[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Protecting Secret Data from Insider Attacks

  • Conference paper
Financial Cryptography and Data Security (FC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3570))

Included in the following conference series:

Abstract

We consider defenses against confidentiality and integrity attacks on data following break-ins, or so-called intrusion resistant storage technologies. We investigate the problem of protecting secret data, assuming an attacker is inside a target network or has compromised a system.

We give a definition of the problem area, and propose a solution, VAST, that uses large, structured files to improve the secure storage of valuable or secret data. Each secret has its multiple shares randomly distributed in an extremely large file. Random decoy shares and the lack of usable identification information prevent selective copying or analysis of the file. No single part of the file yields useful information in isolation from the rest. The file’s size and structure therefore present an enormous additional hurdle to attackers attempting to transfer, steal or analyze the data. The system also has the remarkable property of healing itself after malicious corruption, thereby preserving both the confidentiality and integrity of the data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Arge, L., Knudseni, M., Larsent, K.: A general lower bound on the complexity of comparison-based algorithm. In: Dehne, F., Sack, J.-R., Santoro, N. (eds.) WADS 1993. LNCS, vol. 709, pp. 83–94. Springer, Heidelberg (1993)

    Google Scholar 

  2. Aggarwal, A., Vitter, J.S.: The i/o complexity of sorting and related problems. In: Proc. 14th ICALP (1987)

    Google Scholar 

  3. Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Longman (2003)

    Google Scholar 

  4. Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, p. 500. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. Cheswick, B.: The design of a secure internet gateway. In: Proc. of Usenix Summer Conference (1990)

    Google Scholar 

  6. Capocelli, R.M., De Santis, A., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 101–113. Springer, Heidelberg (1992)

    Google Scholar 

  7. Deswarte, Y., Fabre, J.C., Fray, J.M., Powell, D., Ranea, P.G.: Saturne: a distributed computing system which tolerates faults and intrusions. In: Workshop on the Future Trends of Distributed Computing Systems in the 1990s, September 1988, pp. 329–338 (1988)

    Google Scholar 

  8. Fray, J.-M., Deswarte, Y., Powell, D.: Intrusion tolerance using fine-grain fragmentation-scattering. In: Proc. IEEE Symp. on Security and Privacy, pp. 194–201 (1991)

    Google Scholar 

  9. Fabre, J.-C., Deswarte, Y., Randall, B.: Designing secure and reliable applications using fragmentation-redundancy-scattering: an object-oriented approach. In: PDCS 1992 (1992)

    Google Scholar 

  10. Frost, H., Martz, A.: The storage performance dilemma (2003), http://www.texmemsys.com/files/f000160.pdf

  11. Hennessy, J.L., Patterson, D.A.: Computer Organization and Design. Morgan Kaufman Publishers, San Francisco (2003)

    Google Scholar 

  12. Katzenbeisser, S., Petitcolas, F.A.P. (eds.): Information Hiding Techniques for Steganography and Digital Watermarking. Artech House Books (2000)

    Google Scholar 

  13. Lakshmanan, S., Ahamad, M., Venkateswaran, H.: A secure and highly available distributed store for meeting diverse data storage needs. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2001 (2001)

    Google Scholar 

  14. Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher (1992)

    Google Scholar 

  15. Malkhi, D., Reiter, M.: Byzantine quorum systems. Distributed Computing 11, 203–213 (1998)

    Article  Google Scholar 

  16. Patt, N.P.: The I/O subsystem: A candidate for improvement. IEEE Computer: Special Issue 24 (1994)

    Google Scholar 

  17. Provos, N., Mazieres, D.: A future-adaptable password scheme (1999), http://www.openbsd.org/papers/bcrypt-paper.ps

  18. Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM 36 (April 1989)

    Google Scholar 

  19. Shamir, A.: How to share a secret. Comm. of ACM 13(7), 422–426 (1970)

    Article  Google Scholar 

  20. Wylie, J., Bigrigg, M., Strunk, J., Ganger, G., Kiliccote, H., KhoslaComputer, P.: Survivable information storage systems. In: IEEE Computer, August 2000, vol. 33, pp. 61–68 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dagon, D., Lee, W., Lipton, R. (2005). Protecting Secret Data from Insider Attacks. In: Patrick, A.S., Yung, M. (eds) Financial Cryptography and Data Security. FC 2005. Lecture Notes in Computer Science, vol 3570. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11507840_2

Download citation

  • DOI: https://doi.org/10.1007/11507840_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26656-3

  • Online ISBN: 978-3-540-31680-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics