Another method or implementation of cryptography is the Identity based which derives from the public-key cryptography. Initially developed by Shamir in 1984, the ID-based cryptography uses publicly known information as a public key, the key can be the Email, IP address …etc. It is an extension of the public key paradigm, the ID-based cryptographic protocol is a set of 4 algorithms, which solves the cryptographic problem, two of four are specific to the Identity based paradigm. The 1st generates the mpk (cryptosystem parameters) and the msk (master key) this algorithm is called Setup, run by the key generation centre, it publishes the mpk and keeps the msk secret. The 2nd algorithm generates the usk (private key of the user) by the use of mpk, the user ID and the msk (master secret). This algorithm is called the KeyGen and is also run by key generation centre when a user requests his private (the key generation centre is responsible of checking that the users match their claimed identities) (Marc & Gregory, 2009).
What is the main application area for Identity Based Cryptography (IBC)? ID-based cryptography can be applied to different scenarios and we can imagine different applications such:
1- Revocation of Public keys, in the ‘standard’ public key certifications, the expiration date is pre-set and defined at the creation time, whereas using IBC a sender can use the public key and define a time period during which the key might be valid, i.e. “firstname.lastname@example.org ∥ current-year”. Bob can use his private key during the current year only.
2- Delegation of duties, if we suppose that Bob receives emails encrypted using the subject, with his master-key, Bob will be able to read these emails. If Bob has several assistants, each in charge of specific area (project, finance, IT), he can provide each assistant with a private key, which allow each one to read only that specific type of emails.
Can it be used for general-purpose authentication? The ID-based cryptography is a good and easy-to-implement authentication approach, but for specific areas, it cannot be used for general-purpose authentication due to the publicly known information which is the users’ phone, ip or email address. This is the only needed information to find a person’s public key. It is also difficult or impossible to revoke someone’s credentials without changing his/her ID.
If we deploy Identity Based Cryptosystem, do we still need password?
ID-Based cryptosystem relies on someone’s unique identifier (in general Email), we will certainly cut or reduce the usage of passwords, however we can’t get rid of all passwords as users still need to authenticate and proof that they are who they claim to be.
Will identity based cryptosystem replace PKI?
ID-based cryptosystem is in its own definition a specific implementation or variety of PKI. In the design of PKI it is necessary to provide a way for Bob to find Alice’s key by the use of repository. There is also the trust issue, how can Bob know that Alice’s public key is really Alice’s? We can use certificates for this issue.
PKI in general contains some components (Registration Authority RA, Certification Authority CA, Directory Service and Revocation service), which are different from those used in ID-based system.
Possible vulnerabilities and threats
The inherent key escrow property can be in some cases an advantage; most of companies or users who chose to adopt this cryptosystem would like to have the possible to choose if they want or not this feature. In addition to this, the ID-based cryptosystems show the same weakness as the PKI in term of non-repudiation (it will always be a matter of time frame before compromising a key) (Youngblood ,2005).
– Marc Joye, Gregory Neven (2009) Identity-based Cryptography. Volume 2 of Cryptology and information security series. IOS Press, 2009. ISSN 1871-6431.
– Dan Boneh & Matt Franklin (2001). Identity-Based Encryption from the Weil Pairing. CRYPTO 2001, LNCS 2139, pp. 213–229, 2001. Springer-Verlag Berlin Heidelberg 2001.
– Carl Youngblood (2005). An Introduction to Identity-based Cryptography. CSEP 590TU, available at: https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/youngblood_csep590tu_final_paper.pdf