..............................
..............................
..............................
High-Availability Decentralized Cryptographic Multi-Agent Key Recovery
This paper proposes two versions for the implement ation of a novel High-Availability Decentralized cryptographic
Multi-agent Key Recovery System (HADM-KRS) that do not require a key recovery centre: HADM-KRSv1 and HADM-KRSv2.
They have been enhanced from our previous work and entirely comply with the latest key recovery system in the National
Institute of Standards and Technologies (NIST's) fr amework. System administrators can specify the mini mum number of Key
Recovery Agents (KRAs) according to security polici es and requirements while maintaining compliance wi th legal
requirements. This feature is achieved by applying the concept of secret sharing and power set to distribute the session key to
participating KRAs. It uses the principle of secure session key management with an appropriate design of key recovery
function. The system is designed to achieve high av ailability despite the failure of some KRAs. The performance evaluation
results show that the proposed systems incur little processing times. They provide a security platform with good performance,
fault tolerance, and robustness in terms of secrecy and availability.
[1] Al-Salqan Y., Cryptographic Key Recovery, in Proceedings of the Computer Society Workshop on Future Trends of Distributed Computing Systems , pp. 34-37, 1997.
[2] Barker E., Branstad D., Chokhani S., and Smid M., A Framework for Designing Cryptographic Key Management Systems , Draft Special Publication 800-130 , National Institute of Standards and Technology, 2010.
[3] Cylink Corporation, CyKey TM: Cylink s Key Recovery Solution, available at : http://www.csm.ornl.gov/~dunigan/cykey.pdf, last visited 2011.
[4] D Arco P., On the Distribution of a Key Distribution Center, in Proceedings of the 7 th Italian Conference on Theoretical Computer Science , Springer, pp. 357-369, 2001.
[5] Denning D., The US Key Escrow Encryption Technology, Computer Communications , vol. 17, no. 7, pp. 453-457, 1994.
[6] Denning D. and Branstad D., A Taxonomy for Key Recovery Encryption Systems, Internet Besieged: Countering Cyberspace Scofflaws , vol. 39, no. 3, pp. 357-371, 1997.
[7] Denning D. and Smid M., Key Escrowing Today, IEEE Communications Magazine , vol. 32, no. 9, pp. 58-68, 1994.
[8] Global Information Assurance Certification, Encryption Key Recovery, GSEC Certification Practical Assignment V.1.4b , 2004.
[9] Guo Z., Okuyama T., and Finley M., A New Trust Model for PKI Interoperability, in Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services , pp. 37, 2005.
[10] Jech T., Set Theory , Springer-Verlag, New York, 2006.
[11] Jefferies N., Mitchell C., and Walker M., A Proposed Architecture for Trusted Third Party Services, in Proceedings of the International Conference on Cryptography , Berlin, pp. 98-104, 1996.
[12] Johnson R., Rubnich M., and DelaCruz A., Implementing a Key Recovery Attack on the High-Bandwidth Digital Content Protection Protocol, in Proceedings of the IEEE Consumer Communications and Networking Conference , Las Vegas, pp. 313-317, 2011.
[13] Kanyamee K. and Sathitwiriyawong C., High- Availability Decentralized Multi-Agent Key Recovery System, in Proceedings of the International Conference on Computer and 58 The International Arab Journal of Informati on Technology, Vol. 11, No. 1, January 2014 Information Science, Shanghai, pp. 290-294, 2009.
[14] Lee Y. and Laih C., On the Key Recovery of the Key Escrow System, in Proceedings of the Annual Computer Security Applications Conference , San Diego, pp. 216-220, 1997.
[15] Lim S., Hani H., Kim M., and Kim T., In Design of Key Recovery System using Multiple Agent Technology for Electronic Commerce, in Proceedings of the Industrial Electronics , Pusan, pp. 1351-1356, 2001.
[16] Lim S., Kang S., and Sohn J., Modeling of Multiple Agent Based Cryptographic Key Recovery Protocol, in Proceedings of the Annual Computer Security Applications Conference , pp. 119-128, 2003.
[17] Lv C., Jia X., Tiany L, Jing J., and Suny M., Efficient Ideal Threshold Secret Sharing Schemes Based on Exclusive-Or Operations, in Proceedings of the 4 th International Conference on Network and System Security , Melbourne, pp. 136-143, 2010.
[18] McConnell B. and Appel E., Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure, available at: https://www.cdt.org/crypto/clipper_III/clipper_III _draft.html, last visited 1996.
[19] National Institute of Standards and Technology, Escrowed Encryption Standard, Federal Information Processing Standards Publication 185 , 1994.
[20] National Institute of Standards and Technology. Key Recovery Examples, available at: http://csrc.nist.gov/krdp/exa.html, last visited 2011.
[21] Neuman B. and Ts'o T., Kerberos: An Authentication Service for Computer Networks, IEEE Communications Magazine , vol. 32, no. 9, pp. 32-38, 1994.
[22] Numao M. and Nakayama Y., Internet Archiving Server with Key Recovery Function, in Proceedings of the Symposium on Cryptography and Information Security , Japan 1998.
[23] Su R., Che X., Fu S., Li L., and Zhou L., Protocol-Based Hidden Key Recovery: IBE Approach and IPSec Case, in Proceedings of the Conference on Networks Security, Wireless Communications and Trusted Computing , Wuhan, pp. 719-723, 2009.
[24] Thulasimani L. and Madheswaran M., A Novel Secure Hash Algorithm for Public Key Digital Signature Schemes, International Arab Journal of Information Technology , vol. 9, no. 3, pp. 262- 267, 2012.
[25] Wakid S., Requirements for Key Recovery Products, Report of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure , National Institute of Standards and Technology, 1998.
[26] Walker S., Lipner S., Ellison C., and Balenson D., Commercial Key Recovery, Communications of the ACM , vol. 39, no. 3, pp. 41-47, 1996.
[27] Wang E., Yau J., Hui L., Jiang Z., and Yiu S., A Key-Recovery System for Long-term Encrypted Documents, in Proceedings of the International Enterprise Distributed Object Computing Conference Workshops , China, pp. 52, 2006. Kanokwan Kanyamee received her BSc in computer science from Rajabhat Institute Uttaradit in 1999, and her MSc and PhD in information technology from Naresuan University and King Mongkut s Institute of Technology Ladkrabang, Thailand in 2003 and 2013, respectively . She is currently a lecturer at Uttaradit Rajabhat University. Her research interests are in cryptogra phy and information security. Chanboon Sathitwiriyawong received his BEng degree in electrical engineering from Prince of Songkla University, Thailand in 1986. He earned his MSc in data tele-communications and networks in 1993 and his PhD in electronic and electrical engineering from the University of Salford, United Kingdom in 1996. He is an associate professor at the faculty of Information Technology and the dean, King Mongkut s Institute of Information Technology Ladkrabang. His current research interes ts are in the area of computer network, and network an d system security. He is a member of the IEEE Communication Society.