A scalable Role-based Group Key Agreement and Role Identification mechanism

Large-scale organizations often use role-based hierarchical systems for managing human resources. Meanwhile, secure communication is an essential element in protecting an organization´s intellectual property. In this paper, we propose a solution to the problem of securing group communication (i.e. multiple-peer communication) along with the difficulty of managing such communication system in a large-scale and role-based environment. A role-based conference key generation algorithm is proposed to produce chained-keys by recursive hashing. The proposed work makes it possible that a user with a higher clearance can audit the communications among the users that are hierarchically below him/her. Furthermore, the compartmentalization problem in the previous version is solved by introducing Role Identification Certificates (RICs) using the same key-chain algorithm, so that communications within a group will not be exposed to the outsiders. A centralized key management server is used to securely dispatch the keys to each communicating entity based on his/her role. This lowers the cost associated with deployment of a good Random Number Generator (RNG) and reduces the packet size compared to traditional PKI systems.