Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC

Effective widespread deployment of cryptographic technologies such as secure email and IPsec has been hampered by the difficulties involved in establishing a large scale public key infrastructure, or PKI. Identity-based cryptography (IBC) can be used to ameliorate some of this problem. However, current approaches to using IBC for email or IPsec require a global, trusted key distribution center. In this paper, we present DNSIBC, a system that captures many of the advantages of using IBC, without requiring a global trust infrastructure. The resulting system can be configured to require almost no user intervention to secure both email and IP-based network traffic. We have built a preliminary implementation of this system in Linux.

[1]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[2]  Paul E. Hoffman,et al.  S/MIME Version 2 Message Specification , 1998, RFC.

[3]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[4]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[5]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[6]  Guido Appenzeller,et al.  Minimal-Overhead IP Security using Identity Based Encryption , 2002 .

[7]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[8]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[9]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[10]  Hyang-Sook Lee,et al.  IDENTITY BASED AUTHENTICATED KEY AGREEMENT FROM PAIRINGS , 2005 .

[11]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[12]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[14]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[15]  Liqun Chen,et al.  Applications of Multiple Trust Authorities in Pairing Based Cryptosystems , 2002, InfraSec.

[16]  Derrell Piper,et al.  The Internet IP Security Domain of Interpretation for ISAKMP , 1998, RFC.

[17]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[18]  Scott Rose,et al.  Limiting the Scope of the KEY Resource Record (RR) , 2002, RFC.

[19]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[20]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[21]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[22]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[23]  Donald E. Eastlake,et al.  Storing Certificates in the Domain Name System (DNS) , 1999, RFC.

[24]  Kenneth G. Paterson,et al.  ID-based Signatures from Pairings on Elliptic Curves , 2002, IACR Cryptol. ePrint Arch..

[25]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[26]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[27]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.