International Journal of Research

Already we studied the issues of key establishment for secure many-to-many communications. The main problem is inspiredby the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. The system workfocuses on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberosto establish parallel session keys between clients and storage devices. Our review of the existing Kerberos-based protocol shows that ithas a number of limitations: (i) a metadata server facilitating key exchange between the clients and the storage devices has heavyworkload that restricts the scalability of the protocol; (ii) the protocol does not provide forward secrecy; (iii) the metadata servergenerates itself all the session keys that are used between the clients and storage devices, and this inherently leads to key escrow. . Inthis paper, we propose a variety of authenticated key exchange protocols that are designed to address the above issues. We show thatour protocols are capable of reducing up to approximately 90% of the workload of the metadata server and concurrently supportingforward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client.