Hierarchical Identity-based Broadcast Cryptography and its Application in Blockchain

Blockchain as an emerging cryptographic database technology has gained wide attention in many directions. Among them, data security is one of the hot spots of research in blockchain. In this paper, we first analyze the security problems of blockchain and then propose to solve them with hierarchical identity-based broadcast encryption (HIBBE). HIBBE, as a variant of hierarchical identity-based cryptography, can effectively improve the data security. HIBBE has all the characteristics of hierarchical identity-based cryptography, so it has potential in decentralized application scenarios. Then we made an overview of the several existing HIBBE scheme. This paper also gives a formal definition of HIBBE and concludes with the research direction of HIBBE-based blockchain.

An Implementation Suite for a Hybrid Public Key Infrastructure

Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

ARIBC: Online Reporting Based on Identity-Based Cryptography

The reporting of incidents of misconduct, violence, sexual assault, harassment, and other types of crime that constitute a major concern in modern society is of significant value when investigating such incidents. Unfortunately, people involved in such incidents, either as witnesses or victims, are often reluctant to report them when such reporting demands revealing the reporter’s true identity. In this paper, we propose an online reporting system that leverages Identity-Based Cryptography (IBC) and offers data authentication, data integrity, and data confidentiality services to both eponymous and anonymous users. The system, called ARIBC, is founded on a certificate-less, public-key, IBC infrastructure, implemented by employing the Sakai–Kasahara approach and by following the IEEE 1363.3-2013 standard. We develop a proof-of-concept implementation of the proposed scheme, and demonstrate its applicability in environments with constrained human, organizational and/or computational resources. The computational overheads imposed by the scheme are found to be well within the capabilities of modern fixed or mobile devices.

Improved Identity Based Encryption System (IIBES): A Mechanism for Eliminating the Key-Escrow Problem

A revolutionary change to public-key cryptography can be considered as an Identity Based Cryptography (IBC) in which identity of the receiver is being used as a public key for encrypting a message and Key Generation Centre (KGC). IBC will generate and distribute the private key to each user to decrypt a message. The thought behind presenting the scheme was to improve and reduce the complexity of certificate and key management, but it also gives rise to key escrow problem, access to encrypted information to unauthorized users. The paper represents Improved Identity-Based Encryption Scheme (IIBES) for Domain Name System (DNS) security which provides confidentiality and authentication through modified identity based encryption and identity based digital signatures. The IIBES comprises key revocation mechanism for non-revoked users and also eliminates key escrow problem. Thus, the IIBES aids to implement the identity-based cryptography more safely in reality and protects DNS against cache poisoning, spoofing attack and masquerade attack. Doi: 10.28991/esj-2021-01259 Full Text: PDF

Enhancing Security and Trust in Named Data Networking using Hierarchical Identity Based Cryptography

Named data networking (NDN) represents a promising clean slate for future internet architecture. It adopts the information-centric networking (ICN) approach that treats named data as the central element, leverages in-network caching, and uses a data-centric security model. This model is built mainly in the addition of a signature to each of the recovered data. However, the signature verification requires the appropriate public key. To trust this key, multiple models were proposed. In this article, the authors analyze security and trust in NDN, to deduct the limits of the already proposed solutions. They propose a security extension that strengthens security and builds trust in used keys. The main idea of this extension is the derivation of these keys from data name, by using hierarchical identity-based cryptography (HIBC). To confirm the safety of the new proposal, a formal security analysis is provided. To evaluate its efficiency, a performance evaluation is performed. It proves that by adopting the proposed extension, performance is comparable, even better in some cases than plain NDN.