Towards fault-tolerant and secure on-line services
作者: Fred B. Schneider , Lidong Zhou
DOI:
关键词: Cryptography 、 Denial-of-service attack 、 Certificate authority 、 Public-key cryptography 、 Computer security 、 Coca 、 Vulnerability (computing) 、 Server 、 Engineering 、 Service (business)
摘要: Integrating fault tolerance and security is crucial for building trustworthy on-line services. Such integration studied in this dissertation through the design implementation of COCA (Cornell On-line Certification Authority), a fault-tolerant secure certification authority. maintains service private key to sign responses it sends clients, achieves availability using replicated servers that employ threshold cryptography store shares key. Periodic share refreshing, coupled with periodic recovery server states, defends against so-called mobile adversaries which move from one another. designed weak system model: no assumptions are made about speed or message delay, communications assumed links intermittent. The result reduced vulnerability attacks because, by their nature, weaker more difficult invalidate. further employs an array defense mechanisms specific denial attacks. runs both on local area network Internet. Performance measurements under simulated demonstrate effectiveness COCA's defenses.
acm.org 参考文章(89)
Fred B. Schneider, Abstractions for Fault Tolerance in Distributed Systems (Invited Paper). ifip congress. pp. 727- 734 ,(1986)
Amir Herzberg, Chee-Seng Chow, Network randomization protocol: a proactive pseudo-random generator usenix security symposium. pp. 6- 6 ,(1995)
Ari Juels, John G. Brainard, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. network and distributed system security symposium. ,(1999)
Baruch Awerbuch, Silvio Micali, Shafi Goldwasser, Benny Chor, Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults (Extended Abstract) foundations of computer science. pp. 383- 395 ,(1985)
Butler Lampson, Morrie Gasser, Andy Goldstein, Charlie Kaufman, The Digital Distributed System Security Architecture National Institute of Standards and Technology. ,(1989)
P. M. Melliar-Smith, Kim Potter Kihlstrom, Louise E. Moser, Solving Consensus in a Byzantine Environment Using an Unreliable Fault Detector. international conference on principles of distributed systems. pp. 61- 76 ,(1997)
Hideki Imai, Manuel Cerecedo, Tsutomu Matsumoto, Efficient and secure multiparty generation of digital signatures based on discrete logarithms IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. pp. 532- 545 ,(1993)
Tal Rabin, None, A Simplified Approach to Threshold and Proactive RSA international cryptology conference. pp. 89- 104 ,(1998) , 10.1007/BFB0055722
Paul C. Kocher, On Certificate Revocation and Validation financial cryptography. pp. 172- 177 ,(1998) , 10.1007/BFB0055481
Barbara Fox, Brian LaMacchia, Certificate Recocation: Mechanics and Meaning financial cryptography. pp. 158- 164 ,(1998) , 10.1007/BFB0055479