Secure communications in computer cluster systems

摘要

A system to improve communication security in cluster machine processing may include interconnected computers that can jointly process data. The system may also include a shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. The system may further include a new shared secret key used by each of the interconnected computers to encrypt, decrypt, and/or authenticate data being sent, or received, from one of the interconnected computers to another of the interconnected computers. In addition, the new shared secret key may coexist with the shared secret key without adversely affecting the joint processing of data performed by the plurality of interconnected computers.

主权项

1. A system to improve communication security for cluster machine processing, the system comprising:
a plurality of interconnected computers that can jointly process data; a current shared secret key used by each of said plurality of interconnected computers to at least one of encrypt, decrypt, and authenticate data being sent or received from one of said plurality of interconnected computers to another of said plurality of interconnected computers; a new shared secret key used by each of said plurality of interconnected computers to at least one of encrypt, decrypt, and authenticate data being sent or received from one of said plurality of interconnected computers to another of said plurality of interconnected computers, each of said plurality of interconnected computers configured to vote when to replace said current shared secret key with said new shared secret key for said plurality of interconnected computers; a group leader node belonging to the interconnected computers, the group leader node configured to receive a plurality of votes from said plurality of interconnected computers, to collate the votes, and to transmit a message to said plurality of interconnected computers, the message configured to cause said plurality of interconnected computers to change from using the current shared secret key to using the new shared secret key for at least one of encrypt, decrypt, and authenticate data being sent or received from one of said plurality of interconnected computers to another of said plurality of interconnected computers; and a secret key transport protocol wherein:
the group leader node proposes the new shared secret key using the current shared secret key to transmit the new shared secret key;until all the interconnected computers indicate receipt of the new shared secret key, the interconnected computers use the current shared secret key to transmit messages to the interconnected computers and accept both the new shared secret key and the current shared secret key in received messages;until all the interconnected computers indicate use of the new shared secret key, the interconnected computers use the new shared secret key to transmit messages to the interconnected computers and accept both the new shared secret key and the current shared secret key in received messages; andafter all the interconnected computers indicate use of the new shared secret key, the plurality of interconnected computers use the new shared secret key to transmit messages and accept only the new shared secret key in received messages; andwherein each of said plurality of interconnected computers authenticates transmitted data with said current shared secret key, and authenticates received data with said current shared secret key or said new shared secret key based upon the voting.