Communications of the ACM
A taxonomy for key recovery encryption systems
Internet besieged
Communications of the ACM
PKI: Implementing and Managing E-Security
PKI: Implementing and Managing E-Security
On the Distribution of a Key Distribution Center
ICTCS '01 Proceedings of the 7th Italian Conference on Theoretical Computer Science
A Proposed Architecture for Trusted Third Party Services
Proceedings of the International Conference on Cryptography: Policy and Algorithms
FTDCS '97 Proceedings of the 6th IEEE Workshop on Future Trends of Distributed Computing Systems
PKI and Digital Certification Infrastructure
ICON '01 Proceedings of the 9th IEEE International Conference on Networks
On the key recovery of the Key Escrow System
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Modeling of Multiple Agent based Cryptographic Key Recovery Protocol
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
An overview of PKI trust models
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
Symmetric cryptography uses the same session key for message encryption and decryption. Without having it, the encrypted message will never be revealed. In case the session key is unavailable or government authorities need to inspect suspect messages, there should be a mechanism to recover it. The recovery of session key is usually provided by a trusted key recovery center as a coordinator among key recovery agents (KRAs). The session key will be recovered on receiving the request from those who are legitimate to view the message. Key recovery can be achieved by a single agent or multiple agents. The latter can enhance the security of the former by mitigating the risks of fabrication and collusion. This paper presents a secure multiple-agent cryptographic key recovery system (SEM-KRS) that uses the simple and flexible principles of secure session key management with appropriated design of key recovery function and the new format of key recovery field. The proposed system has high availability, ability to detect attacks on group authentication, and can recover session key despite the failure of some KRAs. Therefore, the problem of single point of failure can be avoided. System administrators also have flexibility to manage and choose the number of KRAs to meet security requirements. The system also supports law enforcement, and is based on Public Key Infrastructure to provide trusted and authenticated key distribution infrastructure.