Peter Bajorski, Alan Kaminsky, Michael Kurdziel, Marcin Lukowiak, Stanisław Radziszowski and Christopher Wood
A number of key management challenges are encountered when operating tactical communication systems using a group-wide shared key. A large portion of such communications occurs over low bit-rate channels, and all communication channels must be available at any moment for mission action. Current over-the-air rekeying protocols consume too much channel bit-rate to be practical for large tactical radio networks. This caused an off-line pre-placed key (PPK) approach to become most commonly used key distribution method in these environments. Unfortunately, with this key management scheme, revoking group membership requires a full intra-mission rekey, which can be dangerous in a battlefield situation. This paper introduces a new group key distribution method called Viral Electronic Key Exchange (VEKE). This paper examines the protocol as an extension to the Internet Key Exchange (IKE) protocol, but any electronic key exchange protocol can be used (Ex. IKE v2). A feature of this protocol is a parallel key distribution scheme enabled by propagating the key management role to authenticated nodes while establishing security associations across the network. We performed a comprehensive stochastic analysis to develop a model for computing the expected rekey time across the entire group, taking into account the likelihood of node jamming, channel failures, and message corruption. This model was verified with a Monte-Carlo simulation. Our results confirmed that the VEKE protocol can accomplish an over-the-air rekey in a short period of time, even over low bit-rate systems, while preserving rigid security and channel availability properties of the network. It also allows for the amount of pre-placed public-key material and other preparations necessary in tactical networks to be minimized.
分享此文章