ENHANCED IDENTITY-BASED SECURITY

INFRASTRUCTURE FOR CLOUD ENVIRONMENTS

INDEX

1. MOTIVATON

2. AIM

3. OBJECTIVE

4. SCOPE

5. PROJECT SYNOPSIS AND PROJECT PLAN

6. LITERATURE SURVEY

7. REQUIREMENT ANALYSIS

8. REFERENCES
1. MOTIVATION :
With Cloud Environment providing the easiest way to share services
,resources and data across the globe , no matter how huge it is , tranferring them securely is a
very big issue. There has been a lot of technologies ,security frameworks ,standards and
policies proposed and deployed to prevent leakage of private(& sensitive) data and resources .
Thus , here ,less expensive and easy-to-use Identity-based Security Infrastructure is proposed.

2. AIM :

To provide light-weight security infrastructure using Identity-Based Cryptography

for the cloud computing environment by comparing with earlier security solutions .

3. OBJECTIVE :

 To provide a well secure infrastructure using Identity-Based Cryptography.

 To demonstrate how IBC performs better than Certificate Based Security
Infrastucture .

4. SCOPE :

Security for Cloud Environment can be made reliable and easy-to-use for the
Cloud Users by using Identity-Based Cryptography since it provides the following features :

 Small Key sizes.

 Light-weight Infrastructure (Certificate-free).
 Reduces complexity .
 Easily Understandable and convenient .
 Faster for deploying in Real-life Applications.
 Key revocation .
 Delegation of Keys is possible.
5. PROJECT SYNOPSIS :

A novel security infrastructure that is based on Identity-Based Cryptographic

Approach is proposed. And a comparison between Certificate and Identity Based Approach is
also done to know which performs better. The main idea is to use the identity of the user itself
as public Key instead of using some specially generated integer. Shamir [1] called this new
approach as Identity-Based Cryptography(IBC) . Thus the sender must know the identity of the
receiver , in prior. The identity can be anything but must be unique ; identifying each user
distinctly and it can be either publicly known or can be retrieved in a secure reliable way.Very
commonly used examples have e-mail addresses as identifier . For example ,if a user wants to
send some secret information, atleast he/she has to know the e-mail address(identity) of the
receiver .Else the user cannot send . Thus ,if the sender knows the receiver’s identity , then
sender knows his Public Key as well .

Along with security ,Trust is also an essential entity that must be checked . For this,
a trusted generator similar to Certificate Authority in Public key infrastructure is used ,called
the Trusted Authority (TA) or Identity-Based Private Key Generator (ID-PKG) or Trusted third
Party Server. Each ID-PKG [2] contains a set of public parameters (Public Shared Parameters)
that can be shared among all users .The Trusted Authority ( or ID-PKG) keeps a database of all
the registered users and thus issuing two accounts with the same UserName can be easily
prevented . During registration,a private identity key for the corresponding account is provided
to each user . Thus the user is able to prove that he/she legitimately possesses the account with
the private key .

Dan Boneh and M.Franklin defined a set of Four algorithms for IBC [2]:Setup,
Extract,Encrypt and Decrypt. The success of Identity Based Encryption depends on the the PKG
that generates the private keys.

PROJECT PLAN :
6. LITERATURE SURVEY :
After doing a good study , it is clear that only limited attempts have been made to
apply Identity-Based Cryptography to cloud computing . Identity-Based Public Key
Cryptography(ID-PKC) , first proposed by Shamir [1] , tackles the problem of authenticity of
keys in a different way to traditional Public Key Infrastructure(PKI) .

The first fully practical and secure Identity-based Public Key Encryption Scheme
was presented by Boneh and Franklin [3] . They suggested in that ,the key escrow can be
circumvented by using Multiple Trusted Authorities and Threshold Cryptography .

Lim and Robshaw [9] propose a Dynamic Key Infrastructure for Grids based on
Identity-Based Encryption . In the same way , Lim and Patterson [7] suggest the use of identity-
Based Cryptography as an alternativ for GSI . Gentry and Silverberg proposed Hierarchical
Identity-Based Cryptography(HIBC) in [10] to ease the Private key Distribution problem and
improve Scalability of the original IBE scheme proposed in [3].

Boneh and Franklin in [3] also proposed the use of date concatenated with the user’s
identifier to achieve Automated key Expiry . This may obviate technology the need for a
revocation mechanism . Smith et al. [5] proposed a novel security Infrastructure based on IBC
for service-oriented cloud computing . They also discussed the problems with traditional
security approaches and compared them with IBC . Cramptom,Lim and patterson in [4]
examined how Identity-Based Cryptography can be used to secure Web Services .

