Escolar Documentos
Profissional Documentos
Cultura Documentos
net/publication/281373468
CITATION READS
1 503
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Reham Mohamed on 31 August 2015.
Mohamed M. Ezz
Associate professor
Systems and Computers Engineering Department,
Faculty of Engineering, Al-Azhar University,
Cairo, Egypt.
Email: ezz.mohamed@gmail.com.
Hany M. Harb
Head of Systems and Computers Engineering
Systems and Computers Engineering Department,
Faculty of Engineering, Al-Azhar University,
Cairo, Egypt.
Email: harbhany@yahoo.com.
Abstract – Cryptography techniques play an important role in Index Terms – Asymmetric cryptography, PKI, IBC, CL-PKC,
modern world. The purpose of such techniques is to ensure the Certificate, Key escrow, Revocation.
contents being unreadable to anyone except for parties who
agreed to use some specific scheme. Moreover, current
cryptography techniques provide more sophisticated services, 1. INTRODUCTION
such as message integrity, authentication, time stamping, and Cryptography can be divided into two main approaches:
many others. There are two main approaches for cryptography:
private-key cryptography (symmetric-key) and public-key
private-key cryptography and public-key cryptography (PKC).
In this paper we focus on PKC techniques giving a comparison
cryptography (asymmetric-key). The Symmetric-Key
between three main techniques, namely, Public key approach was the only type of encryption until the public-key
Infrastructure (PKI), Identity- Based Cryptography (IBC) and encryption was developed in the 1970s. All traditional
Certificate less Public Key Cryptography (CL-PKC). In this schemes are symmetric / private-key encryption algorithms, in
research, a brief definition, advantages and disadvantages and which encryption and decryption are performed by a single
analysis of main problem, namely, the revocation problem, are key. In other words, one shared key is known to both sender
introduced for the three techniques. Also, a variety of available and receiver so, encrypting and decrypting messages can be
solutions to overcome the revocation problem in each technique performed by that common key. Although encryption of
are highlighted. Finally, some common applications and schemes
symmetric key data is relatively easy compared to public key
for each technique are summarized.
techniques, it has several problems including secret key
agreement between different parties. The robustness of
1. Key escrow property that is inherent in all IBC 1) Boneh and Franklin suggested that users can periodically
systems since PKG knows the private keys of all obtain new private keys in IBC systems. In other words, the
users in the system. As it is mentioned earlier, user should attach a time period to the string that represents
this feature may be considered as an advantage its public key in IBE schemes and send to PKG to obtain the
in some cases, so IBC adopters may need to private key that will be valid only during that period and the
decide whether they need this feature or not. user should connect again to PKG in order to obtain a new
2. Establishing a secure channel between each user private key for a new period and so on. For example, Bob
and his PKG in order to deliver each private key (receiver) publishes bob@secworld.com||June, 2015 as his
to the correct user securely. public key and so the private key associated with that
3. IBC technique cannot provide a true non- identity will be valid only during June, 2015. In order to
repudiation since PKG could forge the signature revoke a specific user in the identity based system, the PKG
of any user.PKG requires a higher level of is ordered to stop issuing new keys for the identity of that
assurance and availability than is required for user or according to the example, PKG is instructed to stop
CA in PKI technique as it holds the private keys issuing new private keys for Bob's e-mail address and as a
of all users in IBC system. result, Bob becomes unable to read his email messages [12].
4. PKG must be available (online) to provide users Unfortunately, this solution makes all users to regularly
with their private keys and this may increase its communicate with PKG, authenticate themselves to it and
vulnerability to attack whereas CA may be obtain new private keys regardless of whether their keys
disconnected (offline) from the network, so have been exposed or not. For all these transactions, PKG
extra care is required to secure PKG s. must be online and also a secure channel between PKG and
5. Compromising the master-key of PKG could be each user must be established in order to securely deliver
more severe than compromising of CA’s private the private key to its user. As a result, this may become a
key in conventional PKI. bottleneck in systems with large number of users.
6. In IBC systems, each user needs to authenticate
himself to its PKG for obtaining the private key 2) Alternatively, in order to avoid the need for secure
in the same way as when he authenticates channels and regularly interactions with PKG, it is
himself to CA for obtaining the certificate in introduced another solution such that PKG can encrypt the
PKI technique. new keys of non-revoked users using their identities and the
7. The use of IBC technique may be restricted to previous time period, then sends the ciphertexts to these
closed, small groups or to applications with users or can post on line. In this approach, for every key
limited security requirements for the previous update it is required one key generation and one encryption
reasons. operation to be performed by PKG for every non-revoked
user in the system. This solution is like the previous one
It is also worthy to mention that the practical difference since the work required from PKG is linearly increased with
between IBC and most PKI systems is that PKI systems can the number of users, so it may be unable to scale well when
provide un-repudiated digital signature schemes as key the number of users increase [13].
escrow feature isn't included in it. However, PKI systems also
don't provide a perfect level of non-repudiation as CA is 3) It is also introduced a method to renew the private keys
always reported by the compromised key after a time frame. of users periodically without interacting with PKG. In this
On the other hand, IBC systems can achieve some level of method, PKG posts key update information publicly which
non-repudiation that is always related to the level of trust at is considered as a more convenient. This solution can be
PKG, it should not exploit its knowledge of private keys for considered cumbersome since each user needs to own a
all users to sign messages or it can sign messages only in case tamper-resistant hardware device [13].
of user's request.
