Secure Proxy-Reencryption-Based Inter-Network Key Exchange

In this paper we present a novel approach to distribute session keys securely across administrative boundaries where participants may be unable to interact directly. The basis of our approach is the use of Proxy ReEncryption (PRE) to encrypt session keys (e.g., AES keys), publish the session keys to a proxy server, and then distribute the session keys to session participants who reencrypt, decrypt and access the session keys. Our approach, Secure Proxy-Reencryption-based Inter-network Key Exchange (SPIKE), applies to several real-world use cases, including coalition data sharing, sensor network data sharing and large-scale video distribution. SPIKE enables these use cases without requiring coordination between publishers and subscribers. We address an honest-but-curious adversary model where any data sent over a network link or stored at a proxy can be leaked. Our design of SPIKE is independent of the specific PRE scheme used. For implementation and experimentation purposes we implement and use, PALISADE, a general post-quantum lattice-based encryption library that provides a unidirectional PRE scheme with collusion resistance, supports multi-hop reencryption, and admits more general homomorphic encryption properties than other schemes. We present our design and implementation in experimental settings to evaluate real-world performance. We discuss generalization of our approach to increase scalability and address broader security concerns.