Secure Communication using Identity Based Encryption

Sebastian Roschke, L. Ibraimi, Feng Cheng, Christoph Meinel

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

5 Citations (Scopus)
178 Downloads (Pure)

Abstract

Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion Detection Systems (IDS). Furthermore, secure connections require a certain key exchange at the initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements.
Original languageUndefined
Title of host publicationProceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS)
Place of PublicationBerlin
PublisherSpringer
Pages256-267
Number of pages12
ISBN (Print)3-642-13240-5
DOIs
Publication statusPublished - 31 May 2010

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume6109

Keywords

  • IR-71111
  • EWI-17825
  • METIS-270798

Cite this

Roschke, S., Ibraimi, L., Cheng, F., & Meinel, C. (2010). Secure Communication using Identity Based Encryption. In Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS) (pp. 256-267). (Lecture Notes in Computer Science; Vol. 6109). Berlin: Springer. https://doi.org/10.1007/978-3-642-13241-4_23
Roschke, Sebastian ; Ibraimi, L. ; Cheng, Feng ; Meinel, Christoph. / Secure Communication using Identity Based Encryption. Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS). Berlin : Springer, 2010. pp. 256-267 (Lecture Notes in Computer Science).
@inproceedings{ff6fda6b26ed4a5b9f8f3f71227a0150,
title = "Secure Communication using Identity Based Encryption",
abstract = "Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion Detection Systems (IDS). Furthermore, secure connections require a certain key exchange at the initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements.",
keywords = "IR-71111, EWI-17825, METIS-270798",
author = "Sebastian Roschke and L. Ibraimi and Feng Cheng and Christoph Meinel",
note = "10.1007/978-3-642-13241-4_23",
year = "2010",
month = "5",
day = "31",
doi = "10.1007/978-3-642-13241-4_23",
language = "Undefined",
isbn = "3-642-13240-5",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "256--267",
booktitle = "Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS)",

}

Roschke, S, Ibraimi, L, Cheng, F & Meinel, C 2010, Secure Communication using Identity Based Encryption. in Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS). Lecture Notes in Computer Science, vol. 6109, Springer, Berlin, pp. 256-267. https://doi.org/10.1007/978-3-642-13241-4_23

Secure Communication using Identity Based Encryption. / Roschke, Sebastian; Ibraimi, L.; Cheng, Feng; Meinel, Christoph.

Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS). Berlin : Springer, 2010. p. 256-267 (Lecture Notes in Computer Science; Vol. 6109).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Secure Communication using Identity Based Encryption

AU - Roschke, Sebastian

AU - Ibraimi, L.

AU - Cheng, Feng

AU - Meinel, Christoph

N1 - 10.1007/978-3-642-13241-4_23

PY - 2010/5/31

Y1 - 2010/5/31

N2 - Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion Detection Systems (IDS). Furthermore, secure connections require a certain key exchange at the initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements.

AB - Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion Detection Systems (IDS). Furthermore, secure connections require a certain key exchange at the initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements.

KW - IR-71111

KW - EWI-17825

KW - METIS-270798

U2 - 10.1007/978-3-642-13241-4_23

DO - 10.1007/978-3-642-13241-4_23

M3 - Conference contribution

SN - 3-642-13240-5

T3 - Lecture Notes in Computer Science

SP - 256

EP - 267

BT - Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS)

PB - Springer

CY - Berlin

ER -

Roschke S, Ibraimi L, Cheng F, Meinel C. Secure Communication using Identity Based Encryption. In Proceedings of the 11th Joint IFIP TC6 and TC 11 Conference on Communications and Multimedia Security (CMS). Berlin: Springer. 2010. p. 256-267. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-13241-4_23