Signcryption standard to shake up security
A relatively new method of encryption and digital signing has been formally recognised as an international standard, which could possibly change how information is secured, especially on mobile devices.
(Nordic RF Packets image by Travis Goodspeed, CC2.0)
Encrypting information to ensure it is secure and digitally signing it to verify the sender or author are two separate tasks, typically governed by two separate keys. This encrypt-then-sign method is commonly used in public key encryption schemes where information is first encrypted using the intended recipient's public key and digitally signed using the sender's private key.
However, this new method of encryption and digital signing called signcryption has received recognition as an international standard for deviating from this practice.
Signcryption gets its name due to how it combines both the encryption and digital signing processes into one step.
In doing so, it has the added benefit of reducing the overall computational cost and communication overheads. This benefit is expected to be of significance to devices where a reduction in computational requirement and hence power consumption can be a critical issue to their function.
"The adoption of [signcryption] as an international standard is significant in several ways," professor Yuliang Zheng, who developed the technology, said in a statement.
"This will also allow smaller devices, such as smartphones and PDAs, 3G and 4G mobile communications, as well as emerging technologies, such as radio frequency identifiers and wireless sensor networks, to perform high-level security functions."
It also has the ability to be used to send information to multiple recipients, while providing an assurance that all recipients received the same information. Under the previous encrypt-then-sign methodology, the sender needs to encrypt the information using the recipients' public keys, increasing computational time with the number of recipients and allowing them to modify information to particular parties without other recipients knowing.
Zheng's examples of applications that signcryption could be used for include authenticated multicasting, such as secure video-conferencing and computer-supported cooperative work, which could arguably increase in incidence with the higher adoption of the National Broadband Network.
Zheng also expects signcryption to have an impact on online banking or e-commerce transactions. Currently, a secure connection is built across two servers and authentication provided by then submitting usernames and passwords over that channel and then any "logged in" activity is assumed to be secure. With the use of signcryption, individual transactions can be secured and authenticated.
Although currently working at the University of North Carolina Charlotte, Zheng held several Australian research positions as a security research assistant for the Australian Defence Force Academy and as a professor for the University of Wollongong and Monash University.