Management of Lost Private Key using Cache Database concept across Identity Based Encryption systems


With the increase in internet and intranet usage across the world, there are many sophisticated security system in existing and each of them have their own pros and corns. Since decades the common approach followed to send the data across any secure network is to encrypt the data and there are many encryption and decryption techniques across the literature. In general encryption process involves the keys, which are always are required to encrypt or decrypt the original message and usually  Public Key and Private Key pair is used proceed with the encryption.

Login id and Password fields
Login id and Password fields

There are many public key encryption techniques and Identity based encryption is one among them. Identity based encryption involves public key encryption, where the required public key is generated using some arbitrary strings or random numbers like users email id, their social security number or their contact number and the job to generated to Private Keys is designated to a trusted third party and they are commonly called Private Key Generators (PKG’s).

These PKG is responsible for the Private Key Management and should hold the private keys of any user using a particular security system. In most of the cases due to lack of intelligence or security breaches, there is a lot of scope to loose the private key of the users and to recover the lost private key, there are some predefined sequence of steps to be followed.

There are many existing techniques to recover the lost private key and most of them are complex in nature and requires lot of computation overhead and to overcome these limitation, I would like to develop a simple and less complex private key generator and private loss recovery system that can be used across Identity based encryption (IBE). My application can prove that its simple in nature and the key recovery can be done using is a simple Cache database implementation.


Project background

Security has become the primary requirement across any organization to protect the data across their internal business relations. There are many security implementations in place to secure the content and messages being transmitted across the network. In general the communication parties relay on many encryption and decryption techniques available to secure the data and each of them have their own pros and corns.

Cryptography is the common technique used across the encryption process, where the entire message is broken to number of chippers. Each and every chipper has a key to encrypt or decrypt. In general all the traditional cryptographic techniques have a single to key to encrypt or decrypt the message. Later in the literature, the concept of two keys has emerged, one is known as public key and former is known as private key.

Public key is commonly public in nature, where it can be shared to any one across the network, where the private key is set as confidential information that can’t be shared publicly and this procedure is known as public key cryptography and is provided across most of the web applications using SSL. In a typical SSL methodology, a server can make its own public and private key.

The server’s public key is advertised across the internet. Senders who wish to send any data to server should know the public key of server and server converts the encrypted chipper text to plain text using the private key. Later digital certificates are introduced to eliminate the hackers to replace the public key of server and this process is known as Signing, where the certificates of the server are verified by a trusted center before sending or receiving any data.

Even there are few flaws across this implementation, where the identity of the user is not revealed and any third party can pretend as the trusted center and replace the confidential information. To avoid these situations, Identity based encryption will be used, where the generation of keys is purely depending on the information related to identity of the sender and receiver.


Identity based encryption is proved to be a successful implementation across many communication systems, where the required public or private keys are generated based on the personal identification attributes of the end user like their email id, Social Security Number or contact number.

In general a random number is assigned to their personal identification information. A separate Private Key Generator is used across the Identity based encryption, to issue the confidential private keys. Everything would work fine in the case of positive hypothesis and if in case the private keys issued by the PKG are lost, there are few techniques as well to recover the private key of a particular user.

I had found that all the existing techniques to recover the lost private key are complex in nature and really tedious to implement across small applications like Email or Content management systems. So I would like to extend the research to develop a simple and logical implementation to recover the private key lost by any user using a Cache database concept.

Problem Definition

Identity based encryption is implemented widely across many organizations and Government departments to secure the data and content. In general the public key is generated based on identification information of the end user such as telephone number or email id and the corresponding Private key is generated by a third party know as Private Key Generators (PKG’s). If the Private Key generated by the third party is lost by the user due to any reason, there are many existing techniques to recover them are discussed in Literature and Research analysis.

Most of the existing techniques depend on the User information and Organization information and the users need to answer some questions related to their personal information like Mothers maiden name etc, which are really difficult to remember in some cases. If the questions posed by the existing recovery system are not answerable, then the existing private key is lost permanently and the user should raise a new request to generate the private key again.

If this is the case, there could be chance of complex computation at the PKG side to generate a new private key always. To solve these problems, I would like to develop a Simple Private Key recovery system that uses the Cache database concept as discussed in the Proposed System description.

Proposed System

Based on the problems identified across the project background and problem definition, I would like to develop a less complex Private Key Recovery System. In this application I will provide two different logins, one is for User and one for Administrator. Users to the application are created by the Admin and a separate user id and password is assigned to each and every user.

Users can send message to other users based on the list provided at the user interface and also can raise a request for Private Key. This request is forwarded to Admin, where the admin will approve or reject the request and the status of the request can be tracked at the user side.

If the user forget or lost the private key, they can just click on the link provided to them, where the admin checks the request and sends the existing private key that was saved at the Cache database. Users can send any sort of data to the desired receiver and receiver should know the private key of the sender to view the data. Detailed description of the application is provided at the design chapter of this document.

Leave a Reply

Your email address will not be published. Required fields are marked *