High-Availability Decentralized Cryptographic Multi-Agent Key Recovery

Kanokwan Kanyamee and Chanboon Sathitwiriyawong
 Faculty of Information Technology, King Mongkut’s Institute of Technology Ladkrabang,
Bangkok, Thailand

Abstract: This paper proposes two versions for the implementation of a novel high-availability decentralized cryptographic multi-agent key recovery system (HADM-KRS) that do not require a key recovery centre: HADM-KRSv1 and HADM-KRSv2. They have been enhanced from our previous work and entirely comply with the latest key recovery system in the NIST's framework. System administrators can specify the minimum number of key recovery agents (KRAs) according to security policies and requirements while maintaining compliance with legal requirements. This feature is achieved by applying the concept of secret sharing and power set to distribute the session key to participating KRAs. It uses the principle of secure session key management with an appropriate design of key recovery function. The system is designed to achieve high availability despite the failure of some KRAs. The performance evaluation results show that the proposed systems incur little processing times. They provide a security platform with good performance, fault tolerance, and robustness in terms of secrecy and availability.

Keywords: Cryptographic key management, secret sharing, key recovery, and key recovery agent.

 

Received November 5, 2011; accepted May 22, 2012

  

Full Text