Internet and Wireless Security

I Levy
All public key cryptography (PKC) methods require, in some sense, a public and private key pair. It is the semantics of, and relationship between, these keys that determine the security model for a given public key cryptosystem. Shamir [1] proposed the concept of an identity-based public key cryptosystem (IDPKC) in 1984. Some years later, Cliff Cocks of the Communications-Electronics Security Group (CESG) invented the first practical solution to this problem. This chapter will explore the current model for PKC and examine the salient points differentiating traditional PKC from IDPKC, before then giving a broad overview of the Cocks IDPKC method and finally exploring some potential practical applications where IDPKC may give a real business benefit. IDPKC will be referred to as identifier-based PKC since it is a more appropriate nomenclature the identifiers need not in any way refer to an 'identity' in the traditional sense.
All examples in this document are purely fictional and no parity with real systems should be drawn. Throughout this document, A and B will represent the two communicating parties. It is assumed that private keys are afforded the necessary protection commensurate with the sensitivity of the data they are to protect. In any public key cryptosystem, if this assumption is not made, then all trust and integrity statements can be dismissed. The further assumption that the authorities protect their secrets well is also required. In traditional PKC, compromise of a root authority's private key is sufficient to negate all trust...