Chapter Preview
TopBackground
In this section, we introduce some basic security and dependability concepts and techniques related to intrusion tolerance. A secure information system is one that exhibits the following properties (Pfleeger & Pfleeger, 2002):
- •
Confidentiality. Only authorized users have access to the information.
- •
Integrity. The information can be modified only by authenticated users in authorized ways. Any unauthorized modification can be detected.
- •
Availability. The information is available whenever a legitimate user wants to access it.
Confidentiality is often achieved by using encryption, authentication, and access control. Encryption is a reversible process that scrambles a piece of plaintext into something uninterpretable. Encryption is often parameterized with a security key. To decrypt, the same or a different security key is needed. Authentication is the procedure to verify the identity of a user that wants to access confidential data. Access control is used to restrict what an authenticated user can access.
Integrity can be protected by using secure hash functions, message authentication code (MAC) and digital signatures. For data stored locally, including the application binary files, a checksum is often used as a way to verify data integrity. The checksum can be generated by applying an oneway secure hash transformation on the data. Before the data is accessed, one can verify its integrity by recomputing the checksum and comparing it with the original one. The integrity of a message transmitted over the network can be guarded by a MAC. A MAC is generated by hashing on both the original message and a shared secret key (and often with a sequence number as well). If it is tampered with, the message can be detected in a way similar to that for checksum. For stronger protection, a message can be signed by the sender. A digital signature is produced by first hashing the message using a secure hash function, and then encrypting the hash using the sender’s private key.
Key Terms in this Chapter
Byzantine Quorum System: The system offers read and write services to its clients on a set of replicated data items. A read operation retrieves data from a quorum of correct replicas and a write operation applies the update to a quorum of correct replicas. Any two quorums must overlap by at least one correct replica.
Replica Consistency: The states of the replicas of an application should remain to be identical at the end of the processing of each request. Replica consistency is necessary to mask a fault in some replicas.
Fragmentation Redundancy Scattering: A secret sharing scheme that involves the following three steps: fragmenting a file, replicating each fragment, and distributing the replicated fragments to different storage sites.
Byzantine Fault Tolerance: A replication-based technique used to ensure high availability of an application subject to Byzantine fault.
Byzantine Fault: Used to model arbitrary fault. A Byzantine faulty process might send conflicting information to other processes to prevent them from reaching an agreement.
(k, n) Thread Scheme: A secret is divided into n shares. To reconstruct the secret, at least k shares are needed. No useful information can be obtained from k-1 shares.
Threshold Cryptography: Security operations such as encryption, decryption, signature generation and verification can be performed by a group of processes without reconstructing the shared secret. Threshold cryptography utilizes (k, n) threshold schemes internally.