Technique Makes Strong Encryption Easier to Use
by Linda Dailey Paulson
Organizations are beginning to adopt identity-based encryption (IBE), a communications-protection process that promises to make public-key cryptography easier to use.
Public-key cryptography uses paired keys for encrypting and decrypt ing messages, to protect electronic communications over public networks such as the Internet.
The technique uses a public encryption key and a private one that only the recipient knows. For example, Bob’s public key is the one that people use to encrypt information only for Bob, explained Luther Martin, chief security architect for information-encryption vendor Voltage Security. Anyone wishing to send Bob an encrypted message needs this key, which is why he places it in a publicly accessible location. The public key is transmitted to the sender in a digital certificate that verifies that it came from Bob.
To read his messages, Bob uses his private key, which is mathematically related to the public key. Hackers can’t read messages they intercept because they don’t have the private key.
The problem with this approach, said Martin, is that there are no standards-based means of finding someone’s public key. Most are kept in an LDAP directory of information stored in a server, which is not always easy to locate.
Ferris Research analyst Richi Jennings said public-key infrastructures are difficult to implement and maintain because they require servers for the storage of public keys, as well as key-recovery servers, and keymanagement capabilities.
IBE is a simpler process. The technology, first suggested by well-known cryptographer Adi Shamir in 1984, lets a message sender calculate a recipient’s public key from a unique identifier for the recipient.
Andy Dancer, chief technology officer for security vendor Trend Micro’s Encryption Group, said the recipient’s e-mail address or phone number could serve as an identity representation.
A trusted third-party server uses a cryptographic algorithm to calculate the corresponding public key from the recipient’s identifier. IBE generates the public key automatically and on demand, noted Michael Hong, product marketing manager for Trend Micro’s Encryption Group.
The approach thus eliminates the need for storing and finding public keys, and for dealing with digital certificates. According to Martin, IBE systems’ public keys typically are valid for only a limited amount of time.
Because IBE doesn’t require public-key storage and calculates keys only on demand, Martin said, it is easy to implement and operate. This also makes IBE less complex and less expensive to run than typical publickey systems.
Hong said IBE’s early performance, and thus its adoption, was slow because optimal mathematical techniques for use with the technology didn’t exist at the time. Meanwhile, Dancer added, commercial refinement of IBE techniques took several years.
Now, though, he said, the time is ripe for widespread adoption.