Biometric Identity Based Encryption: Security, Efficiency and Implementation Challenges

Introduction

Cryptography consists of set of mathematical techniques to achieve the goals of confidentiality, data integrity, entity authentication, and data origin authentication in order to provide information security in theory and in practice. These cryptographic goals can be summarized as follows (Sarier, 2007).

• •

  Confidentiality: Confidentiality is the protection of transmitted data from passive attacks. Other aspect of confidentiality is the protection of traffic flow from analysis.

• •

  Authentication: It is concerned with assurance of identity. It ensures that the origin of a message or electronic document is correctly identified, and the identity is not false. When a sales clerk compares the signature on the back of a credit card with the signature on a sales slip, the clerk is using the handwritten signatures as an authentication mechanism, to verify the person presenting the credit card is the person the card was sent to by the issuing bank.

• •

  Data Integrity: assures that data has not been modified since the signature was applied. In other words, it ensures that only authorized parties are able to modify computer system assets and transmitted information. While a handwritten signature does not in itself provide data integrity services, digital signatures provide excellent data integrity services by virtue of the digital signature value being a function of the message digest; even the slightest modification of digitally signed messages will always result in signature verification failure.

• •

  Non-repudiation: It prevents either sender or receiver from denying a transmitted message and could provide evidence to a third-party (like a judge, or jury, for example). The buyer’s signature on the credit card sales slip provides evidence of the buyer’s participation in the transaction, and protects the store and the card-issuing bank from false denials of participation in the transaction by the buyer.

• •

  Access Control: It is the ability to limit and control the access to host systems and applications via communications links.

• •

  Availability: It requires that computer system assets be available to authorized parties when needed.

Encryption tries to solve the problem of secure communication over an insecure channel, where apart from the sender and the receiver, an adversary may involve controlling the channel. The two types of encryption schemes are called as symmetric and asymmetric encryption, where the basic difference is the same secret key that is shared in the former one, whereas a pair of keys called public and secret key take part in the latter one. In addition, in symmetric encryption, the shared secret key must be transferred through a secure channel while asymmetric encryption does not require a secure channel to pass the encryption key at the cost of authentication of public keys. This way the sender A is sure that he is encrypting under the legitimate public key of the receiver.