What can identity-based cryptography offer to web services?

Web services are seen as the enabler of service-oriented computing, a promising next generation distributed computing technology. Independently, identity-based cryptography is emerging as a serious contender to more conventional certificate-based public key cryptography. However, the application of identity-based cryptography in web services appears largely unexplored. This paper sets out to examine how identity-based cryptography might be used to secure web services. We show that identity-based cryptography has some attractive properties which naturally suit the message-level security needed by web services.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[3]  Madhusudhan Govindaraju,et al.  Investigating the limits of SOAP performance for scientific computing , 2002, Proceedings 11th IEEE International Symposium on High Performance Distributed Computing.

[4]  Thomas J. Mowbray,et al.  The essential CORBA - systems integration using distributed objects , 1995 .

[5]  Jothy Rosenberg,et al.  Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption , 2004 .

[6]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[7]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[8]  Kenneth G. Paterson,et al.  Identity-based cryptography for grid security , 2005, First International Conference on e-Science and Grid Computing (e-Science'05).

[9]  Francisco Curbera,et al.  Web services description language (wsdl) version 1. 2 , 2001 .

[10]  Eric Newcomer,et al.  Understanding Web Services: XML, WSDL, SOAP, and UDDI , 2002 .

[11]  Gustavo Alonso,et al.  Web Services: Concepts, Architectures and Applications , 2009 .

[12]  Kenneth G. Paterson,et al.  Cryptography in Theory and Practice: The Case of Encryption in IPsec , 2006, EUROCRYPT.

[13]  Munindar P. Singh,et al.  Service-Oriented Computing: Key Concepts and Principles , 2005, IEEE Internet Comput..

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[16]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[17]  Russ Housley,et al.  Advanced Encryption Standard (AES) Key Wrap Algorithm , 2002, RFC.

[18]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[19]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[20]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[21]  Refik Molva,et al.  Policy-Based Cryptography and Applications , 2005, Financial Cryptography.

[22]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[23]  Kenneth G. Paterson,et al.  A comparison between traditional public key infrastructures and identity-based cryptography , 2003, Inf. Secur. Tech. Rep..

[24]  Robert Richards,et al.  Universal Description, Discovery, and Integration (UDDI) , 2006 .

[25]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[26]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[27]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[28]  K. Paterson,et al.  A Certificate-Free Grid Security Infrastructure Supporting Password-Based User Authentication ∗ , 2007 .

[29]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[30]  Sam Hartman,et al.  The Perils of Unauthenticated Encryption: Kerberos Version 4 , 2004, NDSS.

[31]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[32]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[33]  J. Roy,et al.  Understanding Web services , 2001 .

[34]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[35]  Hugo Krawczyk,et al.  The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[36]  Anura Gurugé,et al.  Universal Description, Discovery, and Integration , 2004 .

[37]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[38]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[39]  Chanathip Namprempre,et al.  Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm , 2004, TSEC.

[40]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[41]  Donald E. Eastlake,et al.  (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.

[42]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[43]  Srilekha Mudumbai,et al.  Certificate-based authorization policy in a PKI environment , 2003, TSEC.

[44]  Liqun Chen,et al.  Applications of Multiple Trust Authorities in Pairing Based Cryptosystems , 2002, InfraSec.

[45]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[46]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[47]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[48]  Jason Crampton,et al.  Role Signatures for Access Control in Grid Computing , 2007 .

[49]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[50]  Geraint Price PKI Challenges: An Industry Analysis , 2005, IWAP.

[51]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[52]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[53]  Christoph Bussler,et al.  Enterprise Application Integration , 2005, Encyclopedia of Database Technologies and Applications.

[54]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[55]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[56]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.