A secure key registration system based on proactive secret-sharing scheme

Abstract

We designed a secure key registration system based on the proactive secret-sharing scheme. A user can register important data such as a session key to a distributed system in a (t, n)-threshold scheme, which means that the data can be recovered if t sewers cooperate (in other words, that the data cannot be revealed unless t sewers collude). The proactive scheme provides stronger security against an active adversary. We designed the protocol to generate an implicit secret, to distribute shares of it, and to reconstruct the secret for proactive secret-sharing without a dealer. We also developed a prototype of a data archiving service framework on the Internet. To allow users to access the system via a Web browser, we implemented a system based on the PKI (public key infrastructure), where the client/server authentication is done by means of X.509 certification. We also used the publish/subscribe communication model to realize interaction between key management servers, because it is easy to implement the broadcasting channels used in the share update phase.