Security on the Internet: The Name is the Key

A simpler, more effective system to protect private information sent over the Internet has been proposed by computer scientists Matthew Franklin at the University of California, Davis, and Dan Boneh at Stanford University.

Pretty Good Privacy or PGP encryption is the standard method for secure transactions, such as banking and shopping, on the Internet. PGP uses two keys, one public and widely known, one private and known only to the owner. When Alice sends a secure message to Bob, she encodes it with Bob's public key. The public key cannot be used in reverse to decode the message. Bob decodes the message with his private key.

The current system assumes that Bob has made a public key and put it in a database where Alice can find it. Most people using the Internet don't have public keys yet, Franklin said, so when you send your credit card number to make a purchase online, you are actually borrowing public keys from someone else, such as the merchant you're buying from.

Franklin and Boneh have developed a system that generates a public key directly from the user's email address. Bob does not need to create his own public key, and Alice does not have to look it up in a database, Franklin said.

Franklin and Boneh presented their system at the Crypto 2001 conference in Santa Barbara in August. Franklin said that they were inviting the cryptography community to try and crack the system. Specifications and codes can be downloaded from Boneh's Web site at Stanford.

More information: .

Media Resources

Andy Fell, Research news (emphasis: biological and physical sciences, and engineering), 530-752-4533, ahfell@ucdavis.edu

Matt Franklin, Computer Science, (530) 752-2017, mkfranklin@ucdavis.edu

Dan Boneh, Computer Science, Stanford University, (650) 281-6717, dabo@cs.stanford.edu

Primary Category