In another work of Lim and Robshaw , explored the use of IBC in a Grid Security
Architecture . They stated that the properties of IBC that allows generation of keying
information on the fly offers a good opportunity to consider IBC as an alternative approach to
good security [6] . Distributed System require the ability to communicate securely with other
nodes in the network . Scribe is an efficient key management method inside a distributed system
that uses IBE [8] .

7. REQUIREMENT ANALYSIS :

7.1. Functional Requirements :

The two essential requirements that must be fulfilled are :

 The identity must be unique , and

 The identity must be publicly known to the receiver .
Others requirements are:
 The system should keep the list of all registered users up-to-date.
 The system shall check the identity shared doesnot conflict .
 The system shall create the Master Public Key and Master Private Key and
should not reveal it to any of the users .
 The system shall encrypt or decrypt only after receiving the exact identity.
 The user shall be able to invoke or revoke the identity whenever needed.
 The user must be notified in prior, the date of expiry of the identity being used.
 The system shall provide delegation of keys for use by appropriate users.

7.2. Non-Functional Requirements :

  Availability :
The PKG should be able to provide the public key for the given
identity even if the Cloud user is off-line .All the details should be kept in
a database .

 Confidentiality :
The system should keep the identities confidentially and it can
be further improved if each group has an unique identity even within an
organisation.

 Access Control :
The system should provide a private key for each registered
cloud user ,so that no two users can have /access same account . Only the
intended user possessing the key can access the secret information.

 Reliability :
The trustability of the system is totally dependent on the
PKG which shares only the Public Shared Parameters(PSPs) with the
Cloud Users.

 Ease Of Use.

7.3. Hardware Requirements :

RAM : 256 MB RAM(minimum) .

Hard Disk : 40GB .

7.4. Software Requirements :

Operating System : Windows XP.

Software : Visual Studio .NET .
Language : C# ,ASP.Net .
Database : Microsoft SQL Server 2008 .

8. REFERENCES :
[ 1.] Adi Shamir.Identity Based Cryptosystems and Signature Schemes.In CRYPTO 1984
Advances in Cryptology,Volume 196 of Lecture Notes in Computer Science,pages 47-
53, Springer-Verlag,1984.
[ 2.] ID-Based Encryption .http://en.wikipedia.org/wiki/ID-Based Encryption .
[ 3.] D.Boneh and M.Franklin. Identity –Based Encryption from Weil Pairing.In J.Kilian ,
editor,Advances in Cryptology- Proceedings of CRYPTO 2001,pages 213-229,
Springer-Verlag LNCS 2139,2001 .
[ 4.] J.Crampton,H.W.Lim and K.G.Paterson .What can identity Based Cryptography offer
to Web Services ? In SWS ’07:Proceedings of 2007 ACM Workshop on Secure Web
Services,pages 26-36,ACM,2007.
[ 5.] Christian Schridde,T.Dornemann,E.Juhnke,Bernd Freisleben, M.Smith. An Identity-
Based Security Infrastructure for Cloud Environments. In 2010 ,IEEE International
Conference on Wireless Communications Networking and Information Security
(2010,Peking,China) IEEE Press ,pages 644-649,2010.
[ 6.] H.W.Lim and M.J.B. Robshaw. On Identity-Based Cryptography and Grid Computing ,
ICCS 2004,pp.474-477,2004@Springer-Verlag,Berlin Heidelberg,2004
[ 7.] H.W.Lim and K.G.Paterson. Identity-Based Cryptography for Grid Security. In E-
Science’05:Proceedings of the First international Conference on e-science and Grid
Computing,pages 395-404,IEEE press,2005.
[ 8.] Tyron Standing .Secure Communication in a Distributed System using Identity-Based
Encryption,ccgrid,pp.414,Third IEEE International Symposium on Cluster Computing
and the Grid(CCGrid ‘03) ,2003 .
[ 9.] H.W.Lim and M.J.B. Robshaw .A Dynamic Key Infrastructure for Grid.In EGC 2005-
European Grid Conference on Advances in Grid Computing,pages 255-264,2005.
[ 10.]C.Gentry and A.Silverberg. Hierarchical ID-Based Cryptography.In Y.Zheng, editor,
Advances in Cryptology-Proceeding of ASIACRYPT 2002,pages 48-566,Springer-
Verlag LNCS 2501,2002.