Distributed Key Management Scheme Based on CL-PKC in P2P Networks

Background

P2P (Peer to Peer) that is peer computing or peer networks, is a new network technology. Pure P2P network does not have any client or server. Thousands of computers connected to each other are on the equal status, while serving as a client (resource requestor) and server (resource provider) role. With the development of P2P networks, complete anonymity of the safety problem has seriously affected the further development of P2P networks. For example, in file-sharing system, the selfish users only enjoy the service refused to provide services for other users (“free-riding” phenomenon) (Dinger & Hartenstein, 2006). This series of problem’s solution is to build a reputation system in P2P networks. To get the nodes' reputation value, it needs authenticate the identity of the node at first. Therefore, the study on highly robust certification P2P system becomes one of the hot current P2P studies.

Traditional PKI needs a certificate to bind an identity and its public key, and certificate management in PKI is very complicated, including certificate distribution, certificate storage, certificate verification, certificate update, and certificate revocation. These processes need to consume a large amount of CPU resources and bandwidth resources. These problems prevent the implementation of PKI in the P2P network efficiently. The identity of public key cryptography (ID-PKC, Identity-based Public Key Cryptography) (Shamir, 1984), not only have the specific problem of key escrow, but also generally only is fit for small networks which do not ask for demanding security, but not fit for P2P networks which need for secure authentication (Aberer & Despotovic, 2002).

At Asiacrypt 2003, Al-Riyami and Paterson first proposed the notion of certificate-less public key cryptography (CL-PKC, Certificate-less Public Key Cryptography) (Al-Riyami & Paterson, 2003). As CL-PKC does not need certificates to authenticate public keys, therefore there is no certificate management problem, and it also avoids the key escrow problem in ID-PKC. Therefore, CL-PKC is considered as more suitable for P2P network authentication scheme.

The existence of single trusted center limits the network scalability, also causes risks of single-point failure. Therefore, many authentication schemes without trusted center in P2P networks have been proposed. However, those schemes are only applicable to applications which do not need high-level security, and the signature of node can not provide a true non-repudiation feature. In fact, all schemes without trusted center have the similar disadvantages. Using Multi-KGCs in P2P networks can avoid these shortcomings:

• •

  The number of trusted KGCs P2P network can dynamically adjust according to the number of nodes to improve the scalability of P2P networks.

• •

  Multi- trusted KGCs can avoid single-point failure, to improve the robustness of P2P networks

• •

  It distributes the power of trusted KGCs to prevent the attacker to steal the master key, which can improve the security of P2P networks.

In summary, research on the certificate-less-based multi-KGCs key distribution schemes that are fit for the characteristics of P2P networks is currently one of the problems needed to be solved. We apply the key generation schemes to the large-scale P2P networks, and study the corresponding session key generation and key management issues, thereby establishing a complete and reliable distributed key management system.

The Key Distribution Scheme With Multiple Trusted Centers

In this section, we propose a certificate-less-based key distribution scheme with Multi-KGCs that fits the characteristics of P2P networks, and analyzes its security.