1 / 14

Enhancing Survivability of Security Services using Redundancy

Enhancing Survivability of Security Services using Redundancy. Presented by: Zijian Cao Joe Ondercin. Based on a paper by Matti Hiltunen, Richard D. Schlichting, and Carlos A. Ugarte. Overview. Traditional security services Single method to guarantee security attributes

taline
Download Presentation

Enhancing Survivability of Security Services using Redundancy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing Survivability of Security Services using Redundancy Presented by: Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting, and Carlos A. Ugarte

  2. Overview • Traditional security services • Single method to guarantee security attributes • Single point of vulnerability • Use redundancy to increase survivability • Implement using multiple methods • Implement in ways that can vary unpredictably

  3. Requirements • Appropriate techniques • System support

  4. Techniques • Use multiple methods to enforce security attribute • If one method remains intact, attribute remains uncompromised • Methods need to be independent • Use of same key by different methods can result in both being defeated

  5. Example - Secure Messaging • Encrypt messages with different methods • Use DES, then IDEA • Alternate the sequence of applying DES and IDEA for different messages • Apply different methods to different parts of message • Both methods would have to be identified and broken to compromise data

  6. System Support • Simplifies redundancy based survivability techniques using the appropriate software customization framework. • Automation of techniques

  7. Example - SecComm • SecComm • A highly configurable secure communicate service • Implemented using Cactus • Cactus • A framework for software customization • Constructs configurable network protocols and services • Implements each service property as a separate software module (called a micro-protocol)

  8. Basic Authenticity Privacy Integrity Non-repudiation Attack Specific Replay prevention Known plain text attack prevention Security Properties

  9. Basic Security Micro-protocols (MPs) • Individual methods that can be utilized • Addresses security properties • Allows different abstract service properties and their variants to be implemented as independent modules

  10. Meta-security MP’s • Applying multiple or alternating basic security micro-protocols • Selected based on the desired properties • Creates a complex protocol • Key feature to enabling redundancy for survivability

  11. Examples of Meta-security MP’s • MultiSecurity • Applies multiple basic security MP’s to a message in sequence • AltSecurity • Applies one MP to each message, sequentially from a predetermined list • RandomAltSecurity • Randomly chooses the method for each message

  12. Trade-offs • Performance • Configuration constraints

  13. Why is this important? • Needs to be considered when designing architecture • Can reduce the potential for compromise • Security through obscurity • Use of available technology

  14. Questions

More Related