论文信息 - Minimal-Overhead IP Security using Identity Based Encryption

Minimal-Overhead IP Security using Identity Based Encryption

In this paper we propose a new network layer security protocol that allows encrypted and authenticated communication between hosts. The new protocol has a number of advantages over existing protocols, including: no initial handshake to establish a connection, zero packet overhead, no per-host state and simpler key distribution. The protocol achieves these goals by using identitybased encryption to generate a secret that is shared between two hosts. We have implemented the cryptographic algorithm and the protocol and integrated them into the Linux networking stack. We analyze the security of the protocol, show that with a small modification it has the minimal possible overhead and give experimental results on its performance.

Guido Appenzeller | Ben Lynn

[1] Paulo S. L. M. Barreto,et al. Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[2] A. Shamm. Identity-based cryptosystems and signature schemes , 1985 .

[3] John Ioannidis,et al. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[4] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[5] Joan Daemen,et al. AES Proposal : Rijndael , 1998 .

[6] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7] Amos Fiat,et al. How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[8] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[9] Ben Lynn,et al. Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[10] Kenneth G. Paterson,et al. ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[11] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[12] Bruce Schneier,et al. A Cryptographic Evaluation of IPsec , 1999 .