High-Availability Decentralized Multi-Agent Key Recovery System

In symmetric cryptography, any two communicating parties share the secret session key. In case it is unavailable or legal investigation of transmitting messages is needed, there should be a mechanism to recover it. The recovery of session key is typically provided by trusted key recovery agents (KRAs). They will recover the session key after receiving the request from those who have the right to use the key. Key recovery can be achieved by either single agent (S-KRA) or multiple agents (M-KRA). M-KRA enhances the security of S-KRA by reducing any risk of falsification and counterfeiting. This paper proposed a high-availability decentralized multi-agent key recovery system without the need of key recovery center (KRC), called HADM-KRS. The proposed method uses simple and flexible principles of secure session key management with appropriated design of key recovery function and the new format of key recovery field (KRF). The system has high availability, ability to detect attacks on group authentication, and can recover session key despite the failure of some KRAs, without the need of KRC. Therefore, the problem of single point of failure of KRC can be avoided. System administrators also have flexibility to manage and choose the number of KRAs to meet security requirements. The system also supports law enforcement and is based on security mechanism using well defined features of public key infrastructure (PKI).