Disclaimer: This is an example of a student written essay.
Click here for sample essays written by our professional writers.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Comparison Of Ibe With Traditional Pki Information Technology Essay

Paper Type: Free Essay Subject: Information Technology
Wordcount: 2974 words Published: 1st Jan 2015

Reference this

The advent of E-Commerce, E-governance, the rapid development of information technique and the large-scale application of network technique, information security has been becoming more and more important to secure the digital information. It has been proven for years that this can be achieved by the cryptography techniques. The cryptosystem should provide the basic security services such as Confidentiality, Integrity, Authentication, and Non-repudiation. Encryption technology can protect the information and data’s confidentiality and the digital signature technology can achieve authentication, integrity, and repudiation which are the important requirement for data transmission networks. The cryptographers’ main problem today is not in choosing or implementing the secure algorithms based on traditional public key cryptography. The challenge today is developing an infrastructure to support the authenticity of a user’s public key. To address the shortcomings of PKI and to simplify key management, Shamir proposed a new technique known as identity-based public key cryptography. In this work a survey is made on the comparison of IBE with traditional PKI and the applications of IBE in different fields.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

Introduction IBE:

Identifier-based Encryption (IBE) is an emerging cryptography schema. It provides mechanisms to avoid the trust problems encountered in traditional certificate based public key infrastructures (PKI). In 1984, Shamir proposed the idea of identity-based cryptosystems to get rid of public key certificates. The first practical ID-based encryption scheme was that of Boneh and Franklin in 2001. In this cryptosystem the binding of a public key to its owner’s identity is not required. IBE allowing the user’s to calculate the public key of the receiver from the predetermined information that uniquely identifies them, such as their email address, social security number, etc. Each entity in the system sends his/her identity to a trusted third party called the Private Key Generator (PKG), to obtain the private key. The private key is computed using the private key of the PKG and the identity of the user. There is a need to provide an assurance to the user about the relationship between a public key and the identity of the holder of the corresponding private key. For various reasons, this makes implementation of the technology much easier, and delivers some added information security benefits. Compared with typical public-key cryptography, this greatly reduces the complexity of the encryption process for both users and administrators. An added advantage is that a message recipient doesn’t need advance preparation or specialized software to read the communication.

Identity-based encryption (IBE) is a public-key encryption technology that allows a public key to be calculated from an identity and the corresponding private key to be calculated from the public key. A public key can be calculated by anyone who has the necessary mathematical parameters that are needed for the calculation; a cryptographic secret is needed to calculate a private key, and the calculation can only be performed by a trusted server which has this secret.

In other words, it looks like this: Alice wants to send email to Bob that’s encrypted. They both trust a provider, PKG.

PKG publishes its parameters (PARAM)

Alice encrypts the message M with the ID BOB (bob_123@ex.com) and the public parameters PARAM

Bob requests private key from the PKG by proving his identity.

PKG send the private key to Bob.

Bob decrypts the cipher text with the private key.

Public Parameters












Comparison of IBE with Traditional PKI

Some of the properties of Identification Based PKC that distinguish it from conventional PKC are :

Easy-to-construct public keys: A public key is generated based on an entity’s identifier (and some public parameters) and used on-the-fly without the need for a certificate look-up or verification. In fact, a message can be encrypted before the relevant decryption key has been extracted. Any personal information, such as an email address, a photo, a phone number, a post address, etc. Any terms and conditions, such as a policy, a time, a role, etc. Any thing you can think about relative to a particular entity

In IBC public keys are generated from publicly identifiable information. This allows the sender to generate the public key of the receiver without having to do a search in a directory or ask the receiver for a copy of their public key.

just- in-time key: Calculation of both the public and private keys in an IBE-based system can occur as needed, resulting in just- in-time key material. This contrasts with other publickey systems, in which keys are generated randomly and distributed prior to secure communication commencing.

The public key can be any bit string, which may be chosen by the encrypting party. The corresponding private key can only be generated by a trusted third party – this need not be done at the same time as the public key is chosen. The trusted third party controls the release of the private key, so can limit its distribution to those parties who provide evidence of their right to have it. Parties who are issued with the private key can use it to decrypt content that was encrypted with the public key. With traditional public key cryptography, the generation of the keys, the publication of the associations between parties and their public keys and the management of all this require a dedicated secure infrastructure. Such an infrastructure is expensive, complex, does not scale well to large sizes, and does not easily extend to manage parties’ attributes, e.g., their roles and rights.

