Cryptography Reference
In-Depth Information
$!%
&!
'
" #
" #
!
!
Figure 4.9. Identity-Based Signature Scheme
In an identity-based authentication scheme, Alice retrieves her private key [ A ( pr k )]
from the PKG and the message M , and generates a digital signature using the identity-
based digital signature algorithm (Figure 4.9). At the receiver's end, Bob simply hashes
Alice's identity and generates her public key [ A ( pu k )] to verify the signature using the
verification algorithm. In a hierarchical model, an identity-based authentication scheme
significantly simplifies the verification process, as the recipient generates the public key
from each of the intermediate PKG's identities. Compared to PKI, the recipient is forced
to retrieve the public key certificate from each of the intermediate CAs and checks their
validity before verifying the signature. In addition, IBC systems need not store any pub-
lic key certificates, as public keys can be generated instantaneously as and when needed.
The security of IBC depends mainly on the secrecy of the information stored in the
PKG, so considerable effort is involved in designing a secure PKG before deployment.
In addition, care should be taken in validating the identities of end users before issuing
their private key. One of the main advantages of this scheme is that the receiver need not
have the private key corresponding to the public key at that very instant to decrypt the
encrypted message. However, this approach has the inherent key escrow problem, which
can actually be advantageous in certain applications such as WSN. In later sections, we
will discuss this key escrow problem and ways to solve this problem. From a security
standpoint, all users within a group or domain should trust their private key generators.
Such a centralized trust model, however, could lead to a possibility of a single-point
Search WWH ::




Custom Search