How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Password authentication with insecure communication
Communications of the ACM
Password security: a case history
Communications of the ACM
Communications of the ACM
Maintaining Security in the Presence of Transient Faults
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Proactive public key and signature systems
Proceedings of the 4th ACM conference on Computer and communications security
The proactive security toolkit and applications
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Clock synchronization with faults and recoveries (extended abstract)
Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing
How to spread adversarial nodes?: rotate!
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Forward-security in private-key cryptography
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Intrusion-resilient public-key encryption
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Hi-index | 0.00 |
A major security threat to any security solutions based on a centralized server is the possibility of an adversary gaining access to and taking control of the server. The adversary may then learn secrets, corrupt data, or send erroneous messages. In practice, such an adversary may be more prevalent than one would like to admit. It may be a malicious hacker, a virus in an application program, or an unscrupulous system administrator. Proactive security is a novel approach to the server security problem. It uses the distribution of data and control to multiple servers and periodic refreshes between servers. By distributing data and control, one or more servers may be compromised without compromising the system. Periodic refreshes between servers allow a compromised server to "recover" after the attacker leaves, thereby contributing to the system security. A fraction (in some cases all) of the servers must be compromised simultaneously in order to compromise the system. This paper describes the Network Randomization Protocol (NRP) -- a proactive protocol for generating cryptographically secure pseudo-random numbers. The protocol is designed for operation in the Internet and includes defenses against clogging attacks. Issues related to the design and implementation of the protocol are discussed. As virtually no cryptographic task is possible without a source of randomness or pseudorandomness, NRP is an important basic building block for many cryptographic functions. Furthermore, it serves to illustrate the main ideas and intuitions of proactive security.