Authenticating compromisable storage systems

Jiangshan Yu; Mark Ryan; Liqun Chen

doi:10.1109/Trustcom/BigDataSE/ICESS.2017.216

Authenticating compromisable storage systems

Jiangshan Yu, Mark Ryan, Liqun Chen

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

220 Downloads (Pure)

Abstract

A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term,
we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise the
system.

Original language	English
Title of host publication	Proceedings of 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17)
Publisher	IEEE Computer Society Press
Number of pages	8
ISBN (Electronic)	978-1-5090-4906-6
ISBN (Print)	978-1-5090-4907-3
DOIs	https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216
Publication status	Published - 11 Sept 2017
Event	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17) - Sydney, Australia Duration: 1 Aug 2017 → 4 Aug 2017

Conference

Conference	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17)
Country/Territory	Australia
City	Sydney
Period	1/08/17 → 4/08/17

Access to Document

10.1109/Trustcom/BigDataSE/ICESS.2017.216Licence: None: All rights reserved

Yu_et_al_Authenticating_compromisable_IEEE_2017
Checked for eligibility: 09/06/2017
Accepted author manuscript, 120 KB

https://ieeexplore.ieee.org/document/8029419Licence: None: All rights reserved

Cite this

@inproceedings{d38cdbca8f954ccbaa3a4ef147304c21,

title = "Authenticating compromisable storage systems",

abstract = "A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term,we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise thesystem.",

author = "Jiangshan Yu and Mark Ryan and Liqun Chen",

year = "2017",

month = sep,

day = "11",

doi = "10.1109/Trustcom/BigDataSE/ICESS.2017.216",

language = "English",

isbn = "978-1-5090-4907-3",

booktitle = "Proceedings of 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17)",

publisher = "IEEE Computer Society Press",

note = "16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17) ; Conference date: 01-08-2017 Through 04-08-2017",

}

Yu, J, Ryan, M & Chen, L 2017, Authenticating compromisable storage systems. in Proceedings of 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17). IEEE Computer Society Press, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17), Sydney, Australia, 1/08/17. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.216

TY - GEN

T1 - Authenticating compromisable storage systems

AU - Yu, Jiangshan

AU - Ryan, Mark

AU - Chen, Liqun

PY - 2017/9/11

Y1 - 2017/9/11

N2 - A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term,we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise thesystem.

AB - A service may be implemented over several servers, and those servers may become compromised by an attacker, e.g. through software vulnerabilities. When this happens, the service manager will remove the vulnerabilities and re-instate the server. Typically, this will involve regenerating the public key by which clients authenticate the service, and revoking the old one. This paper presents a scheme which allows a storage service composed of several servers to create a group public key in a decentralised manner, and maintain its security even when such compromises take place. By maintaining keys for a long term,we reduce the reliance on public-key certification. The storage servers periodically update the decryption secrets corresponding to a public key, in such a way that secrets gained by an attacker are rendered useless after an update takes place. An attacker would have to compromise all the servers within a short period lying between two updates in order to fully compromise thesystem.

U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.216

DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.216

M3 - Conference contribution

SN - 978-1-5090-4907-3

BT - Proceedings of 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17)

PB - IEEE Computer Society Press

T2 - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17)

Y2 - 1 August 2017 through 4 August 2017

ER -

Authenticating compromisable storage systems

Abstract

Conference

Access to Document

Fingerprint

Cite this