Where Fault-tolerance and Security Meet DARPA PI Meeting, July 2001 Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.
Linearizability Linearizability is a correctness criterion for concurrent object (Herlihy & Wing ACM TOPLAS 1990). It provides the illusion that each operation.
Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance Steve Ko Computer Sciences and Engineering University at Buffalo.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1/6/2015HostAP1 P2P Security Case Study: COCA (Cornell Online Certification Authority) Mobile Multimedia Lab, AUEB, 04/04/2003.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Database Replication techniques: a Three Parameter Classification Authors : Database Replication techniques: a Three Parameter Classification Authors :
FIT3105 Smart card based authentication and identity management Lecture 4.
L. Zhou, Z.J. Haas: Securing Ad Hoc Networks, (26) L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.
Oct 1999SRDS 991 On Diffusing Updates in a Byzantine Environment Dahlia Malkhi Yishay Mansour Michael K. Reiter.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Key Distribution CS 470 Introduction to Applied Cryptography
OCT1 Principles From Chapter Two of “Distributed Systems Concepts and Design” Material on Lamport Clocks from “Distributed Systems Principles and Paradigms”
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Chapter 2 Architectural Models. Keywords Middleware Interface vs. implementation Client-server models OOP.
Failure Resilience in the Peer-to-Peer-System OceanStore Speaker: Corinna Richter.
Aggregation in Sensor Networks
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Managing Real-Time Transactions in Mobile Ad-Hoc Network Databases Le Gruenwald The University of Oklahoma School of Computer Science Norman, Oklahoma,
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Consistent and Efficient Database Replication based on Group Communication Bettina Kemme School of Computer Science McGill University, Montreal.
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Fast Crash Recovery in RAMCloud. Motivation The role of DRAM has been increasing – Facebook used 150TB of DRAM For 200TB of disk storage However, there.
1 Introduction The State of the Art in Electronic Payment Systems, IEEE Computer, September 1997.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
1 Hello World and Welcome to The simple crypt Key=23 {txzr7c x7Cr 7d~zg{r 7tengc Private-key Cryptography.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Systems Research Barbara Liskov October Replication Goal: provide reliability and availability by storing information at several nodes.
Exercises for Chapter 2: System models From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4, © Pearson Education 2005.
Distributed Storage Systems: Data Replication using Quorums.
Problem: Replication versus Confidentiality
The Design and Implementation of a Next Generation Name Service for the Internet V. Ramasubramanian, E. Gun Sirer Cornell Univ. SIGCOMM 2004 Ciprian Tutu.
1 Thierry Titcheu Chekam 1,2, Ennan Zhai 3, Zhenhua Li 1, Yong Cui 4, Kui Ren 5 1 School of Software, TNLIST, and KLISS MoE, Tsinghua University 2 Interdisciplinary.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Department of Computer Science University of Calgary
Providing Secure Storage on the Internet
Linearizability Linearizability is a correctness criterion for concurrent object (Herlihy & Wing ACM TOPLAS 1990). It provides the illusion that each operation.
Distributed Systems CS
Sisi Duan Assistant Professor Information Systems
Presentation transcript:

Where Fault-tolerance and Security Meet DARPA PI Meeting, July 2001 Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York U.S.A. Not for Public Release.

1 Beyond Fault-tolerance Fault-tolerance is implemented using replication. But… –Replicating a secret helps attackers. –Serial attacks can be more harmful then concurrent attacks. –Replica coordination involves assumptions about timing.

2 Certification Authority l CA stores certificates. –Each certificate is a binding: 〈 name, K name 〉 –Each certificate is signed by CA. l Clients know public key of CA. Clients issue requests: –Query to retrieve certificate for a name. –Update to change binding and invalidate certificate.

3 Using a Certification Authority Encrypt Alice CA (CA: Alice: K A ) Signed: CA (CA: Carol: K C ) Signed: CA (CA: Bob: K B ) Signed: CA K CA + K B to Bob …

4 CA Security and Fault-tolerance Fault-tolerance and security for a CA means –CA service remains available. –CA signing key remains secret. despite –failures (=independent events) and –attacks (=correlated events).

5 COCA (Non)-Assumptions l Servers: correct or compromised. At most t servers compromised during window of vulnerability, and 3t < n holds. l Fair Links: A message sent enough times will be delivered. l Asynchrony: No bound on message delivery delay or server speed. Weaker assumptions are better.

