Research Of Secure Communication For Applications Of Identity-Based Encryption

Research of Secure Communication for Applications of Identity-Based EncryptionRapid development in network technology today, many areas require the application in the network environment of digital information security and confidentiality of communications can be provided by cryptography cryptography prototype systems to achieve that goal. Cryptography provides the basic security system, including:confidentiality, integrity, authentication and non-repudiation [6]. Confidentiality through encryption cryptography prototype to achieve, similar to using a mapping function of some non-understandable plaintext into ciphertext understand. Authenticated, integrity and non-repudiation can use cryptography prototype of digital signatures to achieve, digital signatures provide a way of identity and some information on the entity generated fragments bound to be sending a message corresponds to the signature, and decryption authentication of the signature. Key agreement is another basic cryptography prototype, by calculating two or more entities to establish secure communications shared key, in the practical application of such a symmetric encryption with high efficiency. Signature encryption is a signature combination of encryption methods and cryptography prototype, combining the advantages of both while providing encryption security and anti-counterfeiting features.Compared with the RSA used in PKI, identity based encryption (IBE) can provide the same security with lower computation consumption and remove the need for certificates. However, there are many problems of IBE when it is in the rush to market and just few successful business applications now.The paper proposes a practical IBE application architecture. To ensure the architecture is secure, we should establish the sesure connections between client and server, users and PKG. As Secure Socket Layer or Transport Layer Security (SSL/TLS) provides secure communication over the Internet, the paper improves its handshake process to resolve these problems. So, the paper proposes two TLS extensions for IBE application:TLS handshake based on DH_IBSC and TLS handshake based on DH_EKE. Then, the paper realizes the handshake process using the pairing-based cryptography library and the xyssl library.The contents are as follows:(1) The paper proposes a practical IBE application architecture using single private key generator, describes the work flow of each element, and shows that we should resolve the sesure connections between client and server, users and PKG. Then, the paper indicates that the identity based signcryption and encrypted key exchange are helpful for establishing the secure connections. The identity based signcryption (IBSC) scheme can provide authentication. It is helpful to establish the sesure SSL connection between the client and server which all have their identities under the management of KMS. Furthermore, encrypted key exchange (EKE) effectively amplifies a shared password into a shared key, which can be used for encryption and/or message authentication. It is useful for establishing the sesure SSL connection between users and PKG.(2) The paper proposes two extension TLS handshake protocols to resolve the secure communication problems. One is handshake protocol based on DH_IBSC which achieves key exchange and authentication between the Sever and Client, and the other is handshake protocol based on DH_EKE, it achieves the authentication between the Server and Client through the share password and finishes key exchanging by Diffie Hellman key exchange algorithm. The paper provides the security analysis for above protocols.(3) The paper realizes the handshake process based on DH_IBSC using the pairing-based cryptography library and the xyssl library.