Identity-Based Cryptography: Applications, Vulnerabilities, and Future Directions

Abstract

Since computer systems and communication become each time more pervasive, information security takes attention, requiring guarantees for data authentication, integrity and confidentiality. Pervasive communication and computer systems intend to provide access to information and services anytime and anywhere, demanding cryptographic systems more practical and that consider the characteristics of emerging network paradigms, such as wireless communication, device constraints and mobility. Identity-Based Cryptography (IBC) is an asymmetric key cryptographic technology that employs as user’s public key any unique information related to the identity of the user. IBC efficiently manages keying material and provides an easy way to issue a pair of keys applying user information. However, it assumes the existence of a Trusted Third Party (TTP), called Private Key Generator (PKG), which is responsible for generating the corresponding user private key. Relying on a TTP and using an identity as the base of the scheme result in different weaknesses on the system, as the inherent key escrow problem. This chapter investigates those weaknesses, and it points out the stat-of-the-art of proposed solutions to avoid them. This chapter also provides an overview of Identity-Based Encryption (IBE), Identity-Based Signature (IBS) and Identity-Based Key Agreement (IBKA), emphasizing IBE due to being an open problem for many years. This chapter concludes highlighting IBC applications and future trends.