Identity-Based Cryptosystems for Enhanced Deployment of OSGi Bundles

The OSGi platform is designed to make Java software extensible at runtime. This undeniably presents a great interest in several domains like embedded platforms or enterprise application servers. However, securing the deployment of the OSGi components, or bundles, proves to be a major challenge. The current approach consists in digitally signing the bundles and certifying the signature through a public key infrastructure (PKI). We propose to replace this technology with an identity-based cryptosystem, which provides both better performances and simplified key management. We present an infrastructure for initialization and use of identity-based cryptography, and define the digital signature of bundles using such a cryptographic scheme. Based on our implementation, we provide a comparison between classical PKI management and identity-based PKI management. The proposed approach proves to support radical improvement in the key management process, especially in strongly asymmetric system such as OSGi-based home gateway, where a few providers publish services for millions of potential users.