Identification Based Encryption

The popularity of mobile computing devices has grown over the years. Cell phones have become more than just telephones, laptop sales are on the rise and blackberries have never been more popular. In fact, the use of blackberries in the Canadian and U.S. governments has steadily increased in the past few years, prompting a joint program to find a way to protect the information being transferred through our airwaves. Although in the case of blackberries, email may be protected within it's own infrastructure, but once a message reaches the internet, it often loses its protection. Of course, this problem is not limited only to blackberries, as the majority of email messages sent today are sent in plain text without any type of security.

This very problem prompted the Canadian and U.S. governments to begin a joint program to test the validity of Identification Based Encryption (IBE). Although the concept was first made known by Adi Shamir in 1984, Dan Boneh and Matt Franklin are credited with inventing IBE while working on a project for the U.S. Defense Advanced Research Projects Agency (DARPA) in 2001.

As you may have guessed, IBE uses an ‘identity’, such as an email address to generate an encryption key. The advantage of this type of encryption is that it eliminates the need for user-based digital certificates, on which the popular PKI system is based. The result is an infrastructure that can be easily implemented on the back end of current email systems, making it seamless to users. Since IBE can be implemented using a “behind the scenes” approach, it is a cost effective way to secure current email systems without having to impact each user directly.

In the government Blackberry/IBE trial, they measured its success on 5 criteria:

1. Usability impact – How are clients affected by this system?
2. Security requirements – Does IBE meet Canadian and U.S. encryption standards?
3. Policy enforcement – Is it possible to implement policy enforcement while using this technology?
4. Minimal administration overhead – Does IBE reduce infrastructure costs and administration?
5. Interoperability – Is IBE compatible with other devices and secure messaging technologies?

The result of the experiment was that IBE met or exceeded all the criteria above. Obviously, the collaboration was considered a success. This is good news not only for our governments, but also for the private sector. Since information and knowledge are the competitive advantage required to survive in today’s business environment, protecting it is very important. For this reason, it is likely that we will see an increase in IBE implementation.