Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Network Randomization Protocol: A Proactive Pseudo-Random Generator
Tweet

connect with us

Network Randomization Protocol: A Proactive Pseudo-Random Generator

Authors: 

Chee-Seng Chow and Amir Herzberg, IBM, Thomas J. Watson Research Center

Abstract: 

A major security threat to any security solutions based on a centralized server is the possibility of an adversary gaining access to and taking control of the server. The adversary may then learn secrets, corrupt data, or send erroneous messages. In practice, such an adversary may be more prevalent than one would like to admit. It may be a malicious hacker, a virus in an application program, or an unscrupulous system administrator. Proactive security is a novel approach to the server security problem. It uses the distribution of data and control to multiple servers and periodic refreshes between servers. By distributing data and control, one or more servers may be compromised without compromising the system. Periodic refreshes between servers allow a compromised server to "recover" after the attacker leaves, thereby contributing to the system security. A fraction (in some cases all) of the servers must be compromised simultaneously in order to compromise the system. This paper describes the Network Randomization Protocol (NRP) --- a proactive protocol for generating cryptographically secure pseudo-random numbers. The protocol is designed for operation in the Internet and includes defenses against clogging attacks. Issues related to the design and implementation of the protocol are discussed. As virtually no cryptographic task is possible without a source of randomness or pseudo-randomness, NRP is an important basic building block for many cryptographic functions. Furthermore, it serves to illustrate the main ideas and intuitions of proactive security.

Chee-Seng Chow, IBM, Thomas J. Watson Research Center

Amir Herzberg, IBM, Thomas J. Watson Research Center

BibTeX
@inproceedings {253576,
author = {Chee-Seng Chow and Amir Herzberg},
title = {Network Randomization Protocol: A Proactive {Pseudo-Random} Generator},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/network-randomization-protocol-proactive-pseudo-random},
publisher = {USENIX Association},
month = jun,
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/security95/full_papers/chow.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us