-
7/28/2019 Identity Based Cryptosystem
1/3
Introduction
Identity-based public key encryption enables easy initiation of
public key cryptography by enabling an
entitys public key to be obtained from a random identification
element, such as an email address or a
name. The main sensible advantage of identity-based cryptography
is in tremendously minimizing the need
for as well as dependence on, public key certificates. Whereas
various fascinating identity-based systems
have been built in the past, there is none that is compatible
with common public key encryption algorithms
like the El Gamal and Rivest-Shamir-Adleman (RSA). This
restricts the service of identity-based
cryptography as an on-going stage to full-scale public key
cryptography. Additionally, it is essential
challenging to resolve fine grained recall with identity-based
cryptography.
Mediated RSA (mRSA) is an easy and realistic technique of
sharing a RSA private key between the user
and a Security Mediator (SEM). None of the user or the SEM can
deceive one another because each
cryptographic operation regardless of whether it the signature
or decryption entails both elements. mRSA
permits rapid and fine-grained management of users security
privileges. Nevertheless, mRSA nonetheless
depends on the conventional public key certificates to hold and
communicate public keys.
Therefore a password is not needed in the subsequent attempts in
Identity based Cryptosystem because in
an ordinary public key infrastructure (PKI) deployment, a users
public key is specifically fixed in a public
key certificate which is, fundamentally, a combination between
the certificate holders identity and the
requested public key. This standard form requires universal
trust in certificate issuers that is Certification
Authorities (Joye & Neven, 2009).
Will identity based cryptosystem replace PKI
Looking at the current trends, it is almost certain that,
Identity Based Cryptosystem (IBC) will replace Public
Key infrastructure (PKI). One noticeable drawback to extensive
implementation of public-key cryptographyis its reliance on a
public-key infrastructure that is split between its users. Prior to
secure communications
can be initiated, both sender and receiver must produce
encryption and signature matched up keys, send
certificate requests together with evidence of identity to a
Certificate Authority (CA), and get CA-signed
certificates, which they can then make use of in authentication
both ways and communicate encrypted
messages. This process can be slow as well as be subject to
errors, and is particularly unfriendly to new
computer users.
In most instances, people who can receive encrypted email are
also unable to transmit secure messages to
other people because of poor or no readiness, minimal
interoperability, hardware limitations or insufficient
technical expertise on the receiving end. Putting into
consideration the need to pass and receive
information and the intricacy of PKI-based cryptography,
communication that can benefit from added
security is regularly carried out in the open. Therefore in
essence Identity-based cryptosystem (IBC) tries to
minimize these obstacles by demanding no readiness on the
receiving end. Although it offers various
advantages over PKI-based methods it does have its
drawbacks.
-
7/28/2019 Identity Based Cryptosystem
2/3
Some of the reasons why it is possible for identity based
cryptosystem to replace PKI are that readiness is
needed on the receiving end of an encrypted message. This is
essentially the most convincing element of
Identity-based cryptosystem. There is also no requirement to
manage a public key infrastructure, including
CRL administration.
Identity-based cryptosystem inbuilt key escrow attribute implies
that decryption and signature can happen
on the server. Whereas this is a disadvantage in Identity-based
cryptosystem since it removes non-
negation most of the time, it also makes other particular
attributes possible otherwise not attainable in PKI-
based systems in which the signer holds his/her private key.
Identity-based cryptosystem has enhanced user-friendliness by
having the PKG deal with cryptographic
processes for the user and needing no client-side deployment.
This can be particularly very strong in a
scenario where an organization wants to embrace a structure in
which all the messages of certain
confidentiality degree are automatically encrypted and signed.
The system administrator can indicate the
strategy that control if a message will be encrypted or signed
by use of utilities such as keyword search ofthe message content,
duration, or a common phrase match on the sender or recipient.
Additionally if a user
does not have to receive his or her private key, it can be
stored on the PKG, which in most case has
a much greater degree of security than a user's terminal (Dent
& Zheng, 2010).
Can Identity based cryptosystem be used for general purpose
authentication?
Cloud computing is a category of the emerging technologies,
highly customizable distributed computing
infrastructure in which computing resources are provided in form
of a service putting into consideration
parallel virtualization and Internet technologies. Some of the
cloud-based services are Software-as-a-
Service (SaaS) as well as Platform as a Service (PaaS). Some
examples are Amazons Elastic Compute
Cloud (EC2) and IBMs Blue Cloud. In relation to cloud computing
Identity -Based Cryptosystems has latelygotten significant
interest.
