Authenticating compromisable storage systems

Jiangshan Yu; Mark Ryan; Liqun Chen

doi:10.1109/Trustcom/BigDataSE/ICESS.2017.216

Authenticating compromisable storage systems

Jiangshan Yu, Mark Ryan, Liqun Chen

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

2 Citations (Scopus)

Abstract

A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term, we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the system.

Original language	English
Title of host publication	Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems
Subtitle of host publication	2017 IEEE Trustcom/BigDataSE/ICESS
Editors	Priyadarsi Nanda , Yan Xiang , Yi Mu
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	25-32
Number of pages	8
ISBN (Electronic)	9781509049059, 9781509049066
ISBN (Print)	9781509049073
DOIs	https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216
Publication status	Published - 2017
Externally published	Yes
Event	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017 - Novotel Sydney Central Hotel, Sydney, Australia Duration: 1 Aug 2017 → 4 Aug 2017 Conference number: 16th https://web.archive.org/web/20170816014543/http://www.stprp-activity.com/TrustCom2017 (Conference website) https://ieeexplore.ieee.org/xpl/conhome/8027145/proceeding (Proceedings)

Conference

Conference	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017
Abbreviated title	TrustCom 2017
Country/Territory	Australia
City	Sydney
Period	1/08/17 → 4/08/17
Internet address	https://web.archive.org/web/20170816014543/http://www.stprp-activity.com/TrustCom2017 (Conference website) https://ieeexplore.ieee.org/xpl/conhome/8027145/proceeding (Proceedings)

Keywords

Authentication
Information security
Post compromise security
Proactive security
Self-healing system

Access to Document

10.1109/Trustcom/BigDataSE/ICESS.2017.216

Cite this

Yu, J., Ryan, M., & Chen, L. (2017). Authenticating compromisable storage systems. In P. Nanda , Y. Xiang , & Y. Mu (Eds.), Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS (pp. 25-32). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216

Yu, Jiangshan ; Ryan, Mark ; Chen, Liqun. / Authenticating compromisable storage systems. Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS . editor / Priyadarsi Nanda ; Yan Xiang ; Yi Mu. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2017. pp. 25-32

@inproceedings{92bd3bc4f2b94d5daf95a78cb9c11f16,

title = "Authenticating compromisable storage systems",

abstract = "A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term, we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the system.",

keywords = "Authentication, Information security, Post compromise security, Proactive security, Self-healing system",

author = "Jiangshan Yu and Mark Ryan and Liqun Chen",

year = "2017",

doi = "10.1109/Trustcom/BigDataSE/ICESS.2017.216",

language = "English",

isbn = "9781509049073",

pages = "25--32",

editor = "\{Nanda \}, \{Priyadarsi \} and \{Xiang \}, Yan and Mu, \{Yi \}",

booktitle = "Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

note = "IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017, TrustCom 2017 ; Conference date: 01-08-2017 Through 04-08-2017",

url = "https://web.archive.org/web/20170816014543/http://www.stprp-activity.com/TrustCom2017, https://ieeexplore.ieee.org/xpl/conhome/8027145/proceeding",

}

Yu, J, Ryan, M & Chen, L 2017, Authenticating compromisable storage systems. in P Nanda , Y Xiang & Y Mu (eds), Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS . IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 25-32, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017, Sydney, New South Wales, Australia, 1/08/17. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216

Authenticating compromisable storage systems. / Yu, Jiangshan; Ryan, Mark; Chen, Liqun.
Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS . ed. / Priyadarsi Nanda ; Yan Xiang ; Yi Mu. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2017. p. 25-32.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Authenticating compromisable storage systems

AU - Yu, Jiangshan

AU - Ryan, Mark

AU - Chen, Liqun

N1 - Conference code: 16th

PY - 2017

Y1 - 2017

N2 - A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term, we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the system.

AB - A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term, we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the system.

KW - Authentication

KW - Information security

KW - Post compromise security

KW - Proactive security

KW - Self-healing system

UR - https://www.scopus.com/pages/publications/85032347365

U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.216

DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.216

M3 - Conference Paper

AN - SCOPUS:85032347365

SN - 9781509049073

SP - 25

EP - 32

BT - Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems

A2 - Nanda , Priyadarsi

A2 - Xiang , Yan

A2 - Mu, Yi

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2017

Y2 - 1 August 2017 through 4 August 2017

ER -

Yu J, Ryan M, Chen L. Authenticating compromisable storage systems. In Nanda P, Xiang Y, Mu Y, editors, Proceedings - The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - The 11th IEEE International Conference on Big Data Science and Engineering - The 14th IEEE International Conference on Embedded Software and Systems: 2017 IEEE Trustcom/BigDataSE/ICESS . Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2017. p. 25-32 doi: 10.1109/Trustcom/BigDataSE/ICESS.2017.216

Authenticating compromisable storage systems

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this