Because the decryption key does not need to be generated at the same time, or by the same entity, as the encryption key, the trusted third party can delay generating it until the receiving party has demonstrated its right to have it. So, there is no need for any party to store keys, thus easing the management problem considerably reducing the risk of inadvertently exposed keys compromising the secrecy of the protected content. A different key can be used, if desired, for every interaction between the sending and receiving parties

In a traditional Public Key Infrastructure (PKI), this assurance is delivered in the form of certificate, essentially a signature by a Certification Authority (CA) on a public key. The problems of PKI technology are well documented. Of note are the issues associated with certificate management, including revocation, storage and distribution and the computational cost of certificate verification. These are particularly acute in processor or bandwidth-limited environments. In the traditional public key infrastructure (PKI), certificates are used to provide an assurance of the relationship between public keys and the identities that hold the corresponding private keys. However, a PKI faces many challenges in practice, such as the scalability of the infrastructure and certificate management.

Certificate-free: 公钥密码安全系统面临的挑战不仅包括寻找和实现安全ç®-法,还包括建立支持用户公钥认证的基础设æ-½ã€‚In the traditional Public Key Infrastructure PKI, the certificate holder to ensure that public and private key corresponding to the link between identity and achieve public-key certification. 但是, PKI在实践中面临很多挑战例如可扩展æ€å’Œè¯ä¹¦çš„管理。 However, PKI in practice face many challenges such as scalability and certificate management. 为了è£å†³PKI的这些é-®é¢˜ç®€åŒ-证书的管理,Shamir在1984年提出了基于身份的公钥密码(ID-PKC)概念。 Using a private CA requires more administrative overhead. When you use a private CA, each client application that uses SSL to communicate with a server must obtain and store local copy of the private CA’s public certificate. Depending on the number of clients in your network, this may result in a higher management cost than purchasing certificates from a public CA whose CA certificate is often built into the client’s certificate database. IBC does not require certificates since public keys are computed from public identifiers. Thus the binding between an identity and a public key is 2 direct in IBC, rather than being enabled by a certificate as in conventional public key cryptography. Note that the size of an identifier may be negligible compared to the size of an X.509 certificate. This may present a significant advantage in terms of communication cost savings, particularly in applications where multiple certificates need to be transmitted between two nodes as part of SOAP messages.

Self-describing public keys: Since public keys are computed based on identifiers, which in turn, are predictable and human readable, no tools are needed to parse and render the keys, and simple text editors are sufficient for their manipulation. Unlike identity-based public keys, certificate-based public keys, such as RSA, have no discernible structure and require Base-64 encoding to render them in a more compact, printable textual form.

Natural hierarchical namespace: In HIBC, public keys can be formed from the concatenation of identifiers for nodes in a tree. This implies that the identity-based approach can be used to model the logical relationships between entities/principals at different levels of a hierarchical structure in a very natural way. This results in a simple and neat way of managing keys, particularly public key distribution and generation operations.

The ability to calculate a recipient’s public key, in particular, eliminates the need for the sender and receiver in an IBE-based messaging system to interact with each other, either directly or through a proxy such as a directory server, before sending secure messages.

Key benefits

No certificates needed. A recipient’s public key is derived from his identity.

No pre-enrollment required.

Keys expire, so they don’t need to be revoked. In a traditional public-key system, keys must be revoked if compromised.

Less vulnerable to spam.

Enables postdating of messages for future decryption.

Enables automatic expiration, rendering messages unreadable after a certain date.

Removes the need for encryptor/verifier to “look up a certificate”.

Puts the hassle on the person with the private key not the public key.

Simple to escrow secret keys, no need to worry about loss of data.

Could scale better than traditional PKI

40% of major corporate PKI projects fail due to complexity

Can combine keys to enable a complicated access control and permissions policy, using a flexible key semantics.

Provides natural methods for separation between communities of interest

Provides natural method to split up a single TA into multiple ones

Avoids a single point of failure

Adds to the key semantics

Empowers sender to determine under what conditions a recipient can decrypt

Easy to use: no need for Bob to lookup Alice’s cert

Bob can send mail to Alice even if Alice has no cert

Short lived private keys: revocation + mobility

Bob can send mail to be read at future date

Credentials: embed user credentials in public key

Easy to grant and revoke credentials at PKG

IBE (Ferris)required a far simpler infrastructure (meaning fewer servers and easier installation). Other findings showed that operating costs were one-fifth of those of public-key systems, and that IBE users were three times more productive than users of public-key cryptography.

