Overview

What does identifier based encryption do?

Synaptic's Identifier Based Encryption (SIBE) dramatically simplifies the process of securing sensitive communications by simplifying complex key-management techniques by using e-mail addresses.

In traditional secure e-mail systems the sender must first receive the public key of the intended target so that the receiver can decrypt the message using their corresponding private key. A limitation with this classic design is that the sender must a) get the public key of each target, b) ensure the public key was in fact generated by each target, c) make sure it is their current key and not a old, lost or compromised key.

The goal of identifier based encryption is to enable users to securely send messages by e-mail address, even if they have not previously exchanged any messages.

Synaptic's identifier based encryption is a feature that extends Synaptic Labs' Enterprise and Universal Key Exchange protocols. Synaptic's identifier based encryption is designed for use on low-cost smart cards and network attached hardware security modules. Secure desktop communications is enabled through the use of smart cards that run the host Synaptic key exchange protocols.

What problem does SIBE solve?

The Synaptic Identifier Based Encryption solves several important problems:

• how to simplify key management by use of locally or globally unique identifiers such as e-mail addresses
• how to achieve an Identifier Based Encryption that is secure against internal corruption within an organisation
• how to create a globally scalable Identifier Based Encryption for secure communications

What environments is SIBE intended for?

The Synaptic Identifier Based Encryption service is intended to be hosted by the Synaptic Enterprise and Universal Key Exchange protocols.

What applications is it intended for?

The Synaptic Identifier Based Encryption offers different levels of security depending on the environment in which it is deployed and the optional steps taken by users to increase their security against targeted malice.

The Synaptic Identifier Base Encryption offers high-assurance communications within the Enterprise Key Exchange. SIBE on the Enterprise KX achieves an excellent level of assurance because member organisations can tightly bind user name, organisation and email addresses with a physically enrolled device.

Within the context of the global Universal Key Exchange SIBE offers a variable level of security. Under the default configuration the security of initial communications to a new e-mail identity is fundamentally limited by the existing Internet e-mail infrastructure. The data achieves 10-to-100 year security to those who can demonstrate control over the e-mail account. For most personal emails and general business correspondence this provides an excellent level of security with minimal effort on behalf of the users.

Users wishing to achieve higher security can take advantage of their existing relationship with certificate authorities to further establish their credentials. For ongoing communications between users by e-mail id, the messages can be bound to a specific smart card which then prevents attacks which require significant control over the email servers delivering messages.

G-IBE can be enabled in both the Universal and Enterprise Key Exchange overlay networks resulting in an interoperable system where the most secure delivery method is selected.

What advantages does SIBE have over the nearest competition?

Public key based Identity Based Encryption is probably the nearest competition. These systems have two fundamental weaknesses. Firstly, they are based on mainstream public key cryptographic techniques which are at risk of abrupt catastrophic failure against code breaking quantum computers. Secondly there exists a central point of absolute trust within the protocol.

Synaptic Labs' Identifier Based Encryption is based entirely on symmetric cryptographic components that can offer 10 to 100 year security ratings. Synaptic Labs' Identifier Based Encryption relies on multiple online servers in a way that prevents a collusion of up to (n-1) of them from decrypting messages or forging identities.

What other components are required to make a complete system?

The Synaptic Identifier Base Encryption service is intended to be hosted by the Synaptic Enterprise and Universal Key Exchange protocols. Minimal implementations of Identifier Based Encryption do not require any additional components over the requirements of these two protocols. Next generation post quantum secure digital signature algorithms based on the work of Lamport-Diffie-Merkle may also be used in certain contexts.

Can SIBE use standards based cryptographic components?

Yes.

When will it be available?

We anticipate that SIBE functionality will be available at approximately the same time that the Synaptic Enterprise and Universal key exchanges are implemented.

Where can I register my interest?

We welcome all expressions of interest in our range of key exchange technologies.

Further Information

Additional information is available via the menu bar on the right of the screen under the Identifier Based Encryption menu item.

The Identifier Based Encryption functionality has been described in a paper published on ePrint. That paper is an extended version of a short 4 page peer reviewed technical abstract presented at the U.S. Oak Ridge National Laboratory - Cyber Security and Information Intelligence Research Workshop.

Synaptic Laboratories and the Gozo Business Chamber (EU) have co-founded the ICT Gozo Malta cluster of excellence. This cluster of excellence will work in close collaboration with key Government and private stakeholders and leading International companies to develop many of Synaptic Labs' innovative technologies. The Identifier Based Encryption functionality will be implemented as part of the ICT Gozo Malta Global-scale Cyber Security project and Exoskeleton extensions. The relationships between projects is visually illustrated here.