CLAE achieves in a single cryptographic function all the ultimate functionalities that one can expect from a modern encryption mechanism. It supports authentication at no extra cost, and the certificate-less feature makes it easy to integrate in pre-existing applications. CLAE is basically what secure applications need, regardless of whether people are even aware that such technology exists and is available.
Public Key Cryptosystem PKC
Within a Public Key Cryptosystem (PKC), keys are generated by a third party, trusted centre/certificate authority which guarantees the key. Think SSL (https) and most so‐called secure Internet connecions in existence.
Distribu2ng and managing public key cer2ficates in a large system is a challenging task as certificates have to be protected from tampering while in transit over insecure channels and in 2013 and 2014 SSL has proven to be vulnerable.
Identity Based Encryption IBE
An improvement and alternative to PKC is to self generate the public key using the recipients known identity i.e. email address, phone number, device unique identifier… and this innova2on which was improved upon and implemented in 2002 by Voltage.com is referred to as Identity Based Encryption (IBE). Voltage’s IBE was designed by cryptographers at Stanford University under US Defense funded research.
One security challenge in tradi2onal PKC systems (SSL) is protecting the public key digital certificates from tampering and securely distributing them and the same problems occur with the public parameters of the trusted centre in IBE and as well, IBE cannot authenticate.
In contrast to PKC and IBE, CLAE allows the sender to locally verify the public parameters of the server before encrypting the message. With CLAE the sender is able to verify the trusted centre before encrypting a message, thereby ensuring that the public parameters have not been tampered with.
CLAE can use the Trusted Centre and the Identity of the recipient. In this manner, greater flexibility is provided in generating the keys and it will be enforced on the recipient. Both IBE and CLAE users can know that a message has been securely transported and in addi2on CLAE is able to authenticate the sender to the CLAE user.
- Not Having To Protect The Public Parameters.
- Simpler, Faster And Easier To Set Up.
In contrast to IBE, CLAE is more flexible in its setup . The user in the CLAE can verify the public parameters are indeed received from Private Key Generator (PKG) who issued the private key. This has great practical implications, as the user no longer has to protect the public parametersalong with her private key. The public parameters, since they are public, can be stored remotely and outside the user’s secure storage. In the IBE,if public parameters, specifically P_pub, is tampered , the entire security of IBE crumbles.
In CLAE, authentication is added to encryption and the recipient can easily verify the identity of the sender. This is very useful in stopping email phishing aOacks, where the aOacker tries to spoof the identity of a legitimate sender. Due to the CLAE setup, it is the superior cryptographic tool to be used in peer‐to‐peer and offline applications.
Thanks to Bill Montgomery from ConnectinPrivate, for bringing up this topic. We are sure you will hear more about it soon. If you are new to cryptography learn the basics online from Napier University Professor Bill Buchanan. The first lesson is available below:
Origanal Post: http://www.hackinsight.org/news,187.html