52 
Chapter 5 
 
Dual Threshold Approach 
In the previous chapter a modified public key system was introduced for handling a 
special situation where a coalition needs to be formed by parties not completely sharing 
the same views or completely trusting each other but needing to collaborate on global 
issues. In this scenario of “trust-but-don’t–trust-blindly” if the Special Server were to be 
the focus of one’s attack, the compulsory share would fall into the hands of an attacker. 
While it is proven that in other circumstances of compromised entities, though there may 
arise a situation where the good servers may not be able to sign a certificate correctly due 
to insufficient number of good servers, a situation where a malicious entity would be able 
to get a certificate signed illegitimately does not arise. In other words, an external 
attacker cannot generate a meaningful signature without compromising the SS. 
This threat from a clever enemy, who chooses to attack the Special Server opens up a 
vulnerability in the algorithm. If the Special Server is attacked and compromised 
successfully, the attacker can send out a CSR. He only needs any t out of the k Share 
Servers in the system to send their signed shares, to get the bad certificate signed, which 
may not be a problem if the attack on the SS goes undetected. 
This problem can be overcome by a slight modification to the structure of the Special 
Server. This solution is called the Dual Threshold Approach. The structure of the Special 
Server is now distributed over a second hierarchical level of Distributed Special Servers 
within the same network. In other words, the Special Server is now a collection of 
Distributed Special Servers, which combine to form the Special Servers share.

53 
Special Server
share 
Distributed SS Distributed SS Distributed SS Distributed SS Distributed SS 

Download 217.42 Kb.

Do'stlaringiz bilan baham: