1. Statement of the Technical Field
The inventive arrangements relate to electronic key management and more particularly to electronic key management using a public key infrastructure.
2. Description of the Related Art
With the growing pervasiveness of decentralized tactical networks, it is becoming increasingly important to ensure that communication between nodes in such networks remains secure. Electronic key management is the mechanism through which common keys are agreed upon or established in order to encrypt and decrypt sensitive data that cannot be sent over the air in plaintext. Currently, such key management schemes rely on either a centralized control station and existing infrastructure to distribute keys among nodes in a group, a certain amount of preplaced information within each node prior to each mission that enables the reconstruction of shared keys, or a computationally intensive public-key infrastructure to generate shared keys on demand. Each of these approaches is accompanied with application-sensitive limitations that make them suitable for various scenarios. However, in the context of tactical wireless networks, nodes face a threat of being compromised, which in turn results in a relatively high threat to the group key, or any individual security association.
In addition, a number of key management challenges are encountered when managing tactical communication systems. A large portion of tactical communications occurs over low bandwidth channels that are susceptible to natural and deliberate interference. Current over-the-air rekeying protocols are not practical because of the amount of time that can be consumed. Current key material is essential to the security of a mission and an expedient means of obtaining the material is therefore necessary. Current over-the-air rekeying protocols can be relatively slow and therefore are not entirely satisfactory. Another problem with conventional over-the-air rekeying protocols concerns the use of communication channel bandwidth. Communication channel bandwidth is a limited resource and must be available at any time for mission action. Occupying significant amounts of air time for any maintenance operation (such as over-the-air re-keying) is unacceptable. This has resulted in an off-line “PrePlaced Key (PPK)” approach being the most acceptable key distribution method currently available.
Installation of PPK material prior to the start of a mission, even though a manual operation, is straightforward and safe to execute. Intra-mission rekey of these systems is another matter; a security officer must use a “Fill Device” to physically carry and load key material to each node. Under battlefield conditions, this operation can be life threatening to the security officer. Lastly, enabling group membership is straightforward. A member is authorized, authenticated and then given the group key. In contrast, revoking group membership requires a full intra-mission rekey. As previously stated, this can be a dangerous operation in a battlefield situation.
Internet Protocol Security (IPsec) is a protocol suite which is used to secure Internet Protocol (IP) communications. The system involves authentication and encryption of IP packets communicated during a network communication session. Notably, IPsec also includes protocols which are provided to allow nodes to authenticate each other upon initiation of a communication session and thereafter to negotiate a cryptographic key which will be used by the nodes to communicate during the session. IPsec utilizes the idea of a security association (SA) as a building block for purposes of creating a secure communication session. A security association is comprised of a defined set of algorithms and parameters (such as cryptographic keys) that are used to encrypt and authenticate a flow of data in one direction. For purposes of communicating bi-directional traffic, the flow of data in each direction is secured by its own security association.
Security associations in IPsec can be established several means, including the Internet Key Exchange (IKE) protocol. IKE is used in IPsec to conduct a point-to-point authenticated key exchange to establish a security association between two parties in a network. It is considered a hybrid protocol because it is based on the Internet Security Association and Key Management (ISAKMP) and Oakley protocols; two widely used key management schemes. ISAKMP is responsible for secure session management between two peer nodes in a network; whereas Oakley defines the mechanisms for the actual key exchange over the IKE session. The key exchange mechanism used by both Oakley and IKE is the Diffie-Hellman Key Exchange protocol, which is a widely used technique for establishing a common key among two (or more) parties by relying on the computational intractability of the discrete logarithm problem. Notably, the IKE protocol is constrained in that it can only construct point-to-point security associations.
Key management protocols can based on several different approaches which include (1) centralized group key management (2) decentralized key management, and (3) distributed group key management methods. Centralized group key management protocols utilize an existing infrastructure, often called the Key Distribution Center (KDC), in order to control the set of keys used by members of an entire group. When a KDC, is used a key manager provides a group cryptographic key to each member of the group and sequentially uses each member's individual key to securely communicate the group key to that particular group member. Whenever a group member is removed from the group, the key manager must perform n encryptions and transmit n keys. Another problem with the KDC approach is that all group communication is comprised if the KDC is compromised.
Decentralized group key management protocols elect specific nodes (or groups of nodes) to act on behalf of a single KDC, thus breaking the problem of key management up into one that targets many smaller groups. While this does not explicitly rely on a single location to oversee key management for the entire group, the subgroup key managers are single points of failure for the entire group and must be chosen and protected carefully. Notably, in a decentralized group key management protocol, only the nodes in a specific, small subset act as key distributors. Most of the nodes do not act as key distributors and instead are configured so that they merely receive the key, without acting to distribute same.
Distributed group key management protocols are relatively recent schemes that are commonly used in industry, where every single node participates in some way to generate a common group key for all members. Many derivatives of this protocol family have been proposed, including the Group Diffie-Hellman Key Exchange (G-DH), Octopus Protocol, and the Password Authenticated Multi-Party Diffie-Hellman Key Exchange Protocol (PAMPDHKE). Unfortunately, most Diffie-Hellman based protocols are computationally intensive and are executed recursively in a point-to-point manner between pairs of nodes in the group until a security association is established between all members. In addition, any authentication schemes that are layered on top of such protocols are also point-to-point.