System and method for establishing a shared secret among nodes of a security appliance

Abstract

A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter 'source generated public key'). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of 'partner' public keys. The protocol then continues with each node generating additional messages equal to the number of participating nodes minus one. At that point, each node combines its private key with its partner public keys stored in the data structure to generate a value that is common among all of the participating nodes. This common value is then used to derive the shared secret.