论文信息 - WebIBC: Identity Based Cryptography for Client Side Security in Web Applications

WebIBC: Identity Based Cryptography for Client Side Security in Web Applications

The growing popularity of web applications in the last few years has led users to give the management of their data to online application providers, which will endanger the security and privacy of the users. In this paper, we present WebIBC, which integrates public key cryptography into web applications without any browser plugins. The public key of WebIBC is provided by identity based cryptography, eliminating the need of public key and certificate online retrieval; the private key is supplied by the fragment identifier of the URL inspired by BeamAuth. The implementation and performance evaluation demonstrate that WebIBC is secure and efficient both in theory and practice.

[1] Kenneth G. Paterson,et al. ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[2] David A. Wagner,et al. Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[3] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4] Dan Boneh,et al. Protecting browsers from dns rebinding attacks , 2007, CCS '07.

[5] Philip R. Zimmermann,et al. The official PGP user's guide , 1996 .

[6] Bruce Schneier,et al. Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[7] Alfred Menezes,et al. Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[8] Clifford C. Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[9] Florian Hess,et al. Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[10] Dan Boneh,et al. Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[11] Ben Adida,et al. Beamauth: two-factor web authentication with a bookmark , 2007, CCS '07.

[12] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13] Xavier Boyen,et al. General Ad Hoc Encryption from Exponent Inversion IBE , 2007, EUROCRYPT.

[14] Roy T. Fielding,et al. Uniform Resource Identifier (URI): Generic Syntax , 2005, RFC.