| Email is one of the most widely used and the most important applications on the Internet, it is simple and speedy, convenient for people to communicate with each other. Because the Internet is an open system, the Email message transferred on it would be attacked here and there. To prevent the Email from all kinds of attacks, several secure Email solutions have been proposed and used in specific fields.The Identity-Based Encryption (IBE) is a form of public key encryption for which the public key can be an arbitrary string, and in particular, a publicly available string or identifier that identifies a user, such as the user's name, Email address, network address, etc. Any publicly available information that is uniquely associated with the user can be used to construct a public key, there is no need to retrieve it from the public key certificate.The Identity-Based Encryption fits very well for secure Email systems. The Email addresses are uniquely associated with specific users and are publicly available, making them an obvious and ideal choice for an identity based public key. A third Trusted Authority generates the correspondent private key when the user makes a request for it, and transfers it to the user through a secure channel.Not only the identity information, but also the identifier that describes a role, task or conditions can be used as the public key. When the user asks for the correspondent private key, the Trusted Authority checks if the user has the required rights, in this way, the generation and transfer of the private key is coupled with the role-based and task-based access control and privilege management.The systems based on traditional public key cryptography and certificates have to perform a series of operations to certificates, including creation, issuance, retrieval, validation, storage, revocation, etc. The IBE systems use the publicly available information as a public key, eliminate the need for certificates and simplify the operations and management of public keys. And there is only a Trusted Authority to be set up to authenticate the users, check their rights, and generate and transfer the private keys. It is simple to implement and easy to use.This paper introduces the algorithms of the Identity-Based Encryption, the Boneh-Franklin scheme based on the bilinear map on elliptic curves and the Cocks scheme based on the quadratic residues, the models of role-based access control and task-based access control are also introduced. Then this paper describes the framework of a secure Email system based on IBE and its security design.This paper analyses the open source IBE library developed by Stanford University, utilizing it and the openSSL crypto library, SSL(Secure Socket Layer), C CGI(Common Gateway Interface), Apache Web Server on Linux, an IBE secure Email system has been designed and implemented, with functions of the encryption/decryption of Email messages on the client side and the authentication of the users, the generation and transfer of the private keys, the initialization and configuration on the server side.Because the Identity-Based Encryption can be coupled with the role-based access control, this paper designs and implements a role-based IBE secure Email system. By the authentication table and the authorization table stored in MySQL database server, the Trusted Authority checks the roles of the users, only in case of success, it generates and transfers the private keys.This paper proposes that the Identity-Based Encryption can be coupled with both the role-based access control and the task-based access control, then designs and implements a general role and task-based IBE secure documents system. |
PDF Full Text Request