Through Identity-Based Cryptosystems, an identifier representing
a user can be changed into his or her
public key and applied on-the-fly with no authenticity
verification. The ability of Identity-Based
Cryptosystems to offer high flexibility to factors within a
security infrastructure and its certificate-free
method could very well fit the vibrant qualities of cloud
computing. In essence, it looks like the
enhancements in Identity-Based Cryptosystems can provide more
easy and scalable significant application
and management methods within cloud security infrastructures
than conventional public key
infrastructure(PKI) does. The application of Identity-Based
Cryptosystems in cloud computing is an
emerging, promising and attractive development (Kizza,
2005).
What other supporting systems will be needed
Other supporting systems for Identity-Based Cryptosystems in
future will be a new system infrastructure
with an unidentified private key generation protocol so that the
Key Generation Center (KGC) can give a
private key to an verified user with no knowledge of the list of
users identities. This also appropriately fits
the process that authentication should be carried out with the
local registration authorities (CA) instead of
-
7/28/2019 Identity Based Cryptosystem
3/3
the Key Generation Center (KGC). This idea can be regarded as
moderating the key escrow difficult in a
different perspective as opposed to distributed KGCs approach
(Fischer-Hubner, 2008).
Possible vulnerabilities and threats
Identity-Based Cryptosystems presumes the availability of a
Trusted Third Party (TTP), known as Private
Key Generator (PKG), which is tasked with generating the
matching user private key. Depending on a TTP
and applying an identity as the foundation of the scheme
translates into various weaknesses on the
system, as the innate key escrow problem (www.igi-global.com).
These systems allocate a specific
identifier to each user and object. Additionally, current
assignment techniques allow an intruder to
cautiously choose user IDs and concurrently get several
pseudo-identities, which eventually lead to the
capability of disrupting the peer to peer system in very
calculated and risky ways (Bidgoli, 2006).
References
Anderson, R. (2008) Security Engineering: A guide to building
Dependable Distributable Systems. 2nd ed.Indiana: Wiley Publishing,
Inc.
Bidgoli, H. (2006). Handbook of Information Security Volume 3.
Hoboken: John Wiley & Sons.
Dent, A, & Zheng, Y 2010, Practical Signcryption [Electronic
Book] / Alexander W. Dent, Yuliang Zheng,
Editors ; Foreword By Moti Yung, n.p.: Berlin ; Springer,
c2010., University of Liverpool Catalogue,
EBSCOhost, viewed 7 April 2013.
Fischer-Hbner, S 2008, The Future Of Identity In The Information
Society [Electronic Book] : Proceedings
Of The Third IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS International
Summer School On The Future Of Identity In
The Information Society, Karlstad University, Sweden, August
4-10, 2007 / Edited By Simone Fischer-
Hbner ... [Et Al.], n.p.: New York : Springer, c2008.,
University of Liverpool Catalogue, EBSCOhost,
viewed 7 April 2013.
Joye, M, & Neven, G 2009, Identity-Based Cryptography
[Electronic Book] Edited By Marc Joye And
Gregory Neven, n.p.: Amsterdam ; IOS Press, c2009., University
of Liverpool Catalogue, EBSCOhost,
viewed 7 April 2013.
Kizza, J 2005, Computer Network Security [Electronic Book] / By
Joseph Migga Kizza, n.p.: Boston, MA :
Springer Science+Business Media, Inc., 2005., University of
Liverpool Catalogue, EBSCOhost, viewed 7
April 2013.
![Access Control Schemes in Cloud: Taxonomy and Performancecomputing with RBAC in cloud computing [12]. 2.4. Identity-Based Encryption (IBE) IBE is a public key cryptosystem proposed](https://img.dokumen.tips/doc/110x75/5f21b3cf4d5a4b0bbd2d6a55/access-control-schemes-in-cloud-taxonomy-and-performance-computing-with-rbac-in.jpg)
![SMC-MuSe:AFrameworkforSecure Multi … · cryptosystem, e.g., the Paillier cryptosystem [FP01,Pai99]. An additively homomorphic cryptosystem allows the encryption of the sum of two](https://img.dokumen.tips/doc/110x75/5d5c31fc88c9931e238bc3e8/smc-museaframeworkforsecure-multi-cryptosystem-eg-the-paillier-cryptosystem.jpg)
