Use shared keys for verifying destination nodes before actually sending forth data. Verification itself can be accomplished thru Message Authentication Codes. Now, the problem of key sharing and master key security still persists. I would think this is the easiest solution though.