Zero-configuration identity-based IP network encryptor

For corporations or individuals who wish to protect the confidentiality of their data across computer networks, network-layer encryption offers an efficient and proven method for preserving data privacy. Network layer encryption such as IPSec is more flexible than higher layer solutions since it is not application-dependent and can protect all end-to-end traffics that go between two hosts. Using IPSec, two hosts must first establish a session key through message exchanges before they can communicate. In this paper, we present an Identity Based Encryption (IBE) scheme that allows a host to calculate the per-packet encryption key based on the IP address of the destination host, without going through the expensive key exchange process as in IPSec. Our mechanism is compatible with the current IP protocol and we tested our scheme with live HTTP and ICMP traffic. Our results show that our protocol provides a zero-configuration network layer encryption solution for end-to-end secure communications that is ideal for consumer electronics applications.