Article

Free access

The proactive security toolkit and applications

Authors:

Boaz Barak,

Amir Herzberg,

Dalit Naor,

Eldad ShaiAuthors Info & Claims

CCS '99: Proceedings of the 6th ACM conference on Computer and communications security

Pages 18 - 27

https://doi.org/10.1145/319709.319713

Published: 01 November 1999 Publication History

PDF eReader

Abstract

Existing security mechanisms focus on prevention of penetrations, detection of a penetration and (manual) recovery tools Indeed attackers focus their penetration efforts on breaking into critical modules, and on avoiding detection of the attack. As a result, security tools and procedures may cause the attackers to lose control over a specific module (computer, account), since the attacker would rather lose control than risk detection of the attack. While controlling the module, attacker may learn critical secret information or modify the module that make it much easier for the attacker to regain control over that module later. Recent results in cryptography give some hope of improving this situation; they show that many fundamental security tasks can be achieved with proactive security. Proactive security does not assume that there is any module completely secure against penetration Instead, we assume that at any given time period (day, week,.), a sufficient number of the modules in the system are secure (not penetrated). The results obtained so far include some of the most important cryptographic primitives such as signatures, secret sharing, and secure communication However, there was no usable implementation, and several critical issues (for actual use) were not addressed

In this work we report on a practical toolkit implementing the key proactive security mechanisms The toolkit provides secure interfaces to make it easy for applications to recover from penetrations. The toolkit also addresses other critical implementation issues, such as the initialization of the proactive secure system.

We describe the toolkit and discuss some of the potential applications. Some applications require minimal enhancements to the existing implementations - e.g. for secure logging (especially for intrusion detection), secure end-to-end communication and timestamping. Other applications require more significant enhancements, mainly distribution over multiple servers, examples are certification authority, key recovery, and secure file system or archive

References

[1]

H. Attiya, and J. Welch, D~strlbuted Computing" fundamentals, stmulattons and advanced topics Mc.Grow-Hill, 1998

Abstract

References

Cited By

Index Terms

Recommendations

Proactive Security: Proactive security latest: vendors wire the cage but has the budgie flown...

Security vulnerabilities and mitigation techniques of web applications

Stronger security notions for trapdoor functions and applications

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations