The SKI Project

SKI: Symmetric Key Infrastructure

Latest news About SKI Documents and publications Contact information
Implementation details Availability status Related links Future work

Latest news

Apr, 2004: Paper accepted for conference.

Back to Top

About SKI

SKI is a symmetric key authentication protocol which aims to provide an authentication infrastructure not unlike PKI (Public Key Infrastructure). Since SKI is based purely on symmetric key algorithms it does not have the computational requirements associated with PKI. This makes SKI especially appropriate for resource constrained devices such as those used in mobile ad-hoc networks (MANET). SKI's Authentication Server does not have to be online, unlike other symmetric key authentication protocols such as Kerberos. This makes SKI intrinsically resistant to Denial of Service attacks. Other features of SKI include support for a key update mechanism and key revocation. SKI seems especially well suited for applications such as MANET and peer-to-peer networks.

Back to Top

Documents and publications

Refereed papers:
acisp.04 .ps.gz .pdf .html B. Crispo, B. Popescu, A. S. Tanenbaum. "Symmetric Key Authentication Services Revisited". To be presented at the 9th Australasian Conference on Information Security and Privacy, July 2004.

Technical reports:
IR-CS-005.03 .ps .ps.gz .pdf B. Popescu, B. Crispo, A. S. Tanenbaum. "Symmetric Key Authentication Services Revisited". Technical Report IR-CS-005, September 2003.

Back to Top

Contact information

The following VU staff members are involved in this project:
Back to Top

Implementation details

A prototype of the SKI protocol was implemented by a student. The C programming language was used on Linux/Unix with the OpenSSL cryptographic library. The datastore back-end has not been decided yet. Currently MySQL is used. The implementation consists of an Authentication Server, a Client, a Directory Server and some benchmark tools.

Back to Top


The prototype is not yet available for general use. More information can be obtained by contacting the author, J. de Leeuw.

Back to Top

Future work

The SKI protocol is to be expanded with support for multiple domains. The details of this are currently worked on.

Back to Top

Related links

  • Kerberos: a network authentication protocol.
  • Turtle: a peer-to-peer architecture for safe sharing of sensitive data.
Back to Top

Contents on this page are (c) Copyright 2004 Vrije Universiteit, The Netherlands.