Abstract
We consider defenses against confidentiality and integrity attacks on data following break-ins, or so-called intrusion resistant storage technologies. We investigate the problem of protecting secret data, assuming an attacker is inside a target network or has compromised a system.
We give a definition of the problem area, and propose a solution, VAST, that uses large, structured files to improve the secure storage of valuable or secret data. Each secret has its multiple shares randomly distributed in an extremely large file. Random decoy shares and the lack of usable identification information prevent selective copying or analysis of the file. No single part of the file yields useful information in isolation from the rest. The file’s size and structure therefore present an enormous additional hurdle to attackers attempting to transfer, steal or analyze the data. The system also has the remarkable property of healing itself after malicious corruption, thereby preserving both the confidentiality and integrity of the data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Arge, L., Knudseni, M., Larsent, K.: A general lower bound on the complexity of comparison-based algorithm. In: Dehne, F., Sack, J.-R., Santoro, N. (eds.) WADS 1993. LNCS, vol. 709, pp. 83–94. Springer, Heidelberg (1993)
Aggarwal, A., Vitter, J.S.: The i/o complexity of sorting and related problems. In: Proc. 14th ICALP (1987)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Longman (2003)
Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, p. 500. Springer, Heidelberg (1999)
Cheswick, B.: The design of a secure internet gateway. In: Proc. of Usenix Summer Conference (1990)
Capocelli, R.M., De Santis, A., Gargano, L., Vaccaro, U.: On the size of shares for secret sharing schemes. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 101–113. Springer, Heidelberg (1992)
Deswarte, Y., Fabre, J.C., Fray, J.M., Powell, D., Ranea, P.G.: Saturne: a distributed computing system which tolerates faults and intrusions. In: Workshop on the Future Trends of Distributed Computing Systems in the 1990s, September 1988, pp. 329–338 (1988)
Fray, J.-M., Deswarte, Y., Powell, D.: Intrusion tolerance using fine-grain fragmentation-scattering. In: Proc. IEEE Symp. on Security and Privacy, pp. 194–201 (1991)
Fabre, J.-C., Deswarte, Y., Randall, B.: Designing secure and reliable applications using fragmentation-redundancy-scattering: an object-oriented approach. In: PDCS 1992 (1992)
Frost, H., Martz, A.: The storage performance dilemma (2003), http://www.texmemsys.com/files/f000160.pdf
Hennessy, J.L., Patterson, D.A.: Computer Organization and Design. Morgan Kaufman Publishers, San Francisco (2003)
Katzenbeisser, S., Petitcolas, F.A.P. (eds.): Information Hiding Techniques for Steganography and Digital Watermarking. Artech House Books (2000)
Lakshmanan, S., Ahamad, M., Venkateswaran, H.: A secure and highly available distributed store for meeting diverse data storage needs. In: Proceedings of the International Conference on Dependable Systems and Networks, DSN 2001 (2001)
Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher (1992)
Malkhi, D., Reiter, M.: Byzantine quorum systems. Distributed Computing 11, 203–213 (1998)
Patt, N.P.: The I/O subsystem: A candidate for improvement. IEEE Computer: Special Issue 24 (1994)
Provos, N., Mazieres, D.: A future-adaptable password scheme (1999), http://www.openbsd.org/papers/bcrypt-paper.ps
Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM 36 (April 1989)
Shamir, A.: How to share a secret. Comm. of ACM 13(7), 422–426 (1970)
Wylie, J., Bigrigg, M., Strunk, J., Ganger, G., Kiliccote, H., KhoslaComputer, P.: Survivable information storage systems. In: IEEE Computer, August 2000, vol. 33, pp. 61–68 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dagon, D., Lee, W., Lipton, R. (2005). Protecting Secret Data from Insider Attacks. In: Patrick, A.S., Yung, M. (eds) Financial Cryptography and Data Security. FC 2005. Lecture Notes in Computer Science, vol 3570. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11507840_2
Download citation
DOI: https://doi.org/10.1007/11507840_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26656-3
Online ISBN: 978-3-540-31680-0
eBook Packages: Computer ScienceComputer Science (R0)