IBE System Based On Trustworthy Service

Trustworthy authentication has become the focus of current information security. After several decades of academic improvements and practices, there still exist two major prototype systems. One is PKI (Public Key Infrastructure) which is based on public key authentication system. The other is IBE (Identity Based Encryption) which is based on identity encryption. The public key property of PKI system is the identities of all the buyers and sellers. Therefore, PKI is more applicable to the area of electronic commerce, because of direct relationship between key holders'economic interests and the key security. At present, PKI system has been already widely applied to the electronic commerce.Meanwhile IBE system is more fit for E-government and E-military due to its centralized key generation and timingly destroying data.The essential difference between PKI and IBE is key generation. Digital certificates of PKI are generated respectively by users.Then they are authenticated and issued by CA (Certification Authority). Users of PKI system authenticate others'identity by their digital certificates based on CA. Identity authentication has to be based on the third trustworthy party—CA. Therefore, PKI is more applicable to the area of electronic commerce, because of direct relationship between key holders'economic interests and the key security. PKI system will do well when CA and users well guarantee digital certificates. However, with rapid growth of PKI domains which need mutual communications, their mutual communications become the bottleneck of PKI. Compared with PKI, IBE has several advantages:1. IBE system takes users'identities as public keys, so IBE system need no businesses and services about digital certificates.Therefore, IBE avoid setting up and maintaining CA;2. Private keys of IBE system are generated by PKG, so when master key is altered, user'private keys of IBE system are changed along. Thus we cam alter users'private keys of IBE sytem timingly.And we can limit valid period of private keys.IBE system can also recovery rapidly after its breakdown;3. ECC(Elliptic curve cryptography) of IBE is better than RSA(Ron Rivest,Adi Shamir, Leonard Adleman) of PKI in several aspects such as less computational cost and richer resources of ECC.PKI, which is widely applied, has been proposed to be international standard X. 509, but IBE has always been ignored because of its imperfect. IBE takes users'public information as their public keys sush as e-mail. The prototype of IBE was put forword by both D.Boneh and M.Franklin in 2001.It is based on PKG(Private Key Generate),but is an imperfect and untrustworthy system.However, IBE has been improved with its signature, signcryption, encryption, architecture and keys'distribution. There still exist several problems in the classic IBE system, such as:1. There still not exist coherent and intact liability ascertains in it.2. There still not exists any mechanism to ensure identities of IBE system to not be forged.3. There still not exists any mechanism to ensure keys'safe distribution of IBE system.4. How to improve IBE system for the special requirements of E-government and E-military.5. How to prevent bottle-neck of IBE system from keys'timing replacement.Because current IBE has no centralized key management mechanism, identity management mechanism and authority management mechanism, this cause users with no grades, no restriction domain services for legal users, and users'private keys can not be altered timingly.Meanwhile there still exists interoperations among several domains such as cross-domain mobile identity and cross-domain authorization.Therefore classic IBE is not fit for current E-government and E-military.This paper put forword an improved IBE system, which is named IBE system based on trustworthy service, by those four mechanisms to solve problems above.And it is proved more practical and safer.IBE system based on trustworthy service is regarded as the future of network structure. It is its special key management mechanism that makes it more fit for E-government and E-military. It is a centralized trustworthy system which is made up of key management mechanism, identity management mechanism, authority management mechanism and cross-domain management mechanism.1. Key management mechanism is in charge of generating and distributing private keys for users, meanwhile it should initialize IBE system and alter users'private keys timingly.In one word, key management mechanism is the core of IBE system based on trustworthy service.2. Identity management mechanism is in charge of things about users'identities such as new users'registering, users'login verification, identities'maintenance and cancellation. In a word, it is the entrance of users.3. Authority management mechanism is in charge of all the services and resources and auditting users'authority. It ensures authority accurate.4. cross-domain management mechanism is in charge of cross-domain mobile identity and cross-domain authorization, which solves interoperation between isomorphic domains and heterogeneous domains.IBE system based on trustworthy service can ensure message security of privacy, but message security of privacy, integrity, non-forgeability and non-repudiation need data secure service. So this paper describe double digital signiture, digital envelope and digital time stamp in the fouth chapter. Secure service of data has integrated double digital signiture, digital envelope and digital time stamp to ensure message security of privacy, integrity, non-forgeability and non-repudiation. All in all, double digital signiture ensure chains of responsibility integrity. Meanwhile digital time stamp prevent data from replay attacking. Digital envelope ensure safe transmission of long message of datagram.As an important method of information security, digital signiture can solve forgeability of data. To ensure non repudiation of datagram, double digital signiture is adopted during communications between users and services of IBE system. double digital signiture is made up of Public Signature and Private Signature. Private Signature means that user U makes message signature by his private key K U, which is generated by himself. While Public Signature means that user U makes message signature by the private key PIDU , which is distributed by key management mechanism.Digital signiture ensures transferred data non-repudiation. But if someone transmits the same data repeatedly or denies sequence of data, the third party has to be set up to arbitrate which is named digital time stamp. It can solve problems above and limit data effective for a given period of time to prevent data from replay attacking. To transfer long data, digital envelope combines asymmetrical encryption algorithm with block algorithm to ensure transferred data safe.After description of secure serive of data, this paper brings forward how to prove safety of communication protocols of IBE system, which is Random Oracle model. Upon the hypothesis of BDH(Bilinear Diffie-Hellman) and CDH(Computational Diffie–Hellman), digital envelope, double digital signiture and key distribution are proved protocol safety.