We propose and implement a protocol for a scalable, cost-effective,
information-theoretically secure key distribution and management system. The
system, called Distributed Symmetric Key Exchange (DSKE), relies on pre-shared
random numbers between DSKE clients and a group of Security Hubs. Any group of
DSKE clients can use the DSKE protocol to distill from the pre-shared numbers a
secret key. The clients are protected from Security Hub compromise via a secret
sharing scheme that allows the creation of the final key without the need to
trust individual Security Hubs. Precisely, if the number of compromised
Security Hubs does not exceed a certain threshold, confidentiality is
guaranteed to DSKE clients and, at the same time, robustness against
denial-of-service (DoS) attacks. The DSKE system can be used for quantum-secure
communication, can be easily integrated into existing network infrastructures,
and can support arbitrary groups of communication parties that have access to a
key. We discuss the high-level protocol, analyze its security, including its
robustness against disruption. A proof-ofprinciple demonstration of secure
communication between two distant clients with a DSKE-based VPN using Security
Hubs on Amazon Web Server (AWS) nodes thousands of kilometres away from them
was performed, demonstrating the feasibility of DSKEenabled secret sharing
one-time-pad encryption with a data rate above 50 Mbit/s and a latency below 70
ms.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
