Authenticating compromisable storage systems

Jiangshan Yu, Mark Ryan, Liqun Chen

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

1 Citation (Scopus)

Abstract

A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term, we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the system.

Original languageEnglish
Title of host publicationProceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems
Subtitle of host publication2017 IEEE Trustcom/BigDataSE/ICESS
EditorsPriyadarsi Nanda , Yan Xiang , Yi Mu
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages25-32
Number of pages8
ISBN (Electronic)9781509049059, 9781509049066
ISBN (Print)9781509049073
DOIs
Publication statusPublished - 2017
Externally publishedYes
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017 - Novotel Sydney Central Hotel, Sydney, Australia
Duration: 1 Aug 20174 Aug 2017
Conference number: 16th
https://web.archive.org/web/20170816014543/http://www.stprp-activity.com/TrustCom2017 (Conference website)
https://ieeexplore.ieee.org/xpl/conhome/8027145/proceeding (Proceedings)

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017
Abbreviated titleTrustCom 2017
CountryAustralia
CitySydney
Period1/08/174/08/17
Internet address

Keywords

  • Authentication
  • Information security
  • Post compromise security
  • Proactive security
  • Self-healing system

Cite this

Yu, J., Ryan, M., & Chen, L. (2017). Authenticating compromisable storage systems. In P. Nanda , Y. Xiang , & Y. Mu (Eds.), Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS (pp. 25-32). [8029419] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216