I ntrusion T olerance via T hreshold C ryptography

1. ITTC Intrusion ToleranceviaThreshold Cryptography Dan Boneh Stanford University Bill Aiello Bellcore Michael Malkin Stanford University Tom Wu Stanford University http://www.stanford.edu/~dabo/ITTC/

2. Absolute intrusion prevention is impossible Networked systems should be designed to maintain security even when hosts are penetrated and sensitive information is exposed. Main Design Principle Long-term security information should never be located at a single location: No single point of failure!

3. Scalability and Performance • High availability of private keys • Automatic load-balancing among share servers • Can reconstruct lost or corrupted shares • Arbitrary number of clients, up to 15 share servers • Can refresh shares to recover from compromised servers

4. Objectives • A module that can provide intrusion tolerance to legacy systems • Protect long term security information using threshold cryptography • Eliminate trusted dealers: keys are generated and managed without trusted dealers

5. Share Server 1 Share Server 2 Share Server 3 CTL CTL CTL Share #1 Share #2 Share #3 TLB TLB TLB Architecture • Share servers manage multiple clients and keys • Central administration of share servers

6. Library Components COM: Enables private and authenticated communication KEY: Key management GEN: Key generation with no trusted dealer NTD: Threshold decryption

7. Controllers CTL: Controller for share servers TLB: Client API of threshold decryption library, identifies compromised hosts ADM: Administration utilities

8. Certification Authority Gateway Request X.509 • CA’s private key is shared among three servers • Any two servers can generate certificate • No trusted dealer • Hard to break into two sites: diversity + refresh Share #1 Share #2 Share #3

9. #1 #2 #3 Web Server Internet User Web Server • ITTC is used to establish the SSL session key • SSL ensures a secure connection • The server’s private key is never reconstructed at a single location.