Abstract by anuja a sonalker on Asymmetric Key Distribution
Download 217.42 Kb. Pdf ko'rish
|
etd
- Bu sahifa navigatsiya:
- 3.10.1 Breaking the system
|
3.10 Security Concerns
Well-known ways to break any secure scheme are physical break-ins to steal the private keys, obtaining the keys during initial distribution, breaking the system, breaking the algorithm. Breaking the algorithm are RSA related issues. Here we deal with the issue of breaking the system. 3.10.1 Breaking the system An attacker maybe able to break into any secure system by either posing as a very good imitation of an existing entity in the system, attacking and gaining control of the focal point of the system or a large number of servers or any means by which the purpose of this secure system is lost without actually breaking the algorithm. Here there are two potential problems, one being the case when ALL the share servers begin to collaborate without the knowledge of the special server, the other if a strong adversary compromises the special server successfully. In the former case, it can be easily shown that such an attack would not break the system. The threshold t-out-of-k signifies the minimum number of share servers that need to take part in a successful transaction. This ensures the signing of certificates in the absence of at most k-t share servers. This also enables us to protect the process of certificate signing from either surreptitious players or an intruder who may be able to compromise a number of peers in the system. The robustness here lies in the fact that until a total of k-t+1 share servers are compromised, the system cannot be brought down. Malicious parties may not be able to get a certificate signed even after a total of t share servers are compromised. This is because the threshold share servers cannot sign a certificate on their own. In order to sign a certificate correctly, we need t share servers AND the Special Server. Compromising t servers is not easy because of the relative size of t. In this scheme, the precondition for choosing t is that t ≥ 2 k +1 in this scheme. These two mathematical conditions ensure that the system cannot be easily compromised. 34 While in the former case, it has been mathematically shown, and physically implemented and proved that no number of share servers can collectively produce the signature of the Special Server, to be able to get an improper certificate signed, there does exist a focal point of security in the Asymmetric Key Distribution algorithm; the Special Server. If the special server were compromised, an attacker can get any improper certificate signed. The Dual Threshold overcomes this problem by creating a hierarchy of shares. By further distributing the Special Servers shares over a small group of servers, this focal point of security concern is diminished. In order to compromise the system now, an adversary would need to compromise at least threshold number of share servers and a threshold number of distributed special servers. Since the two sets of shares are mutually exclusive, this becomes even more difficult because the adversary needs to selectively attack and gain control over at least t of the share servers in the system and f of the special servers to stop the good certificates from being signed. This technique is discussed in detail in the chapter following implementation. Download 217.42 Kb. Do'stlaringiz bilan baham: 
|