Applications of Identity Based Cryptography and Sticky Policies with Electronic Identity Cards
Crocker, P.
; Silveira, JS
Applications of Identity Based Cryptography and Sticky Policies with Electronic Identity Cards, Proc ACPI - European Conference on Cyber Warfare & Security ECCWS, Munich, Germany, Vol. 15, pp. 1 - 9, July, 2016.
Digital Object Identifier:
Download Full text PDF ( 909 KBs)
Abstract
This article will describe the implementation of a system for privacy and confidentiality for files and messages using Identity based cryptography in conjunction with Electronic Identity Cards that have as a common characteristic strong government backed authentication mechanisms. The system enables the files to be encrypted for multiple identities, or recipients, and enables privacy and security policies to be associated to the file. These policies are structured Extensible Markup Language files and permit a range of policies based on a users role or access level, device and network information and even time intervals. No prior knowledge or sharing of the recipients public key is necessary as the encryption key is based on the identity of the user derived from the users electronic Identity Card. Electronic Identity cards are becoming standard in many European countries and can be used for proving the holders identity, physically and electronically, and even for creating digital signatures, however standard encryption services are not usually included. In the system proposed here the creation and distribution of private keys is the role of a trusted third party, which the user can delegate to any organization of their choice. Authentication at this key centre is crucial for the security of the system and relies on the strong two-factor authentication of electronic identity cards. The article will describe the algorithms used for encrypting files and messages for multiple users the overall cryptographic system and the formats used for the encrypted files that incorporates a cryptographic hash as well as the XML file policy. The final system is implemented as a C# library for the various algorithms and methods which contains a wrapper for a well-known pairing based library written in standard C. Our library can be used as a plugin for any number of applications; in particular the applications implemented and described in this article are namely a small tool for creating policies, a standard Desktop application and also a Cloud service for cloud storage system that can enable the enforcing of the file policies. The proposed systems as well as being innovative provides a secure system for file confidentiality and privacy as well as being transparent and easy to use by the end users of the system.