IBE as enterprise software
I frequently get asked why identity-based encryption technology is a big deal. After all, some people say, if they use it, it certainly looks and feels like any other encryption technology. This may be true, but it also overlooks the main difference between IBE and other encryption technologies, which is in how easy it is to support and operate. So while many encryption technologies may look roughly the same from the point of view of users, they're very different from the point of view of the administrators that keep them running.
The people who don't seem to appreciate the lower costs and complexity are often people who are fortunate enough to have little exposure to enterprise software. Their point of view is probably more accurately described as that of a user of consumer software, which is a very different market than enterprise software.
Enterprise software has much stricter requirements that consumer software. Enterprise software needs to have higher performance, better scalability and higher fault-tolerance than consumer software does. This usually means that it's also more expensive, and when the total cost of ownership is considered, it's often much more expensive. This is probably unavoidable because businesses work in a strict regulatory environment and consumers don't.
If a consumer loses data on a hard drive because he forgets the password needed to decrypt it, he has probably suffered an inconvenience, but he probably hasn't broken any laws. On the other hand, businesses are required to keep some types of data available for several years and can suffer severe penalties if they don't.
It's also often necessary for someone other than the person who encrypted data to have the ability to decrypt it. If a CFO encrypts sensitive data, his business will still need the ability to decrypt that data, even if he moves on to another job at a different company. This means that key recovery is a critical feature of enterprise software but not of consumer software. Consumers might even view key recovery as undesirable because it can give someone other than them the ability to decrypt their encrypted data.
It turns out that IBE has definite advantages when it comes to keeping encrypted data available for a long time and supporting the recovery of lost encryption keys. With most encryption technologies, to be able to implement key recovery you need to keep a secure database of all the decryption keys, and if you lose any of these keys, you can also lose the data that was encrypted with it.
On the other hand, all IBE keys are calculated when they're needed from a single IBE master secret. This means that you don't need to store any decryption keys at all, but you can still recover encrypted data when it's needed. And all you have to backup is the IBE master secret, and you can recover an IBE system that's lost or destroyed in any way.
Because you don't need to securely store decryption keys, the secure database that's part of other encryption systems isn't needed with an IBE system, which makes the IBE system simpler and cheaper. This is a feature that only enterprise users will appreciate, because it's not really something that consumers need to worry about.
Comments