| This paper states all kinds of technologies on secure Email, analyses current popular secure Email system built on certificate-based public key architecture and introduces identity-based cryptosystem.The systems based on traditional public key cryptography and certificates have to perform a series of operations to certificates, retrieval, validation, storage, revocation, etc. Complicated deployment and bad ease to use block its further grow. The identity-based cryptosystems directly use the user information such as identity and roles as a public key, eliminate the need for certificates publicly available and simplify the operations and management of public keys. Therefore constructing identity-based public key architecture has become a new approach to solve secure Email problem.This paper introduces the algorithms of the Identity-Based Encryption and the Identity-Based Signature. Depending on Boneh-Franklin scheme based on the bilinear map on elliptic curves and An Identity-Based Signature from Gap Diffie-Hellman Groups, we present an identity-based public key scheme named IBSE. It abstracts and shares the basic architecture of both schemes above, then combines them into one body by constructing a lot of hash functions and using pair theory on elliptic curves. In structure, in order to offer the agility of scheme implementation, it adopts hierarchical design, combining the virtue of hybrid Identity-Based public key schemes, which makes signature and encryption arithmetics configured and decouples them. In security, it provides functions of traditional public key system and new features such as cipertext unlinkability, cipertext authentication and cipertext anonymity by the characteristics of signature and hash disposal on signature result. In function, it makes use of modularization to privide individual signature and verification function, individual encryption/decryption function sharing public signature and combination of private signature and encryption. What's more, by restructing cipertext imformation, it provides multi-recipient encrypting mail sharing the same signature.This paper analyses the open source IBE library developed by Stanford University, utilizing it and the OpenSSL crypto library, GMP arithmetic library, a concrete IBSE scheme is implemented. Applying SSL(Secure Socket layer), CGI(Common Gateway Interface), Apache Web Server on Linux and IBSE functions, a secure Email system named IB-SecMail has been designed and implemented with functions of the sign/encryption... |
PDF Full Text Request