Enabling NAME-Based Security and Trust

Abstract

An integral component of almost any security and trust system is endpoint identity verification. The predominant identification primitive, used in most contemporary systems, is the digital certificate. A digital certificate binds a NAME (i.e., an “official way to refer to an entity”) to a cryptographic public key, which is then used for the NAME verification. In this paper, we propose a NAME verification system that does not rely on digital certificates. Our solution uses Hierarchical Identity Based Encryption (HIBE) to allow fine-grained NAME verification, trust delegation and attribute-based access control. For the delivery of the necessary system parameters we propose an approach that leverages the NAME registration and resolution systems, eliminating the need for a Public-Key Infrastructure. As proof of concept, we implement and evaluate our system using the Lewko-Waters HIBE scheme and DANEDNSSEC.