Exchange Protocols on Network File Systems Using Parallel Sessions Authenticated & Improved Keys

In this work we studied the key establishment for secure many-to-many communications. The main problem is inspired by the rapid increase of large-scale distributed file systems supporting parallel access to multiple storage devices. The system focus on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos key exchange protocols to implement parallel session keys between clients and storage servers. Our study of the existing Kerberos protocol shows that it has a number of limitations: (i) a metadata server providing key exchange among the clients and the storage devices has heavy workload that limits the scalability of the protocol; (ii) the protocol cannot provide forward secrecy; (iii) the metadata server generates all the session keys for securing communication between clients and storage devices, and this inadvertently leads to key escrow. In this paper, we put forward three different authenticated key exchange protocols that are designed to address the above issues. We prove that our protocols are capable for minimizing up to almost50% of the workload of the metadata server and at the same time supporting forward secrecy and escrow-prevention. All this requires only a small fraction of increased computation overhead at the client