One of the major advantages of any identity-based encryption scheme is that if there are only a finite number of users, after all users have been issued with keys the third party’s secret can be destroyed. This can take place because this system assumes that, once issued, keys are always valid (as this basic system lacks a method of key revocation). The majority of derivatives of this system which have key revocation lose this advantage.

Moreover, as public keys are derived from identifiers, IBE eliminates the need for a public key distribution infrastructure. The authenticity of the public keys is guaranteed implicitly as long as the transport of the private keys to the corresponding user is kept secure (Authenticity, Integrity, Confidentiality).

Find Out How UKEssays.com Can Help You!

Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.

View our services

Apart from these aspects, IBE offers interesting features emanating from the possibility to encode additional information into the identifier. For instance, a sender might specify an expiration date for a message. He appends this timestamp to the actual recipient’s identity (possibly using some binary format like X.509). When the receiver contacts the PKG to retrieve the private key for this public key, the PKG can evaluate the identifier and decline the extraction if the expiration date has passed. Generally, embedding data in the ID corresponds to opening an additional channel between sender and PKG with authenticity guaranteed through the dependency of the private key on the identifier.


IBE solutions may rely on cryptographic techniques that are insecure against code breaking quantum computer attacks (see Shor’s algorithm)

Because the PKG generates private keys for users, it may decrypt and/or sign any message without authorisation. This is not, however, an issue for organizations that host their own PKG and are willing to trust their system administrators.

The issue of implicit key escrow does not exist with the current PKI system wherein private keys are usually generated on the user’s computer. Depending on the context key escrow can be seen as a positive feature (e.g., within Enterprises). A number of variant systems have been proposed which remove the escrow including certificate-based encryption, secret sharing, secure key issuing cryptography and certificateless cryptography.

A secure channel between a user and the PKG is required for transmitting the private key on joining the system. Here, a SSL-like connection is a common solution for a large-scale system.

Requires a centralized server. IBE’s centralized approach implies that some keys must be created and held in escrow — and are therefore at greater risk of disclosure.

Requires a secure channel between a sender or recipient and the IBE server for transmitting the private key.


Certificate-based PKI

Identity-based PKI

Public key generation

Using random information

Using an explicit identifier

Private key generation

By a user or the CA

By the PKG

Key certification



Key distribution

Requiring integrity protected

Requiring an integrity and privacy

Channel for distributing

A new protected channel for distributing public key from a user to his CA.

a new private key from the TA to

its user

Public key retrieval

From a public directory or from the key owner

owner’s identifier

Escrow facility



History, though, has shown that public key encryption has signi_cant prac- tical problems. In particular, the sender has to be sure that the public key that they have is the correct public key for the receiver. Hence, we require public key infrastructures|a series of trusted third parties that can be relied upon to check a receiver’s identity and vouch for the connection between that identity and a particular public key. Public key management is the most costly, cumbersome and ine_cient part of any framework that makes use of public key cryptography. Identity-based (ID-based) cryptography was introduced by Shamir in 1984 [29]. The distinguishing property of ID-based cryptography is that a user’s public key can be any binary string, such as an email address that can identify the user. This removes the need for senders to look up the recipient’s public key before sending out an encrypted message. IDbased cryptography is supposed to provide a more convenient alternative to conventional public key infrastructure. Several practical ID-based signature schemes have been devised since 1984 [13], [15] but a satisfying ID-based encryption scheme only appeared in 2001 [6]. It was devised by Boneh and Franklin and cleverly uses bilinear maps (the Weil or Tate pairing) over supersingular elliptic curves.

Modern cryptography is all about searching for ways to not have to rely on the third party. Web of trust is one approach; the main drawback is that it leaves key management to the end users. The solution is not to make key management more expensive but to reduce the process and practices around it.本æ-‡é‡ç‚¹ç ”究了基于身份的加密、数å­-签名以及群签名技术,主要å-å¾-了以下研究成果: (1)系统地介绍了公钥密码体制和数å­-签名体制的基本概念及原理,概括了其发展概况、研究进展和æ-¹å‘,阐述了公钥密码学和数å­-签名技术在信息安全领域中的应用。

Because of the mathematics that underpin the algorithms, the creation of the private key requires the knowledge of a master secret that is held by the Trusted Authority (TA), who is the analogue of the CA in a PKI.


Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: