Upload
jagjit-kaur
View
216
Download
0
Embed Size (px)
Citation preview
7/28/2019 Identity Based Cryptosystem
1/3
Introduction
Identity-based public key encryption enables easy initiation of public key cryptography by enabling an
entitys public key to be obtained from a random identification element, such as an email address or a
name. The main sensible advantage of identity-based cryptography is in tremendously minimizing the need
for as well as dependence on, public key certificates. Whereas various fascinating identity-based systems
have been built in the past, there is none that is compatible with common public key encryption algorithms
like the El Gamal and Rivest-Shamir-Adleman (RSA). This restricts the service of identity-based
cryptography as an on-going stage to full-scale public key cryptography. Additionally, it is essential
challenging to resolve fine grained recall with identity-based cryptography.
Mediated RSA (mRSA) is an easy and realistic technique of sharing a RSA private key between the user
and a Security Mediator (SEM). None of the user or the SEM can deceive one another because each
cryptographic operation regardless of whether it the signature or decryption entails both elements. mRSA
permits rapid and fine-grained management of users security privileges. Nevertheless, mRSA nonetheless
depends on the conventional public key certificates to hold and communicate public keys.
Therefore a password is not needed in the subsequent attempts in Identity based Cryptosystem because in
an ordinary public key infrastructure (PKI) deployment, a users public key is specifically fixed in a public
key certificate which is, fundamentally, a combination between the certificate holders identity and the
requested public key. This standard form requires universal trust in certificate issuers that is Certification
Authorities (Joye & Neven, 2009).
Will identity based cryptosystem replace PKI
Looking at the current trends, it is almost certain that, Identity Based Cryptosystem (IBC) will replace Public
Key infrastructure (PKI). One noticeable drawback to extensive implementation of public-key cryptographyis its reliance on a public-key infrastructure that is split between its users. Prior to secure communications
can be initiated, both sender and receiver must produce encryption and signature matched up keys, send
certificate requests together with evidence of identity to a Certificate Authority (CA), and get CA-signed
certificates, which they can then make use of in authentication both ways and communicate encrypted
messages. This process can be slow as well as be subject to errors, and is particularly unfriendly to new
computer users.
In most instances, people who can receive encrypted email are also unable to transmit secure messages to
other people because of poor or no readiness, minimal interoperability, hardware limitations or insufficient
technical expertise on the receiving end. Putting into consideration the need to pass and receive
information and the intricacy of PKI-based cryptography, communication that can benefit from added
security is regularly carried out in the open. Therefore in essence Identity-based cryptosystem (IBC) tries to
minimize these obstacles by demanding no readiness on the receiving end. Although it offers various
advantages over PKI-based methods it does have its drawbacks.
7/28/2019 Identity Based Cryptosystem
2/3
Some of the reasons why it is possible for identity based cryptosystem to replace PKI are that readiness is
needed on the receiving end of an encrypted message. This is essentially the most convincing element of
Identity-based cryptosystem. There is also no requirement to manage a public key infrastructure, including
CRL administration.
Identity-based cryptosystem inbuilt key escrow attribute implies that decryption and signature can happen
on the server. Whereas this is a disadvantage in Identity-based cryptosystem since it removes non-
negation most of the time, it also makes other particular attributes possible otherwise not attainable in PKI-
based systems in which the signer holds his/her private key.
Identity-based cryptosystem has enhanced user-friendliness by having the PKG deal with cryptographic
processes for the user and needing no client-side deployment. This can be particularly very strong in a
scenario where an organization wants to embrace a structure in which all the messages of certain
confidentiality degree are automatically encrypted and signed. The system administrator can indicate the
strategy that control if a message will be encrypted or signed by use of utilities such as keyword search ofthe message content, duration, or a common phrase match on the sender or recipient. Additionally if a user
does not have to receive his or her private key, it can be stored on the PKG, which in most case has
a much greater degree of security than a user's terminal (Dent & Zheng, 2010).
Can Identity based cryptosystem be used for general purpose authentication?
Cloud computing is a category of the emerging technologies, highly customizable distributed computing
infrastructure in which computing resources are provided in form of a service putting into consideration
parallel virtualization and Internet technologies. Some of the cloud-based services are Software-as-a-
Service (SaaS) as well as Platform as a Service (PaaS). Some examples are Amazons Elastic Compute
Cloud (EC2) and IBMs Blue Cloud. In relation to cloud computing Identity -Based Cryptosystems has latelygotten significant interest.
Through Identity-Based Cryptosystems, an identifier representing a user can be changed into his or her
public key and applied on-the-fly with no authenticity verification. The ability of Identity-Based
Cryptosystems to offer high flexibility to factors within a security infrastructure and its certificate-free
method could very well fit the vibrant qualities of cloud computing. In essence, it looks like the
enhancements in Identity-Based Cryptosystems can provide more easy and scalable significant application
and management methods within cloud security infrastructures than conventional public key
infrastructure(PKI) does. The application of Identity-Based Cryptosystems in cloud computing is an
emerging, promising and attractive development (Kizza, 2005).
What other supporting systems will be needed
Other supporting systems for Identity-Based Cryptosystems in future will be a new system infrastructure
with an unidentified private key generation protocol so that the Key Generation Center (KGC) can give a
private key to an verified user with no knowledge of the list of users identities. This also appropriately fits
the process that authentication should be carried out with the local registration authorities (CA) instead of
7/28/2019 Identity Based Cryptosystem
3/3
the Key Generation Center (KGC). This idea can be regarded as moderating the key escrow difficult in a
different perspective as opposed to distributed KGCs approach (Fischer-Hubner, 2008).
Possible vulnerabilities and threats
Identity-Based Cryptosystems presumes the availability of a Trusted Third Party (TTP), known as Private
Key Generator (PKG), which is tasked with generating the matching user private key. Depending on a TTP
and applying an identity as the foundation of the scheme translates into various weaknesses on the
system, as the innate key escrow problem (www.igi-global.com). These systems allocate a specific
identifier to each user and object. Additionally, current assignment techniques allow an intruder to
cautiously choose user IDs and concurrently get several pseudo-identities, which eventually lead to the
capability of disrupting the peer to peer system in very calculated and risky ways (Bidgoli, 2006).
References
Anderson, R. (2008) Security Engineering: A guide to building Dependable Distributable Systems. 2nd ed.Indiana: Wiley Publishing, Inc.
Bidgoli, H. (2006). Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons.
Dent, A, & Zheng, Y 2010, Practical Signcryption [Electronic Book] / Alexander W. Dent, Yuliang Zheng,
Editors ; Foreword By Moti Yung, n.p.: Berlin ; Springer, c2010., University of Liverpool Catalogue,
EBSCOhost, viewed 7 April 2013.
Fischer-Hbner, S 2008, The Future Of Identity In The Information Society [Electronic Book] : Proceedings
Of The Third IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS International Summer School On The Future Of Identity In
The Information Society, Karlstad University, Sweden, August 4-10, 2007 / Edited By Simone Fischer-
Hbner ... [Et Al.], n.p.: New York : Springer, c2008., University of Liverpool Catalogue, EBSCOhost,
viewed 7 April 2013.
Joye, M, & Neven, G 2009, Identity-Based Cryptography [Electronic Book] Edited By Marc Joye And
Gregory Neven, n.p.: Amsterdam ; IOS Press, c2009., University of Liverpool Catalogue, EBSCOhost,
viewed 7 April 2013.
Kizza, J 2005, Computer Network Security [Electronic Book] / By Joseph Migga Kizza, n.p.: Boston, MA :
Springer Science+Business Media, Inc., 2005., University of Liverpool Catalogue, EBSCOhost, viewed 7
April 2013.