Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin...
-
date post
19-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin...
![Page 1: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/1.jpg)
Enhancing Survivability of Security Services using Redundancy
Presented by: Zijian Cao
Joe Ondercin
Based on a paper by Matti Hiltunen, Richard D. Schlichting, and Carlos A. Ugarte
![Page 2: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/2.jpg)
Overview
Traditional security services– Single method to guarantee security attributes– Single point of vulnerability
Use redundancy to increase survivability– Implement using multiple methods– Implement in ways that can vary unpredictably
![Page 3: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/3.jpg)
Requirements
Appropriate techniques System support
![Page 4: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/4.jpg)
Techniques
Use multiple methods to enforce security attribute– If one method remains intact, attribute remains
uncompromised
Methods need to be independent– Use of same key by different methods can
result in both being defeated
![Page 5: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/5.jpg)
Example - Secure Messaging
Encrypt messages with different methods– Use DES, then IDEA– Alternate the sequence of applying DES and
IDEA for different messages– Apply different methods to different parts of
message
Both methods would have to be identified and broken to compromise data
![Page 6: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/6.jpg)
System Support
Simplifies redundancy based survivability techniques using the appropriate software customization framework.
Automation of techniques
![Page 7: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/7.jpg)
Example - SecComm
SecComm– A highly configurable secure communicate service
– Implemented using Cactus
Cactus– A framework for software customization
– Constructs configurable network protocols and services
– Implements each service property as a separate software module (called a micro-protocol)
![Page 8: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/8.jpg)
Security Properties
Basic– Authenticity
– Privacy
– Integrity
– Non-repudiation
Attack Specific– Replay prevention
– Known plain text attack prevention
![Page 9: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/9.jpg)
Basic Security Micro-protocols (MPs) Individual methods that can be utilized Addresses security properties Allows different abstract service properties
and their variants to be implemented as independent modules
![Page 10: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/10.jpg)
Meta-security MP’s
Applying multiple or alternating basic security micro-protocols
Selected based on the desired properties Creates a complex protocol
– Key feature to enabling redundancy for survivability
![Page 11: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/11.jpg)
Examples of Meta-security MP’s
MultiSecurity– Applies multiple basic security MP’s to a
message in sequence AltSecurity
– Applies one MP to each message, sequentially from a predetermined list
RandomAltSecurity– Randomly chooses the method for each
message
![Page 12: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/12.jpg)
Trade-offs
Performance Configuration constraints
![Page 13: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/13.jpg)
Why is this important?
Needs to be considered when designing architecture
Can reduce the potential for compromise– Security through obscurity– Use of available technology
![Page 14: Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,](https://reader030.fdocuments.net/reader030/viewer/2022032800/56649d3a5503460f94a14e0a/html5/thumbnails/14.jpg)
Questions