Public Key Public/Private key Trusted Certificate Key Non Encryption Trust level TTP
Technique Third Party escrow repudiation operation [26] assumptions
(PU/PR) problem needs
(TTP)
PKI PU key is randomly CA Certificate is Not exist can be achieved Sender should It achieves CA should be
generated and doesn't needed for properly know trust level 3 trusted
depend on user's each user to (guaranteed)
identity (ID). bind
(ID+PU).
Receiver's PU not to issue
and its false certificates
Key pair generation certificate.
method is different
according to the
protocol used (ex.
RSA, Elliptic curve)
IBC PU: is derived directly PKG No need for Exists can't be Sender should It achieves PKG should be
from user's ID. certificate. guaranteed know trust level 1 trusted
(both user
and PKG (key escrow Receiver's ID
know user's problem) only.
PR: is generated by PR) not to use user's
PKG based on PKG's PR keys to
master key and user's perform passive
ID attacks
CL-PKC PU: is derived using KGC No need for Not exist can be achieved Sender should It achieves KGC should
user's secret value and certificate properly know Receiver's trust level 2 be trusted
KGC's public (guaranteed) PU and its ID.
parameters.
and can not to perform
enhanced to
User's secret value achieve active attacks
depends on user's ID trust level 3 by replacing
and KGC's public public keys with
parameters. false ones.
[1] W.Stallings, Cryptography and Network Security, 4/E. Pearson [18] Vertoda, “An Overview of Identity Based Encryption,” White Pap.,
Education India, 2006. pp. 1–29, 2009.
[2] A. Jancic and M. J. Warren, “PKI-Advantages and Obstacles.,” in [19] C. Cocks, “An identity based encryption scheme based on quadratic
AISM, 2004, pp. 104–114. residues,” in Cryptography and Coding, Springer, 2001, pp. 360–
363.
[3] J. Linn, “An examination of asserted PKI issues and proposed
alternatives,” 2004. [20] J. Horwitz and B. Lynn, “Toward hierarchical identity-based
encryption,” in Advances in Cryptology—EUROCRYPT 2002,
[4] D. A. Cooper, “A closer look at revocation and key compromise in 2002, pp. 466–481.
public key infrastructures,” in Proceedings of the 21st National
Information Systems Security Conference, 1998, pp. 555–565. [21] J. Baek and Y. Zheng, “Identity-based threshold decryption,” in
Public Key Cryptography--PKC 2004, Springer, 2004, pp. 262–
[5] O. Kessler and O. S. Ag, “The Certificate Revocation Framework,” 276.
no. March, 2000.
[22] F. Zhang and K. Kim, “ID-based blind signature and ring signature
[6] “Applications Enabled by PKI.” [Online]. Available: from pairings,” in Advances in cryptology—ASIACRYPT 2002,
http://www.dartmouth.edu/~deploypki/materials/modules/applicatio Springer, 2002, pp. 533–547.
ns/appsmenu.htm#_Toc49051841. [Accessed: 09-Jan-2015].
[23] X. Boyen, “Multipurpose identity-based signcryption,” in Advances
[7] C. Youngblood, “An Introduction to Identity-Based Cryptography,” in Cryptology-CRYPTO 2003, Springer, 2003, pp. 383–399.
CSEP 590TU, 2005.
[24] S. S. D. Selvi, S. S. Vivek, R. Gopalakrishnan, N. N. Karuturi, and
[8] J. Baek, J. Newmarch, R. Safavi-Naini, and W. Susilo, “A survey C. P. Rangan, “Provably Secure ID-Based Broadcast Signcryption
of identity-based cryptography,” in Proc. of Australian Unix Users (IBBSC) Scheme.,” IACR Cryptol. ePrint Arch., vol. 2008, p. 225,
Group Annual Conference, 2004, pp. 95–102. 2008.
[9] “voltage security site.” [Online]. Available: [25] S. S. Al-Riyami and K. G. Paterson, “Certificateless public key
http://www.voltage.com/. [Accessed: 09-Jan-2015]. cryptography,” in Advances in Cryptology-ASIACRYPT 2003,
Springer, 2003, pp. 452–473.
[10] G. Ateniese and B. de Medeiros, “Identity-based chameleon hash
and applications,” in Financial Cryptography, 2004, pp. 164–180. [26] T. K. Mandt, “Certificateless Authenticated Two-Party Key
Agreement Protocols, Master’s Thesis,” 2006.
[11] A. Mariš, “Survey of cryptographic pairing schemes,” 2012.
Authors