Abstract by anuja a sonalker on Asymmetric Key Distribution


Download 217.42 Kb.
Pdf ko'rish
bet26/43
Sana19.04.2023
Hajmi217.42 Kb.
#1365410
1   ...   22   23   24   25   26   27   28   29   ...   43
Bog'liq
etd

3.10 Security Concerns 
Well-known ways to break any secure scheme are physical break-ins to steal the private 
keys, obtaining the keys during initial distribution, breaking the system, breaking the 
algorithm. Breaking the algorithm are RSA related issues. Here we deal with the issue of 
breaking the system. 
3.10.1 Breaking the system 
An attacker maybe able to break into any secure system by either posing as a very good 
imitation of an existing entity in the system, attacking and gaining control of the focal 
point of the system or a large number of servers or any means by which the purpose of 
this secure system is lost without actually breaking the algorithm. Here there are two 
potential problems, one being the case when ALL the share servers begin to collaborate 
without the knowledge of the special server, the other if a strong adversary compromises 
the special server successfully. 
In the former case, it can be easily shown that such an attack would not break the system. 
The threshold t-out-of-k signifies the minimum number of share servers that need to take 
part in a successful transaction. This ensures the signing of certificates in the absence of 
at most k-t share servers. This also enables us to protect the process of certificate signing 
from either surreptitious players or an intruder who may be able to compromise a number 
of peers in the system. The robustness here lies in the fact that until a total of k-t+1 share 
servers are compromised, the system cannot be brought down. Malicious parties may not 
be able to get a certificate signed even after a total of t share servers are compromised. 
This is because the threshold share servers cannot sign a certificate on their own. In order 
to sign a certificate correctly, we need t share servers AND the Special Server. 
Compromising t servers is not easy because of the relative size of t. In this scheme, the 
precondition for choosing t is that t 

2
k
+1 in this scheme. These two mathematical 
conditions ensure that the system cannot be easily compromised. 


34 
While in the former case, it has been mathematically shown, and physically implemented 
and proved that no number of share servers can collectively produce the signature of the 
Special Server, to be able to get an improper certificate signed, there does exist a focal 
point of security in the Asymmetric Key Distribution algorithm; the Special Server. If the 
special server were compromised, an attacker can get any improper certificate signed.
The Dual Threshold overcomes this problem by creating a hierarchy of shares. By further 
distributing the Special Servers shares over a small group of servers, this focal point of 
security concern is diminished. In order to compromise the system now, an adversary 
would need to compromise at least threshold number of share servers and a threshold 
number of distributed special servers. Since the two sets of shares are mutually exclusive, 
this becomes even more difficult because the adversary needs to selectively attack and 
gain control over at least t of the share servers in the system and f of the special servers to 
stop the good certificates from being signed. This technique is discussed in detail in the 
chapter following implementation. 

Download 217.42 Kb.

Do'stlaringiz bilan baham:
1   ...   22   23   24   25   26   27   28   29   ...   43




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling