A Hierarchical key management Scheme for End-to-End Encryption in Internet Environments

The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destinationpairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is considered. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. In this paper, a hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an automatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.