Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VIBE verifiable identity based encryption technical overview

516 views

Published on

VIBE is a certificate-less asymmetric encryption scheme. The Private key is a fingerprint of the identity, so that public key certificate is no more needed. This greatly facilitates key management.

VIBE enables strong authentification at application level making VIBE the right solution for IoT application.

Published in: Technology
  • Be the first to comment

VIBE verifiable identity based encryption technical overview

  1. 1. Verifiable Identity Based Encryption (VIBE) new-age crypto for new-age security problems 1
  2. 2. PKI current limitations in IoT An exponential O(n²) number of transactions are necessary to share keys among n parties Complex management of certificates and revocation lists, is becoming a problem when number of devices is increasing Classification : Public 22
  3. 3. VIBE’s key benefits Simplified Key Management Authentication at the application layer 3
  4. 4. VERIFIABLE IDENTITY-BASED ENCRYPTION Identity-Based Encryption (IBE) was proposed in 1984 by renowned cryptographer, Adi Shamir, and advanced in the late 1990s as a “breakthrough approach to encryption key management.” VIBE dramatically improves on IBE by eliminating the need to protect the public parameters and adding authentication at the application layer. 4
  5. 5. The Origin HP/Voltage IBE patent still in use (HP acquired Voltage Security) Purpose : asymmetric cryptography using the recipient’s Identity to self-generate the public key. Security challenge to distribute the public parameters that are fixed and is a weakness of the system. IBE cannot authenticate. First VIBE patent granted in 2014 The private key of a VIBE system has the capacity of verifying the integrity of the TC’s public parameters. VIBE authenticates the sender without any of the TC’s Public parameters. Man-in-middle attacks are impossible 5
  6. 6. VIBE four algorithms 1. Setup(1λ): Takes as inputs the security parameter (λ) • Let H : {0,1}* → G be a hash function that maps ID’s to G • Authority generates secret s where MSK 1 = s and Ppub 2 = gs 2. KeyGen(s,ID): Set gID = H(ID) ϵ G, dID (PrvID)= gID 1/s 3. Verify-Encrypt(PK,ID,m): • Verify Ppub using PrvID • Generate random symmetric key σ • Set V = Ppub r, where r = H3(σ,M) • U = σ + H2(e(gID r, gIdTC ) • W = εσ (M) • Y = H2(e(Prvsender, gID) r) ; is a signature with the private key of the data that are encrypted and is used to authenticate the sender • Send CT = (U,V,W,Y) 4. Auth-Decrypt(dID, PK, CT): Compute σ = U + H2(e(PrvID, V)); where PrvID= gID 1/s Y is used to authenticate the sender and validate the integrity of the data 6
  7. 7. Sender Trusted center Recipient CT = (U,V,W,Y) M = Dσ (W) Setup: Output MSK = s, and Ppub = ga KeyGen(s,ID): Set gID = H(ID) ϵ G dID = gID 1/s Step 2 Verify-Encrypt(PK,ID,m): Generate random symmetric key σ Set V = Ppub r, where r = H3(σ,M) U = σ + H2(e(gID r, gIdTC ) W = εσ (M) Y = H2(e(Prvsender, gID) r) Send CT = (U,V,W,Y) Step 3 Compute σ = U + H2(e(PrvID, V)); where PrvID= gID 1/s Output: M = Dσ (W) The recipient verifies the signature Y using its PrvID and the sender’s ID Step 4 In Step 1, TC generates the bilinear group (G, GT, g, p), Hash functions (H1, H2, H3), a master secret key (s); where G and GT are groups of order p and e satisfies e: GxG ---> GT Step 1 7
  8. 8. Simplified Key Management The private key is a fingerprint of the identity, which means that there is no association between key pairs and objects to maintain No public key certificates to manage and distribute The back-end system only needs to keep the identities The Trusted Centre only needs to protect its master key Every new object registered to the Trusted Centre can be integrated within the system Only the Identity is required to create a secure exchange, the complexity of the system is proportional to the number of objects 8
  9. 9. VIBE’s easy implementation : smart building No need for a trusted and secure central server to manage public key/certificates Secure Element Licensed Solution Integrator Operator Trusted Program House Control system just stores registered ID {1,2,3,4} VIBE Step 2 Generates ID, private keys and send them to Trusted Program House VIBE Step 1 Generates Secret Master Key, Public Parameters. Private Key N 9 Private Key 1 Authentication & Secure Communication established from ID Private Key 4 Private Key 3 Private Key 2 9
  10. 10. Asymmetric encryption with greatly simplified, certificate-less Key Management Authentication at the application layer. https://VIBEcyber.com 10

×