Cryptography Reference
In-Depth Information
6.4 ID-Based Key-Distribution Schemes
The concept of identity-based cryptography IBC, first introduced by Shamir in 1984,
led to several efficient IBC-based signature schemes (Shamir 1984). However, non-
mediated IBC-based encryption (IBE) has proven to be much more challenging, and
it is only recently that practical IBE schemes have been found. The first efficient and
secure IBE scheme was presented by Boneh and Franklin in 2001, which employs Weil
pairing on elliptic curves and is considered more efficient than using regular RSA-
based counterparts (Boneh and Franklin 2001). Its security is based on the bilinear
Diffie-Hellman problem (BDHP), which is considered secure in the random oracle
model (Bellare and Rogaway 1993).
The Boneh-Frank lin (BF-IBE) scheme is semantically secure against chosen cipher-
text attacks, even when an adversary has the private key of any entities other than the
one being attacked. Lynn extended the BF-IBE scheme to provide message authenticity
without extra computation cost—i.e., receivers can verify the identity of senders and
whether the received messages have already been tampered with, even without resort-
ing to digital signatures (Lynn 2002).
Based on the latest advances in IBC and related techniques, in the following sec-
tion we explore ID-based key-management schemes to bootstrap secure communi-
cations among identifiable peers in wireless ad-hoc networks without a Public Key
Infrastructure (PKI) (Section 4.2), CAs, key directories, always-online authorities, or
manually arranged pairwise preshared secrets among all involved peers.
System Setup
Before an IBC-powered WSN becomes fully functional (i.e., allowing peers to join
the system and request keying), an offline Private Key Generator PKG (Section 4.3)
first picks a random master key x Z q ( q is a prime and Z is an algebraic field), and a
bilinear mapping
´ e is defined on the points of an elliptic curve (as a
group G 1 ), and has the following property that for any P , Q G 1 and for any integer
a and b ,
eG G
:
Z
.
1
1
q
a
b
ab
eaPbQ
(,
) (,
=
ePbQ
)
=
eaPQ
(,
)
=
ePQ
(,
)
(6.7)
The PKG then picks a random generator P , and publishes P , xP , e , and four chosen
cryptographic hash functions as the public-system parameters. Hash functions are used
to hash an arbitrary identity (e.g., any ASCII strings) to a point on the elliptic curve
( H 1 ) to achieve security against chosen ciphertext attacks and to encrypt plaintext,
respectively. The PKG should keep x secret, and no one else can derive x even when
they have both P and xP . A lot of offline entities can assume the role of PKG, as long
as they can keep the master key secret and extract private keys from the master key for
peers joining the system and requesting to be keyed. Once the private key is extracted,
a peer has no need to communicate with the PKG (nor to keep the PKG online), unless
the peer wants to propose a new identity. Also, the offline PKG can key peers in batches
(e.g., only during normal business hours), since peers can receive regular, encrypted
Search WWH ::




Custom Search