6 Security and Fault-tolerance: Service Signing Key Secrecy l Service signing key stored at each server. versus l Employ threshold signature protocol: –Store a share of signing key at each server. –Use (n, t+1) threshold cryptography to sign.

7 Proactive Secret Sharing: Windows of Vulnerability l At most t servers compromised in a window. l Shares, keys, state all refreshed. l Local clock at some server initiates refresh. l Denial of service increases window size. XXXX X proactive refresh server compromise time

8 Security and Fault-tolerance: Query and Update Dissemination Byzantine Quorum System: –Intersection of any two quorums contains at least one correct server. –A quorum comprising only correct servers always exists. l Replicate certificates at servers. l Each client request processed by all correct servers in some quorum. l Use service (not server) signing key.

9 COCA System Architecture client response delegate server quorum

10 Denial of Service Defenses Problem: Denial of service possible if cost of processing a bogus request is high. Defenses: –Increase cost of making a bogus request. –Decrease cost/impact of processing a bogus request. yCheap authorization mechanism rejects some bogus requests. yProcessor scheduler partitions requests into classes. yResults of expensive cryptographic operations cached and reused –Asynchrony and Fair Links non-assumptions.

11 Experimental COCA Deployments Prototype implementation: yApprox. 35K lines of new C source yUses threshold RSA with 1024 bit RSA keys built from OpenSSL yCertificates in accordance with X.509. Deployments: –Cornell CS Dept local area network –Internet: yUniversity of Tromso (northern Norway) yUniversity of California (San Diego, California) yDartmouth College (Hanover, New Hampshire) yCornell University (Ithaca, New York)

12 Engineered for Performance In the normal case: –Servers satisfy strong assumptions about execution speed. –Messages sent will be delivered in a timely way. COCA optimizes for the normal case.

13 “Normal Case” Optimizations l Client enlists a single delegate. Only after timeout are t additional delegates contacted. l Servers do not become delegates until client asks or timeout elapses. l Delegates send responses to client and to all servers. Used to abort activity and load the cache.

14 Denial of Service Attacks Attacker might: –Send new requests. –Replay old client requests and server messages. –Delay message delivery or processing.

15 Denial of Service Defense: Scheduler-Enforced Isolation

16 Denial of Service Defense: Effects of Caching

17 Denial of Service Defense: Effects of Message Delay

18 COCA: Recap of Big Picture server failure dissem. Byzantine Quorum server compromise threshold signature protocol mobile attack proactive secret sharing (PSS) asynchrony asynchronous PSS Servers Client

19 Security and Fault-tolerance: Secret Sharing x p(2) p(4) p(6) p(0) p(0) is secret p(i) is share at site i m points determine an m-1 degree poly (n,k) secret sharing: k-1 degree poly p(x)

20 Security and Fault-tolerance—Mobile Virus Attacks: Proactive Secret Sharing x p’(2) p’(4) p’(6) p’(0) q(x): random poly p’(x): p(x)+q(x) p’(0) = p(0) p’(i) is share at site i p(x)

21 Proactive Secret Sharing: Computing New Shares s1s1 s2s2 s3s3 old sharing s1’s1’ s2’s2’ s3’s3’ new sharing old share: s i subsharing: s i1 s i2 s i3 … subsharing: s 1i s 2i s 3i … new share: s i ’ split reconstruct

22 LAN Performance Data COCA Operation Mean (msec) Std dev. (msec) Query Update PSS Sun E420R SPARC servers (4 450 Mhz processors. Solaris 2.6) 100 Mb Ethernet (Round trip delay for UDP packet: 300 micro secs) Sample means for 100 executions.

23 LAN Performance Breakdown QueryUpdatePSS Partial Signature64%73% Message Signing24%19%22% One-Way Function51% SSL10% Idle7%2%15% Other5%6%2%

24 WAN Performance Data COCA Operation Mean (msec) Std dev. (msec) Query Update PSS

25 WAN Performance Breakdown QueryUpdatePSS Partial Signature8.0%8.7% Message Signing3.2%2.5%2.6% One-Way Function7.8% SSL1.6% Idle88%88.7%87.4% Other0.8%1.1%0.6%

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.