Identity-based key infrastructures (IKI).
In: Deswarte, Y and Cuppens, F and Jajodia, S and Wang, L, (eds.)
SECURITY AND PROTECTION IN INFORMATION PROCESSING SYSTEMS.
(pp. 167 - 176).
Kohnfelder realized in 1978 that public key schemes require a Public Key Infrastructure (PKI). X500/X509 were set up to standardize these ideas. PGP, proposed by Zimmermann is an alternative to the original PKI idea. Variants of the PGP based PKI were discussed independently by Reiter-Stubblebine and Burmester-Desmedt-Kabatianskii.The goal of Shamir's 1984 idea of "identity-based" cryptography was to avoid a Public Key Infrastructure. Instead of having the users have their own public key, the identity of the user is the "public key," and a trusted center provides each party with a secret key. Several identity-based cryptosystems have been proposed, in particular recently.We analyze Shamir's identity-based concept critically. We argue the need for at least a registration infrastructure, which we call a "basic Identity-based Key Infrastructure." Moreover, if secret keys of users can be stolen or lost, the infrastructure required to deal with this is as complex as the one of PKI. We make further comparisons between public key systems and identity-based ones.
|Title:||Identity-based key infrastructures (IKI)|
|Event:||19th International Information Security Conference held at the 18th World Computer Congress|
|Dates:||2004-08-22 - 2004-08-27|
|Keywords:||PKI, trust infrastructures, identity-based cryptosystems|
|UCL classification:||UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
Archive Staff Only