Abstract
Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality, require key escrow in certain scenarios; while some others such as non-repudiation, prohibit key escrow. Moreover, these two conflicting requirements can coexist for one user. The common solution in which each user has two certificates and an escrow authority backups all escrowed private keys for users, faces the problems of efficiency and scalability. In this paper, a novel key management infrastructure called RIKE is proposed to integrate the inherent key escrow of identity-based encryption (IBE) into PKIs. In RIKE, a user’s PKI certificate also serves as a revocable identity to derive the user’s IBE public key, and the revocation of its IBE key pair is achieved by the certificate revocation of PKIs. Therefore, the certificate binds the user with two key pairs, one of which is escrowed and the other is not. RIKE is an effective certificate-based solution and highly compatible with traditional PKIs.
Chapter PDF
Similar content being viewed by others
Keywords
References
Adams, C., Zuccherato, R.: A general, flexible approach to certificate revocation. Technical report, Entrust (1998)
Al-Riyami, S.S., Paterson, K.G.: Certificateless Public Key Cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)
Asia-Pacific Economic Cooperation (APEC). Guidelines for schemes to issue certificates capable of being used in cross jurisdiction ecommerce (2004)
Appenzeller, G., Martin, L.: IETF RFC 5408: Identity-based encryption architecture and supporting data structures (2009)
Baek, J., Zheng, Y.: Identity-Based Threshold Decryption. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 262–276. Springer, Heidelberg (2004)
Boneh, D., Ding, X., Tsudik, G., Wong, M.: A method for fast revocation of public key certificates and security capabilities. In: 10th USENIX Security Symposium, pp. 297–308 (2001)
Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Boyen, X., Martin, L.: IETF RFC 5091: Identity-based cryptography standard (IBCS) #1: Supersingular curve implementations of the BF and BB1 cryptosystems (2007)
Brown, J., Gonzalez Nieto, J., Boyd, C.: Efficient and secure self-escrowed public-key infrastructures. In: 2nd ACM Symposium on Information, Computer and Communications Security, pp. 284–294 (2007)
Callas, J.: Identity-based encryption with conventional public-key infrastructure. In: 4th Annual PKI Workshop, pp. 98–111 (2005)
China. Electronic signature law (2004)
Cocks, C.: An Identity Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: IETF RFC 5280: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile (2008)
Ding, X., Tsudik, G.: Simple Identity-Based Cryptography with Mediated RSA. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 193–210. Springer, Heidelberg (2003)
Entrust. Entrust authority digital certificate solution (2012)
European Telecommunications Standards Institute (ETSI). Policy requirements for certification authorities issuing qualified certificates (2000)
European Union (EU). Directive on a community framework for electronic signatures (1999)
Geisler, M., Smart, N.P.: Distributing the Key Distribution Centre in Sakai–Kasahara Based Systems. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 252–262. Springer, Heidelberg (2009)
Gentry, C.: Certificate-Based Encryption and the Certificate Revocation Problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 272–293. Springer, Heidelberg (2003)
Gentry, C., Silverberg, A.: Hierarchical ID-Based Cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
Horwitz, J., Lynn, B.: Toward Hierarchical Identity-Based Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)
Iliadis, J., Spinellis, D., Katsikas, S., Gritzalis, D., Preneel, B.: Evaluating certificate status information mechanisms. In: 7th ACM Conference on Computer and Communications Security, pp. 1–8 (2000)
Kate, A., Goldberg, I.: Distributed Private-Key Generators for Identity-Based Cryptography. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 436–453. Springer, Heidelberg (2010)
Khurana, H., Basney, J.: On the risks of IBE. In: International Workshop on Applied PKC, pp. 1–10 (2006)
Kocher, P.C.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Libert, B., Quisquater, J.-J.: Efficient revocation and threshold pairing based cryptosystems. In: 22nd Annual ACM Symposium on Principles of Distributed Computing, pp. 163–171 (2003)
Micali, S.: NOVOMODO: Scalable certificate validation and simplified PKI management. In: 1st Annual PKI Workshop, pp. 15–25 (2002)
Myers, M.: Revocation: Options and Challenges. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 165–171. Springer, Heidelberg (1998)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: IETF RFC 2560: X.509 Internet public key infrastructure online certificate status protocol - OCSP (1999)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: 7th USENIX Security Symposium, pp. 217–228 (1998)
Paillier, P., Yung, M.: Self-Escrowed Public-Key Infrastructures. In: Song, J.S. (ed.) ICISC 1999. LNCS, vol. 1787, pp. 257–268. Springer, Heidelberg (2000)
RSA, the security division of EMC. RSA digital certificate solution (2012)
Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Wang, L., Shao, J., Cao, Z., Mambo, M., Yamamura, A.: A Certificate-Based Proxy Cryptosystem with Revocable Proxy Decryption Power. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 297–311. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, N., Lin, J., Jing, J., Gao, N. (2012). RIKE: Using Revocable Identities to Support Key Escrow in PKIs. In: Bao, F., Samarati, P., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2012. Lecture Notes in Computer Science, vol 7341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31284-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-31284-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31283-0
Online ISBN: 978-3-642-31284-7
eBook Packages: Computer ScienceComputer Science (R0)