An ID-based Proxy Authentication Protocol Supporting Public Key Infrastructure

The advantage of the ID-based authentication protocols over public-key based protocols is that authentication can be performed by simply knowing the identity of a party. Meanwhile, Public Key Infrastructure (PKI) provides a suite of excellent security and user management mechanisms that can be easily deployed to the Internet. In this paper, we present an ID-based proxy authentication protocol that can be interoperable with PKI. The proposed protocol leverages the management mechanisms of PKI while inheriting the nature of traditional ID-based protocols. In our protocol, a proxy certificate authority (PCA) is proposed to act as a bridge between an ID-based domain and the PKI domain. Authentication between two entities of different domains is thus made possible with the help of the proxy CA. The proposed protocol minimizes the message exchange overhead within an ID-based domain and supports both initial and subsequent authentication. In addition, a security analysis is presented to verify the strength and efficiency of the proposed protocol A Public Key Infrastructure (PKI)[1][6][7][10][15] is a key management environment for public key information of a public key cryptographic system [16]. A fundamental element of PKI is a data structure called a certificate, which is used to bind a specific identity to a specific public key and information on how the public key can be used. The most widely deployed certificate specification so far can be found in the International Telecommunications Union X.509 standard [6]. A Certificate Authority (CA) is a trusted third party that issues certificates to users within its administrative domain and provides status information about the certificates that it has issued. However, PKI does provide an excellent management mechanism for both users and certificates. Traditional ID-based domain users do not known the existence of other users and the expiration status of the other users, because the KIC does not record domain users’ information. However, with the help of PKI, it does provide domain user with a management protocol for querying the status of the other domain users.