Cryptography Reference
In-Depth Information
6.4.2 Key Maintenance
In identity-based schemes, the public key of a peer is exactly its identity or a known
transformation of its identity. Hence, a peer can receive regular information encrypted
with its identity from other peers even before the peer has obtained its private key from
the PKG. This unique feature allows asynchronous communications in wireless ad-hoc
networks, where autonomous peers can be in active, idle, or sleep state periodically,
without global synchronization to conserve energy. Also, this feature reduces the cost
of operating the offline PKG, since peers can request keying in batches only after they
are actively and willingly involved in receiving information from other peers and when
the PKG goes online according to its own schedule. In contrast, in Symmetric Key
Cryptography (SKC) or regular Public Key Cryptography (PKC) systems, peers have
to establish pairwise shared-keys or obtain public and private keys prior to any secure
communications happening—i.e., keying is always mandatory and proactive for all
peers, even if they eventually have no secure communications throughout the validity
of their keys in these systems. Once a peer obtains its private key, which is extracted
from its identity and the system parameters, the peer can decrypt received information
encrypted with its identity, authenticate itself to other peers, and sign outgoing mes-
sages. Also, peers can bootstrap shared-keys or derive session keys from their identity-
based private keys for symmetric security procedures. Once bootstrapped, symmetric
procedures have much less overhead than their asymmetric counterparts. Depending
on the definition of peer identity, a peer, as well as the PKG, can determine the lifetime
of its private key. For example, a peer can present the same identity (e.g., username)
to systems with different parameters (i.e., the peer will have different private keys in
different systems); therefore, even if its private key is compromised in one system, the
information exposure is confined to that system. A peer can, also, present an ephemeral
identity (e.g., user@time). Even if its private key is compromised at a certain time, the
peer can request a new private key with a partially updated identity in the time portion,
without totally losing its identity or forcedly leaving the system. When necessary, a peer
can proactively refresh its identity (e.g., user@date) with the PKG and remain forward-
secure even if its current private key is captured and compromised by adversaries. To
deal with an unknown PKG, a peer can propose a temporary identity (e.g., user@site)
to a newly encountered system, while maintaining credentials with other well-known
systems. As we mentioned, a peer can request keying with multiple or hierarchical
PKGs to reduce its exposure due to compromised PKGs and to ease its concern about
key escrow by untrusted PKGs.
The PKG, on the other hand, can also control the validity of peer identities and
extracted private keys. For example, a peer should have a way of proving its identity
ownership (e.g., a@b.com) or accept assigned identities (e.g., prepaid personal identifi-
cation number [PIN]). A peer is uniquely identified by its identity, which can be both
time and location invariant within the system. No matter how the peer changes its
location and status in the system, it solely relies on its identity to receive information
and communicate with other peers. In addition, its identity is related to its reputation
(e.g., cooperativeness in relaying) and wealth (e.g., collected credits for its cooperation)
in the system. If a peer is found greedy and always fails to relay for other peers, this fact
Search WWH ::
Custom Search