Abstract   This  paper  proposes  two  versions  for  the  implement ation  of  a novel  High-Availability  Decentralized  cryptographic  Multi-agent Key Recovery System (HADM-KRS) that do  not require a key recovery centre: HADM-KRSv1 and HADM-KRSv2.  They  have  been  enhanced  from  our  previous  work  and  entirely  comply  with  the  latest  key  recovery  system  in  the  National  Institute  of  Standards  and  Technologies  (NIST's)  fr amework.  System  administrators  can  specify  the  mini mum  number  of  Key  Recovery  Agents  (KRAs)  according  to  security  polici es  and  requirements  while  maintaining  compliance  wi th  legal  requirements. This  feature is  achieved by applying  the concept of secret sharing and power set to distribute the session key to  participating  KRAs.  It  uses  the  principle  of  secure   session  key  management  with  an  appropriate  design  of  key  recovery  function.  The  system  is  designed  to  achieve  high  av ailability  despite  the  failure  of  some  KRAs.  The  performance  evaluation  results  show that the proposed systems incur little  processing times. They provide a security platform   with good performance,  fault tolerance, and robustness in terms of secrecy  and availability.   

References

[1] Al-Salqan Y., Cryptographic Key Recovery, in Proceedings of the Computer Society Workshop on Future Trends of Distributed Computing Systems , pp. 34-37, 1997.

[2] Barker E., Branstad D., Chokhani S., and Smid M., A Framework for Designing Cryptographic Key Management Systems , Draft Special Publication 800-130 , National Institute of Standards and Technology, 2010.

[3] Cylink Corporation, CyKey TM: Cylink s Key Recovery Solution, available at : http://www.csm.ornl.gov/~dunigan/cykey.pdf, last visited 2011.

[4] D Arco P., On the Distribution of a Key Distribution Center, in Proceedings of the 7 th Italian Conference on Theoretical Computer Science , Springer, pp. 357-369, 2001.

[5] Denning D., The US Key Escrow Encryption Technology, Computer Communications , vol. 17, no. 7, pp. 453-457, 1994.

[6] Denning D. and Branstad D., A Taxonomy for Key Recovery Encryption Systems, Internet Besieged: Countering Cyberspace Scofflaws , vol. 39, no. 3, pp. 357-371, 1997.

[7] Denning D. and Smid M., Key Escrowing Today, IEEE Communications Magazine , vol. 32, no. 9, pp. 58-68, 1994.

[8] Global Information Assurance Certification, Encryption Key Recovery, GSEC Certification Practical Assignment V.1.4b , 2004.

[9] Guo Z., Okuyama T., and Finley M., A New Trust Model for PKI Interoperability, in Proceedings of the Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services , pp. 37, 2005.

[10] Jech T., Set Theory , Springer-Verlag, New York, 2006.

[11] Jefferies N., Mitchell C., and Walker M., A Proposed Architecture for Trusted Third Party Services, in Proceedings of the International Conference on Cryptography , Berlin, pp. 98-104, 1996.

[12] Johnson R., Rubnich M., and DelaCruz A., Implementing a Key Recovery Attack on the High-Bandwidth Digital Content Protection Protocol, in Proceedings of the IEEE Consumer Communications and Networking Conference , Las Vegas, pp. 313-317, 2011.

[13] Kanyamee K. and Sathitwiriyawong C., High- Availability Decentralized Multi-Agent Key Recovery System, in Proceedings of the International Conference on Computer and 58 The International Arab Journal of Informati on Technology, Vol. 11, No. 1, January 2014 Information Science, Shanghai, pp. 290-294, 2009.

[14] Lee Y. and Laih C., On the Key Recovery of the Key Escrow System, in Proceedings of the Annual Computer Security Applications Conference , San Diego, pp. 216-220, 1997.

[15] Lim S., Hani H., Kim M., and Kim T., In Design of Key Recovery System using Multiple Agent Technology for Electronic Commerce, in Proceedings of the Industrial Electronics , Pusan, pp. 1351-1356, 2001.

[16] Lim S., Kang S., and Sohn J., Modeling of Multiple Agent Based Cryptographic Key Recovery Protocol, in Proceedings of the Annual Computer Security Applications Conference , pp. 119-128, 2003.

[17] Lv C., Jia X., Tiany L, Jing J., and Suny M., Efficient Ideal Threshold Secret Sharing Schemes Based on Exclusive-Or Operations, in Proceedings of the 4 th International Conference on Network and System Security , Melbourne, pp. 136-143, 2010.

[18] McConnell B. and Appel E., Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure, available at: https://www.cdt.org/crypto/clipper_III/clipper_III _draft.html, last visited 1996.

[19] National Institute of Standards and Technology, Escrowed Encryption Standard, Federal Information Processing Standards Publication 185 , 1994.

[20] National Institute of Standards and Technology. Key Recovery Examples, available at: http://csrc.nist.gov/krdp/exa.html, last visited 2011.

[21] Neuman B. and Ts'o T., Kerberos: An Authentication Service for Computer Networks, IEEE Communications Magazine , vol. 32, no. 9, pp. 32-38, 1994.

[22] Numao M. and Nakayama Y., Internet Archiving Server with Key Recovery Function, in Proceedings of the Symposium on Cryptography and Information Security , Japan 1998.

[23] Su R., Che X., Fu S., Li L., and Zhou L., Protocol-Based Hidden Key Recovery: IBE Approach and IPSec Case, in Proceedings of the Conference on Networks Security, Wireless Communications and Trusted Computing , Wuhan, pp. 719-723, 2009.

[24] Thulasimani L. and Madheswaran M., A Novel Secure Hash Algorithm for Public Key Digital Signature Schemes, International Arab Journal of Information Technology , vol. 9, no. 3, pp. 262- 267, 2012.

[25] Wakid S., Requirements for Key Recovery Products, Report of the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure , National Institute of Standards and Technology, 1998.

[26] Walker S., Lipner S., Ellison C., and Balenson D., Commercial Key Recovery, Communications of the ACM , vol. 39, no. 3, pp. 41-47, 1996.

[27] Wang E., Yau J., Hui L., Jiang Z., and Yiu S., A Key-Recovery System for Long-term Encrypted Documents, in Proceedings of the International Enterprise Distributed Object Computing Conference Workshops , China, pp. 52, 2006. Kanokwan Kanyamee received her BSc in computer science from Rajabhat Institute Uttaradit in 1999, and her MSc and PhD in information technology from Naresuan University and King Mongkut s Institute of Technology Ladkrabang, Thailand in 2003 and 2013, respectively . She is currently a lecturer at Uttaradit Rajabhat University. Her research interests are in cryptogra phy and information security. Chanboon Sathitwiriyawong received his BEng degree in electrical engineering from Prince of Songkla University, Thailand in 1986. He earned his MSc in data tele-communications and networks in 1993 and his PhD in electronic and electrical engineering from the University of Salford, United Kingdom in 1996. He is an associate professor at the faculty of Information Technology and the dean, King Mongkut s Institute of Information Technology Ladkrabang. His current research interes ts are in the area of computer network, and network an d system security. He is a member of the IEEE Communication Society.