enhancing survivability of security services using redundancy presented by:zijian cao joe ondercin...
Post on 19-Dec-2015
214 views
TRANSCRIPT
Enhancing Survivability of Security Services using Redundancy
Presented by: Zijian Cao
Joe Ondercin
Based on a paper by Matti Hiltunen, Richard D. Schlichting, and Carlos A. Ugarte
Overview
Traditional security services– Single method to guarantee security attributes– Single point of vulnerability
Use redundancy to increase survivability– Implement using multiple methods– Implement in ways that can vary unpredictably
Requirements
Appropriate techniques System support
Techniques
Use multiple methods to enforce security attribute– If one method remains intact, attribute remains
uncompromised
Methods need to be independent– Use of same key by different methods can
result in both being defeated
Example - Secure Messaging
Encrypt messages with different methods– Use DES, then IDEA– Alternate the sequence of applying DES and
IDEA for different messages– Apply different methods to different parts of
message
Both methods would have to be identified and broken to compromise data
System Support
Simplifies redundancy based survivability techniques using the appropriate software customization framework.
Automation of techniques
Example - SecComm
SecComm– A highly configurable secure communicate service
– Implemented using Cactus
Cactus– A framework for software customization
– Constructs configurable network protocols and services
– Implements each service property as a separate software module (called a micro-protocol)
Security Properties
Basic– Authenticity
– Privacy
– Integrity
– Non-repudiation
Attack Specific– Replay prevention
– Known plain text attack prevention
Basic Security Micro-protocols (MPs) Individual methods that can be utilized Addresses security properties Allows different abstract service properties
and their variants to be implemented as independent modules
Meta-security MP’s
Applying multiple or alternating basic security micro-protocols
Selected based on the desired properties Creates a complex protocol
– Key feature to enabling redundancy for survivability
Examples of Meta-security MP’s
MultiSecurity– Applies multiple basic security MP’s to a
message in sequence AltSecurity
– Applies one MP to each message, sequentially from a predetermined list
RandomAltSecurity– Randomly chooses the method for each
message
Trade-offs
Performance Configuration constraints
Why is this important?
Needs to be considered when designing architecture
Can reduce the potential for compromise– Security through obscurity– Use of available technology
Questions