90 likes | 214 Views
ITTC. I ntrusion T olerance via T hreshold C ryptography. Dan Boneh Stanford University. Bill Aiello Bellcore. Michael Malkin Stanford University. Tom Wu Stanford University. http://www.stanford.edu/~dabo/ITTC/. Absolute intrusion prevention is impossible.
E N D
ITTC Intrusion ToleranceviaThreshold Cryptography Dan Boneh Stanford University Bill Aiello Bellcore Michael Malkin Stanford University Tom Wu Stanford University http://www.stanford.edu/~dabo/ITTC/
Absolute intrusion prevention is impossible Networked systems should be designed to maintain security even when hosts are penetrated and sensitive information is exposed. Main Design Principle Long-term security information should never be located at a single location: No single point of failure!
Scalability and Performance • High availability of private keys • Automatic load-balancing among share servers • Can reconstruct lost or corrupted shares • Arbitrary number of clients, up to 15 share servers • Can refresh shares to recover from compromised servers
Objectives • A module that can provide intrusion tolerance to legacy systems • Protect long term security information using threshold cryptography • Eliminate trusted dealers: keys are generated and managed without trusted dealers
Share Server 1 Share Server 2 Share Server 3 CTL CTL CTL Share #1 Share #2 Share #3 TLB TLB TLB Architecture • Share servers manage multiple clients and keys • Central administration of share servers
Library Components COM: Enables private and authenticated communication KEY: Key management GEN: Key generation with no trusted dealer NTD: Threshold decryption
Controllers CTL: Controller for share servers TLB: Client API of threshold decryption library, identifies compromised hosts ADM: Administration utilities
Certification Authority Gateway Request X.509 • CA’s private key is shared among three servers • Any two servers can generate certificate • No trusted dealer • Hard to break into two sites: diversity + refresh Share #1 Share #2 Share #3
#1 #2 #3 Web Server Internet User Web Server • ITTC is used to establish the SSL session key • SSL ensures a secure connection • The server’s private key is never reconstructed at a single location.