Zero-configuration Identity-based IP Network Encryptor

For corporations or individuals who wish to protect the confidentiality of their data across computer networks, network-layer encryption offers an efficient and proven method for preserving data privacy. Network layer encryption such as IPSec is more flexible than higher layer solutions since it is not application-dependent and can protect all end-to-end traffics that go between two hosts. Using IPSec, two hosts must first establish a session key through message exchanges before they can communicate. In this paper, the authors present an Identity Based Encryption (IBE) scheme that allows a host to calculate the per-packet encryption key based on the IP address of the destination host, without going through the expensive key exchange process as in IPSec.