A Comparison Between Traditional PKI and IBI

A comparison between traditional PKI and IBI

Guided By: Dr. D.C.Jinwala Presented By: Riddhi Mankad P10CO952 Secure Communication- Need for Encryption  In today’s world, ensuring secure communication has become the basic need for an organization.

 There are various options for encrypting user’s data:

 SKC

 PKC

 IBC

Traditional Cryptographic techniques

Symmetric Key Cryptography (SKC) Public key Cryptography (PKC) SKC

Random seed=Shared secret key

Limitations- Key Sharing becomes burdensome as number of users increases. For n user, total number of key exchange will be n(n-1)/2

Reproduced from [3] PKC

Ke= Public key Kd= Private key

Reproduced from [3] Newly developed Cryptographic technique

Identity Based Cryptography IBC

Ke- public key Kd- private key

Reproduced from [3] PKI Basics

 PKI is an environment to deploy PKC based algorithms.

 It deals with Key management issues and trust relationship.

 There are different types of PKI based infrastructure  Certificate Based PKI  PGP (Web of Trust)  Kerberos  Certificate Less PKI [5]

Types of PKI

 Certificate Based PKI  It is a set of hardware, software, people, policies to create, distribute, store and revoke certificates.  Certificate binds user’s public key with user.

 Certificate Less PKI  In CL-PKI, implicit certificate is used as follows:  the key generation center issues a partial private key to the user having a unique identity in the system.  The user himself generates the other half using his public id and some secret information.

IBI Basics

 IBI provides framework for deploying IBC based algorithms.

 Private key Generator (PKG) replaces CA.

 Public key is some publicly known information like email –id.

 No certificates are issued.

Motivation: Why PKI Vs IBI?

 PKI  IBI  Advantages  Advantages  Certificate provides  No certificates authentication  Flexible key management  Ensures non-repudiation  Suitable for encryption  Deployed for Digital signature  Drawbacks

 Private key is known to  Drawbacks PKG- key escrow problem  Key management become [4]. burdensome as the number of user grows  Storage and revocation or certificates

Components of Certificate based PKI

 Certificate Authority (CA)  Subordinate CAs  Registration Authority (RA)  Certificate Storage Server  Policies

Working of PKI Root CA Step 3: Defines Policies for Step 1: CA signs the storage and Subordinates certificate revocation RA Certificate Subordinate CA Storage Step 4: Stores the certificate Step 5: Issue in the certificate Ca to Step2: User A repository User A and User B requests for Step 5: Issue certificate. certificate Cb to User B

User A User B Step 6: User A sends Ca Step 7: B to B Checks the validity of Ca Working of IBI Root PKG

Step 3: PKG Certificate issues private Storage key to B

Step2: User B requests for No need to corresponding look up for private key. B’s certificate

User A User B Step 1: User Encrypt data with B’s email id PKI Vs IBI: Comparison Criteria

 Key Management  Trust Models  Authentication  Encryption  Signature  Revocation Comparison Table Criteria PKI IBI Public key Bound with certificate Email id (CA) SSN Private key Generated at the same Generated only when time with public key needed (PKG) Trust Models [7] Single PKG Hierarchical Identity based Infrastructure [8] Authentication Certificate proves the Dynamic Authentication genuineness of the user Encryption Encryption in PKI Encryption in IBI

Signature Signature in PKI Signature in IBI

Revocation Revocation Trust Models in PKI

Hierarchical Single CA Mesh Model Model

Hybrid Model Bridge CA model

Comparison Table Root PKG ID0

PKG PKG Id: ID0 || ID1 PKG Id: ID0 || ID3 ID1 ID2 ID3

User User User User User ID4 ID5 ID6 ID7 ID8

ID0 || ID1 || ID4 ID0 || ID1 || ID5 ……………………… ID0 || ID3 || ID8 Hierarchical Identity based Infrastructure

Comparison Table CA Stores the certificates

Ca Step 1: A and B request Cb Certificate for their respective Storage certificates and CA issues Ca Cb Ca and Cb respectively

Step 3: A ensure the Step 2: A request validity of Cb for Cb from B to obtain B‘s Public key Sender Receiver A B Step 4: A encrypt the message with B’s Step 5: B can Public key decrypt using Encryption in PKI his private key

Comparison Table Encryption in IBI Root PKG

Step 3: PKG Certificate issues private Storage key to B

Step2: User B requests for No need to corresponding look up for private key. B’s certificate

User A User B Step 4: User B Step 1: User can decrypt Encrypt data using his private with B’s key email id Comparison Table Stores the CA certificate

Certificate Storage Ca Cb

Ca Step 1: A and B request Cb for their respective Step 4: B certificates and CA issues ensure the Ca and Cb respectively validity of Ca and obtains A’s Public key

Step 3: B request for Ca from A Sender Receiver A B Step 2: A sign the message with his Step 5: B’s private key verifies A’s Signature in PKI signature

Comparison Table Signature in IBI Root PKG

Step 2: PKG Certificate issues private Storage key to B

Step1: User B requests for Step 4 :No corresponding need to look private key. up for B’s certificate

User A User B Step 5: A can Step 3: User verify B’s B Signs with signature using its private B’s email id key Comparison Table Revocation

 PKI  IBI

 CRL- Certificate  Renew keys Periodically Revocation List  Using a mediator – the  CRS- Certificate part of private key is Revocation Status issued by the mediator  CRT- Certificate  In [13] Using binary tree Revocation Tree data structure was  Windowed Certificate proposed based on Fuzzy Revocation IBE [14]. Recent Work

 Unified PKI supporting both PKC based and ID based PKC

 In [15], a conjunction of both PKI and IBI is proposed.

 PKGCA replaces CA and PKG

 As an example consider an email id [email protected].

 Certificate is issued to SVNIT not to end user.

 In order to verify the organization i.e. SVNIT, PKI is deployed and to issue private key to the user within an organization, i.e. to mtech952, IBI is implemented.

Contd..

 Autonomous Decentralized PKI (ADS)

 It ensure reliability and scalability

 There in no CA controlling the interaction

 There are 3 components:  Number of subsystems ( entities in PKI)  Data Field ( Data to be shared)  Communication content code ( unique ID)

Uniqueness Verifying PKI (UV-PKI) based on ADS was proposed in [16] as shown in the figure. UV-PKI Model Conclusion

 PKI cannot replace IBI or vice versa  They both are complementary to each other.

 PKI can be used globally to prove the authentication of an organization.  IBI can be deployed locally to encrypt the messages within an organization.

 PKI is suitable for applications like e-commerce, on line banking.  IBI can be deployed in applications that are for personal use like email service and social networking sites. Summary References Contd…