Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,"— Presentation transcript:

1 Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting, and Carlos A. Ugarte

2 Overview  Traditional security services –Single method to guarantee security attributes –Single point of vulnerability  Use redundancy to increase survivability –Implement using multiple methods –Implement in ways that can vary unpredictably

3 Requirements  Appropriate techniques  System support

4 Techniques  Use multiple methods to enforce security attribute –If one method remains intact, attribute remains uncompromised  Methods need to be independent –Use of same key by different methods can result in both being defeated

5 Example - Secure Messaging  Encrypt messages with different methods –Use DES, then IDEA –Alternate the sequence of applying DES and IDEA for different messages –Apply different methods to different parts of message  Both methods would have to be identified and broken to compromise data

6 System Support  Simplifies redundancy based survivability techniques using the appropriate software customization framework.  Automation of techniques

7 Example - SecComm  SecComm –A highly configurable secure communicate service –Implemented using Cactus  Cactus –A framework for software customization –Constructs configurable network protocols and services –Implements each service property as a separate software module (called a micro-protocol)

8 Security Properties  Basic –Authenticity –Privacy –Integrity –Non-repudiation  Attack Specific –Replay prevention –Known plain text attack prevention

9 Basic Security Micro-protocols (MPs)  Individual methods that can be utilized  Addresses security properties  Allows different abstract service properties and their variants to be implemented as independent modules

10 Meta-security MP’s  Applying multiple or alternating basic security micro-protocols  Selected based on the desired properties  Creates a complex protocol –Key feature to enabling redundancy for survivability

11 Examples of Meta-security MP’s  MultiSecurity –Applies multiple basic security MP’s to a message in sequence  AltSecurity –Applies one MP to each message, sequentially from a predetermined list  RandomAltSecurity –Randomly chooses the method for each message

12 Trade-offs  Performance  Configuration constraints

13 Why is this important?  Needs to be considered when designing architecture  Can reduce the potential for compromise –Security through obscurity –Use of available technology

14 Questions

Download ppt "Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.

An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.
Introduction Why do we need Mobile OGSI.NET? Drawbacks:

Introduction Why do we need Mobile OGSI.NET? Drawbacks:
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.

TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Similar presentations

Ads by Google