ON USE OF IDENTITY-BASED ENCRYPTION FOR SECURE EMAILING

Christian Veigner, Chunming Rong

Abstract

In 1984 Adi Shamir requested a solution for a novel public-key encryption scheme, called identity-based encryption. The original motivation for identity-based encryption was to help the deployment of a public-key infrastructure. The idea of an identity-based encryption scheme is that the public key can be any arbitrary string, for example, an email address, a name or a role. Several solutions were proposed in the following years. In 2001 the first practical and efficient scheme was proposed by Boneh and Franklin. Their encryption scheme was based on the Weil pairing on elliptic curves and proved secure in the random oracle model. In 2005, a new promising suggestion due to Waters was proposed, this time as an efficient solution without random oracles. An identity-based encryption (IBE) scheme does not need to download certificates to authenticate public keys as in a public-key infrastructure (PKI). A public key in an identity-based cryptosystem is simply the receiver’s identity, e.g. an email address. As often, when new technology occurs, the focus is on the functionality of the technology and not on its security. In this paper we briefly review about identity-based encryption and decryption, particularly, the Boneh-Franklin algorithms. Later on we show that IBE schemes used for secure emailing render spamming far easier for spammers compared to if a PKI certificate approach is used. With the IBE approach, viruses may also be spread out more efficiently.

References

  1. Shamir, A., 1985. “Identity-based cryptography and signature schemes”, Advances in Cryptology, CRYPTO'84, Lecture Notes in Computer Science, vol. 196, pp. 47-53.
  2. Feige, U., Fiat, A., Shamir, A., 1988. “Zero-knowledge proofs of identity”, J. Cryptology, vol. 1, pp. 77-94.
  3. Fiat, A., Shamir, A., 1986 “How to prove yourself: practical solutions to identification and signature problems”, In Proceedings of CRYPTO'86, pp. 186- 194.
  4. Boneh, D., Franklin, M., 2001. “Identity-based encryption from the Weil pairing”, in Advances in Cryptology, CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, pp. 213-229.
  5. Boyen, X., 2003. “Multipurpose Identity-based signcryption, a Swiss army knife for identity-based cryptography”, in Proceedings of the 23rd Interna. Conf. On Advances in Cryptology, Lecture Notes in Computer Science, vol. 2729, pp. 383-399.
  6. Chen, L., Kudla, C., 2002. “Identity-based authenticated key agreement protocols from pairings”, Cryptology ePrint Archive, Report 2002/184, http://eprint.iacr.org/2002/184.
  7. Lynn, B., 2002. “Authenticated identity-based encryption”, Cryptology ePrint Archive, Report 2002/072, http://eprint.iacr.org/2002/072.
  8. Waters, B., 2004. “Efficient Identity-Based Encryption Without Random Oracles”, Cryptology ePrint Archive, Report 2004/180, http://eprint.iacr.org/2004/180.
  9. Voltage security, 2004. E-mail Security - The IBE Advantage.
  10. Veigner, C., Rong, C., 2006. ”Identity-Based Key Agreement and Encryption for Wireless Sensor Networks”, in preprint.
  11. Veigner, C., Rong, C., 2006. “Simulating Identity-Based Key Agreement For Wireless Sensor Networks”, in preprint.
  12. DES (Data Encryption Standard), FIPS 46-2, http://www.itl.nist.gov/fipspubs/fip46-2.htm
  13. AES (Advanced Encryption Standard), FIPS 197, http://csrc.nist.gov/CryptoToolkit/aes/
  14. Schlegel, R., Vaudenay, S., Dec. 2005. “Enforcing Email Addresses Privacy Using Tokens”, In Information Security and Cryptology LNCS 3822, First SKLOIS Conference (CISC 2005), pp. 91-100, Springer-Verlag.
  15. Roman, R., Zhou, J., Lopez, J., May 2005. ”Protection against Spam using Pre-Challenges”, In Security and Privacy in the Age of Ubiquitous Computing IFIP TC11, 20th International Information Security Conference (Sec'05), pp. 281-294, Springer-Verlag.
  16. Harris, E., 2003. The Next Step in the Spam Control War: Graylisting.
  17. Delany, M., 2005. Domain-based Email Authentication Using Public-Keys Advertised in the DNS (DomainKeys). IETF Draft.
  18. Ioannidis, J., Febr. 2003. Fighting Spam by Encapsulating Policy in Email Addresses, Symposium on Network and Distributed Systems Security (NDSS 2003).
  19. Cranor, L., LaMacchia, B., Aug. 1998. “SPAM!”, Communications of the ACM, 41(8) pp. 74-83.
  20. Abadi, M., Birrell, A., Burrows, M., Dabek, F., Wobber, T., Dec. 2003 “Bankable Postage for Network Services”, 8th Asian Computing Science Conference.
Download


Paper Citation


in Harvard Style

Veigner C. and Rong C. (2006). ON USE OF IDENTITY-BASED ENCRYPTION FOR SECURE EMAILING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 289-296. DOI: 10.5220/0002099502890296


in Bibtex Style

@conference{secrypt06,
author={Christian Veigner and Chunming Rong},
title={ON USE OF IDENTITY-BASED ENCRYPTION FOR SECURE EMAILING},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={289-296},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002099502890296},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - ON USE OF IDENTITY-BASED ENCRYPTION FOR SECURE EMAILING
SN - 978-972-8865-63-4
AU - Veigner C.
AU - Rong C.
PY - 2006
SP - 289
EP - 296
DO - 10.5220/0002099502890296