Ubiquitous Public Key Infrastracture

Ubiquitous Public Key Infrastracture TWISC at NTUST on December 27 Ken Umeno RIKEN and NICT

Outline PKI Issues in our Society Our Proposal towards Ubiquitous PKI Discussion for Future Studies

I encrypt, and you decrypt.

You encrypt, and I decrypt.

No. of Keys for Encryption in N Users Environment: N(N-1)/2 symmetric keys for one-toone secure communications. 2 N -2 symmetric keys for one-to-others secure communications. Symmetric key encryption systems are not scalable.

Why Public Key Infrastractures?

I encrypt, and you decrypt. For public key systems, I encrypt with your public key and you decrypt with your private key. A pair of your public key and private key is generated at your hand and you can distribute your public key.

You encrypt, and I decrypt. For public key systems, You encrypt with my public key and I decrypt with my private key. A pair of my public key and private key is generated at my hand and I can distribute my public key.

No. of Keys for Encryption in N Users Environment: PKI N public keys for one-to-one secure communications. N public keys for one-to-others secure communications. Public key encryption systems are scalable and suitable for large scale networks.

PKI and our Society PKI is a pillar of our e-society such as E-Government System, e-commerce, e-health (for protecting your medical data and Health insurance data) (USB memory used for ikey (Australia, USA)) For business, authentication server systems for ensuring server s public key as a trusted third party, called CA(Certificate Authority) is rapidly growing.

Current Issues of PKI: Why you don t have my public key?

Finland s Case National Initiative of PKI Program: 5,274,820 Population: Issues of National PKI: Extra Device (Smart Card Solution) Costs is High for installing private key and public key.

So far, We have seen that internet access costs had been virtually free. Cf. Free Internet Caffe at Airports like Singapore Hub airport. For users, service is vitally important. Business model for Internet was drastically changed.

From now on, We will see that wireless internet access will also become free and wireless internet access will be ubiquitous with communications terminals such as mobile phones, PDA, vital sensors,.e.t.c. in 5-10 years (soon).

Security of Ubiquitous Networks (Real Issues) For ensuring security of large scale ubiquitous networks connecting users and mobile phones and various sensors, PKI implementation is virtually unavoidable for any kind of services because of the terminal authentication mechanism of PKI. How to implement PKI for ubiquitous network environment?

Mobile Phone = Digital Camera Currently, most mobile phone have cameras and digital camera makers will equipe digital camera with wireless internet access. Most mobile phone with cameras can read QR code (two-dimensional code).

What is QR code? My QR code:

QR codes in Japan More than 30.6 million 3G mobile phone of NTT docomo can read QR codes. There are three operators (NTT docomo, KDDI, Softbank). Almost all mobile phone can read QR codes and they are currently used for the gateway code for wireless internet access.

QR Codes Specification Maximal Capacity: 2953 byte

Our Proposal to Implementation of Ubiquitous PKI To use two-dimensional code such as QR code which is readable by mobile phones with cameras and is printable as public key.

What is Merit? My public key is printable and I can distribute my public key by distributing name cards or other papers with printed public keys. Your public key can be read with my mobile phone anytime, anywhere.

QPKI (Quadrature PKI) card exchange= public key exchange Alice Bob

History of QR Code Standardization QR Code Standardization October, Approved as AIM International (Automatic 1997 Identification Manufacturers International) standard (ISS - QR Code) March, 1998 Approved as JEIDA (Japanese Electronic Industry January, 1999 June, 2000 November, 2004 Development Association) standard (JEIDA-55) Approved as JIS (Japanese Industrial Standards) standard (JIS X 0510) Approved as ISO international standard (ISO/IEC18004) Micro QR Code is Approved as JIS (Japanese Industrial Standards) standard (JIS X 0510)

Ubiquitous PKI Service Image C.f. www.cipheron.net (ProtoType System) Key server registration use from web application use for encryption

Current Issues No standard for two-dimensional bar codes except QR code and No stadard protocol between two-dimensional codes and public keys. No standard software development platform in mobile phone ( in a limited computing resource)

Our porposal for possible collaboration is: To set up a unique interoperable twodimensional codes system which can be readable by mobile phone in 3G by doing research and develop of codes suitable for public key storing, and to standardize it towards establishing security in our ubiquitous network society. To develope ubiquitous wireless terminals which can read the above code.

Thank you.