Partitionable Decentralized Topic Key Management

More Info


In a military environment, tactical networks enable information sharing between all the different entities in the field. In this environment, multiple groups of people from different organizations, and with different goals and policies have to share information. The information has to be shared without the risk of leaking information to unauthorized entities. Cryptography algorithms are used to encrypt information with a key to remain in control of when, where and to whom it is shared. All information is encrypted based on the concept of content-based encryption. In this unreliable environment, the cryptographic keys used to secure the data have to be available to continue collecting and processing information.

A key management architecture should be in place, to facilitate the generation and distribution of these keys. The purpose of this key management architecture is to provide the entities in the field with specific keys such that information access policies can be enforced. The challenge here is that in tactical networks, network partitionings are expected to happen. Therefore, the same keys have to be redundantly available at multiple locations to prevent a single point of failure. In a connected network, the keys can constantly be synchronized between these locations. However, the problem of key de-synchronization occurs if the network is split for some time, keys are changed on both sides, and then the network is recombined. This leads to possible conflicting keys because synchronization was temporarily not possible. The key management architecture must be able to handle such conflicts and reintegrate them as necessary.

In this thesis, we present a decentralized key management architecture with a solution for the key de-synchronization problem. We propose to use Conflict-free replicated data types, to store the keys at multiple locations and prevent conflicts. Conflict-free replicated data types is a concept to store and replicate data across multiple instances. This data type is characterized by the possibility to update the data in all instances independently, and concurrently, without coordination between the instances. Additionally, three approaches for the coordination of key creation are proposed with different levels of consistency and availability. The architecture and the three approaches are compared in experiments to evaluate the differences and prove the feasibility of the designs.