A secure multiple-agent cryptographic key recovery system

Abstract

Symmetric cryptography uses the same session key for message encryption and decryption. Without having it, the encrypted message will never be revealed. In case the session key is unavailable or government authorities need to inspect suspect messages, there should be a mechanism to recover it. The recovery of session key is usually provided by a trusted key recovery center as a coordinator among key recovery agents (KRAs). The session key will be recovered on receiving the request from those who are legitimate to view the message. Key recovery can be achieved by a single agent or multiple agents. The latter can enhance the security of the former by mitigating the risks of fabrication and collusion. This paper presents a secure multiple-agent cryptographic key recovery system (SEM-KRS) that uses the simple and flexible principles of secure session key management with appropriated design of key recovery function and the new format of key recovery field. The proposed system has high availability, ability to detect attacks on group authentication, and can recover session key despite the failure of some KRAs. Therefore, the problem of single point of failure can be avoided. System administrators also have flexibility to manage and choose the number of KRAs to meet security requirements. The system also supports law enforcement, and is based on public key infrastructure to provide trusted and authenticated key distribution infrastructure.