Security Assessment – Peer Review
Author: Dr. Stanislaw Jarecki, University of California, Irvine
1. SKI offers strong security property vs. standard PKI-based and Kerberos-based secure key communication solutions:
Unlike PKI-based solutions, the clients don’t store long-term keys except for standard authentication tokens (password, biometrics). This dramatically limits security exposure in case of client compromises.
Unlike Kerberos-based solutions, the central server (`Token Authority’) has no knowledge of decryption keys, just short-term authentication tokens. This limits the security exposure in case of central server compromise.
SKI achieves these security advantages using a distributed fault-tolerant protocol involving a network of geographically spread Relay servers, and it achieves the above security properties at the price of exposing a transmission key if a significant threshold of Relay servers is compromised.
However, using secret-sharing the probability of such compromise is negligibly low unless the adversary compromises a majority of the Relay servers.
2. SKI offers strong reliability in key delivery, thanks to the fault-tolerance in the key transmission protocol, based on well-known secret-sharing techniques.
3. SKI offers strong privacy properties with respect to the Relay servers, thanks to the double-blinding technique in the key transmission protocol. Only the central Token Authority knows the matching between the sender and the receiver, which is the same as in a Kerberos-style solution, and this information is stored only briefly, so a compromise of the Token Authority does not reveal past communication patterns.