwords Types of keys(ciphers) • Symmetric keys • Traditional asymmetric keys • Identity-based asymmetric keys o Common public-key Algorithms ( RSA, Elliptic curve, Discrete logarithm based) o Explain difference between traditional and Identity based asymmetric keys Symmetric Encryption Asymmetric Encryption (Public Key Infrastructure - PKI) ID-based Encryption Identity based Encryption(IBE) "identity-based"... mainly about keys The major differences between an identity-based system and a traditional system are • How to authenticate the key • How to distribute the key • How to use the key Identity based Encryption(IBE) • A public-key encryption system in which an arbitrary string can be used as the public key. Any personal information: An e-mail address, a photo, and a postal address, etc Any terms and conditions, such as a time etc • Developed by Adi Shamir in 1984 • However, the encryption schemes were not fully used or created until 2001. How it works • Private Keys are generated by a third party Private Key Generator (PKG) • PKG publishes a public master key and retains the private master key • With the correct ID, users can contact the PKG to obtain the private key • This way, messages may be encrypted without a prior distribution of keys between individuals Advantages Reduces the complexity of the encryption process • No certificates needed. A recipient's public key is derived from his identity. • No pre-enrollment required. • Keys expire, so they don't need to be revoked. In a traditional public-key system, keys must be revoked if compromised. • Less vulnerable to spam. • Enables postdating of messages for future decryption. • Enables automatic expiration, rendering messages unreadable after a certain date. Disadvantages • Requires a centralized server. IBE's centralized approach implies that some keys must be created and held in escrow -- and are therefore at greater risk of disclosure. • Requires a secure channel between a sender or recipient and the IBE server for transmitting the private key. Real-World Application • Voltage Security provide Identity-Based Encryption for emails • IBE Toolkit available to those who would like to use the encryption services