The proactive security toolkit and applications

Authors:
Boaz Barak;Amir Herzberg;Dalit Naor;Eldad Shai
Affiliations:
IBM Haifa Research Lab, Tel-Aviv Site, E-Commerce and Technologies Group;IBM Haifa Research Lab, Tel-Aviv Site, E-Commerce and Technologies Group;IBM Haifa Research Lab, Tel-Aviv Site, E-Commerce and Technologies Group;IBM Haifa Research Lab, Tel-Aviv Site, E-Commerce and Technologies Group
Venue:
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Year:
1999

Citing 19
Cited 13

How to withstand mobile virus attacks (extended abstract)

PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Secure agreement protocols: reliable and atomic group multicast in rampart

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
The Ω key management service

CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Maintaining authenticated communication in the presence of break-ins

PODC '97 Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing
Proactive public key and signature systems

Proceedings of the 4th ACM conference on Computer and communications security
How to share a secret

Communications of the ACM
Distributed computing: fundamentals, simulations and advanced topics

Distributed computing: fundamentals, simulations and advanced topics
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Maintaining Security in the Presence of Transient Faults

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Proactive RSA

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
The Rampart Toolkit for Building High-Integrity Services

Selected Papers from the International Workshop on Theory and Practice in Distributed Systems
Optimal-resilience proactive public-key cryptosystems

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Building intrusion tolerant applications

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Network randomization protocol: a proactive pseudo-random generator

SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Robust threshold DSS signatures

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Distributed Pseudo-random functions and KDCs

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques

Clock synchronization with faults and recoveries (extended abstract)

Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
OceanStore: an architecture for global-scale persistent storage

ACM SIGPLAN Notices
OceanStore: an architecture for global-scale persistent storage

ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
COCA: A secure distributed online certification authority

ACM Transactions on Computer Systems (TOCS)
Maintenance-Free Global Data Storage

IEEE Internet Computing
Automatic generation of two-party computations

Proceedings of the 10th ACM conference on Computer and communications security
Implementing Trustworthy Services Using Replicated State Machines

IEEE Security and Privacy
Building intrusion tolerant applications

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Efficient state transfer for hypervisor-based proactive recovery

Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems
Split-and-delegate: threshold cryptography for the masses

FC'02 Proceedings of the 6th international conference on Financial cryptography
Adversarial security: getting to the root of the problem

iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Intrusion-Resilient secure channels

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Implementing trustworthy services using replicated state machines

Replication

Quantified Score

Hi-index	0.00

Visualization

Abstract

Existing security mechanisms focus on prevention of penetrations, detection of a penetration and (manual) recovery tools Indeed attackers focus their penetration efforts on breaking into critical modules, and on avoiding detection of the attack. As a result, security tools and procedures may cause the attackers to lose control over a specific module (computer, account), since the attacker would rather lose control than risk detection of the attack. While controlling the module, attacker may learn critical secret information or modify the module that make it much easier for the attacker to regain control over that module later. Recent results in cryptography give some hope of improving this situation; they show that many fundamental security tasks can be achieved with proactive security. Proactive security does not assume that there is any module completely secure against penetration Instead, we assume that at any given time period (day, week,.), a sufficient number of the modules in the system are secure (not penetrated). The results obtained so far include some of the most important cryptographic primitives such as signatures, secret sharing, and secure communication However, there was no usable implementation, and several critical issues (for actual use) were not addressedIn this work we report on a practical toolkit implementing the key proactive security mechanisms The toolkit provides secure interfaces to make it easy for applications to recover from penetrations. The toolkit also addresses other critical implementation issues, such as the initialization of the proactive secure system. We describe the toolkit and discuss some of the potential applications. Some applications require minimal enhancements to the existing implementations - e.g. for secure logging (especially for intrusion detection), secure end-to-end communication and timestamping. Other applications require more significant enhancements, mainly distribution over multiple servers, examples are certification authority, key recovery, and secure file system or archive