Abstract
Kohnfelder realized in 1978 that public key schemes require a Public Key Infrastructure (PKI) . X500/X509 were set up to standardize these ideas. PGP, proposed by Zimmermann is an alternative to the original PKI idea. Variants of the PGP based PKI were discussed independently by Reiter-Stubblebine and Burmester-Desmedt-Kabatianskii.
The goal of Shamir’s 1984 idea of “identity-based” cryptography was to avoid a Public Key Infrastructure. Instead of having the users have their own public key, the identity of the user is the “public key,” and a trusted center provides each party with a secret key. Several identitybased cryptosystems have been proposed, in particular recently.
We analyze Shamir’s identity-based concept critically. We argue the need for at least a registration infrastructure, which we call a”basic Identity-based Key Infrastructure.” Moreover, if secret keys of users can be stolen or lost, the infrastructure required to deal with this is as complex as the one of PKI. We make further comparisons between public key systems and identity-based ones.
Chapter PDF
References
Ben-Or, M., Goldwasser, S., and Wigderson, A. (1988). Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, pages 1–10.
Boneh, D. and Franklin, M. (2001). Identity based encryption from the Weil pairing. In Advances in cryptology — Crypto ’2001, volume 2139 of Lect. Notes Comput. Sci., pages 213–229. Springer.
Burmester, M. and Desmedt, Y. Hierarchical public-key certification: The next target for hackers? Submitted October 2001 to Communications of the ACM, accepted February 21, 2003.
Burmester, M., Desmedt, Y., and Kabatianskii, G. (1998). Trust and security: A new look at the Byzantine generals problem. In Wright, R. N. and Neumann, P. G., editors, Network Threats, DIMACS, Series in Discrete Mathematics and Theoretical Computer Science, December 2–4, 1996, vol. 38 AMS.
Chaum, D., Crépeau, C., and Damgård, I. (1988). Multiparty unconditionally secure protocols. In Proceedings of the twentieth annual ACM Symp. Theory of Computing, STOC, pages 11–19.
Ellison, C. and Schneier, B. (2000). Ten risks of PKI: What you’re not being told about Public Key Infrastructure. Computer Security Journal, 16(1):1–7. See also http://www.counterpane.com/pki-risks.html.
Goldreich, O., Micali, S., and Wigderson, A. (1987). How to play any mental game. In Proceedings of the Nineteenth annual ACM Symp. Theory of Computing, STOC, pages 218–229.
Kohnfelder, L. M. (1978). Toward a practical public-key cryptosystem. BSC thesis, MIT Department of Electronical Engineering.
McDaniel, P. and Rubin, A. (2000). A response to “can we eliminate certificate revocations lists?”. In Y. Frankel, editor, Financial Cryptography, 4th International Conference, Proceedings (Lecture Notes in Computer Science 1962), pages 245–258. Springer-Verlag. Anguilla, British West Indies, February 20–24.
Menezes, A., van Oorschot, P., and Vanstone, S. (1996). Applied Cryptography. CRC, Boca Raton.
Microsoft Security Bulletin MS01–017 (March 22, 2001, updated: June 22, 2003) . Microsoft security bulletin ms01–017, erroneous verisign-issued digital certificates pose spoofing hazard. http://www.microsoft.com/technet/security/bulletin/MS01–017.mspx.
Reiter, M. K. and Stubblebine, S. G. (1997). Path independence for authentication in large scale systems. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 57–66. Zurich.
Rivest, R. L. (1998). Can we eliminate certificate revocations lists? In Hirschfeld, R., editor, Financial Cryptography, 2nd International Conference, Proceedings (Lecture Notes in Computer Science 1465), pages 178–183. Springer-Verlag. Anguilla, British West Indies, February 23–25.
Schneier, B. (1996) . Applied Cryptography. J. Wiley, New York, second edition.
Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Blakley, G. R. and Chaum, D., editors, Advances in Cryptology. Proc. of Crypto 84 (Lecture Notes in Computer Science 196), pages 47–53. Springer-Verlag. Santa Barbara, California, U.S.A., August 19–22.
Zimmermann, P. R. (1995). The Official PGP User’s Guide. MIT Press, Cambridge, Massachussets.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Desmedt, Y., Burmester, M. (2004). Identity-Based Key Infrastructures (IKI). In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_11
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive