Hybrid-style personal key management in ubiquitous computing

In ubiquitous computing environment it is common that a user owns and uses multiple computing devices, but managing cryptographic keys in those devices is a complicated matter. If certificate-based cryptography (PKI) is used such that each device has independent certificate, then user has to be involved in multiple certificate issuing processes with certification authorities (CA) and has to keep multiple private keys securely. If a single user certificate is copied and shared in multiple user devices, then a single exposure of private key among multiple devices will destroy the secrecy of every devices. Each device has to have import and export function of private key, which will be a major security weakness that attackers will focus on. In this paper we propose a user-controlled personal key management scheme using hybrid approach, in which certificate is used to authenticate a user and self-generated ID keys are used to authenticate user´s computing devices. In this scheme user operates a personal key management server (PKMS) which has the role of personal key generation center (KGC). It is equipped with user´s certified private key as a master key and is used to issue ID private keys to user´s computing devices. Users normally use multiple computing devices equipped with different ID keys and enjoy secure communication with others using ID-based cryptography. We show that the proposed hybrid-style personal key management scheme is efficient in many aspects and reduces user´s key management load drastically.