How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Secure agreement protocols: reliable and atomic group multicast in rampart
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Maintaining authenticated communication in the presence of break-ins
PODC '97 Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing
Proactive public key and signature systems
Proceedings of the 4th ACM conference on Computer and communications security
Communications of the ACM
Distributed computing: fundamentals, simulations and advanced topics
Distributed computing: fundamentals, simulations and advanced topics
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Maintaining Security in the Presence of Transient Faults
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient Generation of Shared RSA Keys (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
The Rampart Toolkit for Building High-Integrity Services
Selected Papers from the International Workshop on Theory and Practice in Distributed Systems
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Building intrusion tolerant applications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Network randomization protocol: a proactive pseudo-random generator
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Robust threshold DSS signatures
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Distributed Pseudo-random functions and KDCs
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Clock synchronization with faults and recoveries (extended abstract)
Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
OceanStore: an architecture for global-scale persistent storage
ACM SIGPLAN Notices
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
Maintenance-Free Global Data Storage
IEEE Internet Computing
Automatic generation of two-party computations
Proceedings of the 10th ACM conference on Computer and communications security
Implementing Trustworthy Services Using Replicated State Machines
IEEE Security and Privacy
Building intrusion tolerant applications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Efficient state transfer for hypervisor-based proactive recovery
Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems
Split-and-delegate: threshold cryptography for the masses
FC'02 Proceedings of the 6th international conference on Financial cryptography
Adversarial security: getting to the root of the problem
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Intrusion-Resilient secure channels
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Existing security mechanisms focus on prevention of penetrations, detection of a penetration and (manual) recovery tools Indeed attackers focus their penetration efforts on breaking into critical modules, and on avoiding detection of the attack. As a result, security tools and procedures may cause the attackers to lose control over a specific module (computer, account), since the attacker would rather lose control than risk detection of the attack. While controlling the module, attacker may learn critical secret information or modify the module that make it much easier for the attacker to regain control over that module later. Recent results in cryptography give some hope of improving this situation; they show that many fundamental security tasks can be achieved with proactive security. Proactive security does not assume that there is any module completely secure against penetration Instead, we assume that at any given time period (day, week,.), a sufficient number of the modules in the system are secure (not penetrated). The results obtained so far include some of the most important cryptographic primitives such as signatures, secret sharing, and secure communication However, there was no usable implementation, and several critical issues (for actual use) were not addressedIn this work we report on a practical toolkit implementing the key proactive security mechanisms The toolkit provides secure interfaces to make it easy for applications to recover from penetrations. The toolkit also addresses other critical implementation issues, such as the initialization of the proactive secure system. We describe the toolkit and discuss some of the potential applications. Some applications require minimal enhancements to the existing implementations - e.g. for secure logging (especially for intrusion detection), secure end-to-end communication and timestamping. Other applications require more significant enhancements, mainly distribution over multiple servers, examples are certification authority, key recovery, and secure file system or archive