Abstract
One option to instantiate Mobile Target Defense (MTD) [27] strategies in distributed storage and computing systems is to design such systems from the ground up using cryptographic techniques such as secret sharing (SS) and secure multiparty computation (MPC). In standard SS a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any \(t+1\) parties can efficiently recover s. MPC protocols based on secret sharing allow one to perform computations on such secret shared data without requiring reconstructing the data at a central location. MPC thus enables a set of distrusting parties to perform computation on their secret shared data while guaranteeing secrecy of their inputs and outputs, and correctness of the computation, also as long as no more than t parties are corrupted. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in proactively secure protocols such as Proactive Secret Sharing (PSS) and Proactive MPC (PMPC). Proactive security is an example of a cryptographically grounded and theoretically well-studied approach to realize MTD. PSS retains confidentiality even when a mobile adversary corrupts all parties over the lifetime of the secret, but no more than a threshold t during a certain window of time, called the refresh period. As an example of a proactively secure protocol that realizes an MTD strategy we overview the first PSS scheme secure in the presence of a dishonest majority (developed recently in [15]). The PSS scheme is robust and secure against \(t<n-2\) passive adversaries when there are no active corruptions, and secure but non-robust (but with identifiable aborts) against \(t<n/2-1\) active adversaries when there are no additional passive corruptions. The scheme is also secure (with identifiable aborts) against mixed adversaries controlling a combination of passively and actively corrupted parties such that if there are k active corruptions there are less than \(n-k-2\) total corruptions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In the full version we generalize the protocols to handle multiple secrets to increase communication and storage efficiency, and provide an instantiation using commitments based on hardness of discrete logarithms using Feldman’s VSS [19].
References
Backes, M., Cachin, C., Strobl, R.: Proactive secure message transmission in asynchronous networks. In: Proceedings of the Twenty-Second ACM Symposium on Principles of Distributed Computing. PODC 2003, 13–16 July 2003, Boston, Massachusetts, USA, pp. 223–232 (2003). https://doi.org/10.1145/872035.872069
Baron, J., ElDefrawy, K., Lampkins, J., Ostrovsky, R.: How to withstand mobile virus attacks, revisited. In: Proceedings of the 2014 ACM Symposium on Principles of Distributed Computing. PODC 2014, pp. 293–302. ACM, New York (2014). https://doi.org/10.1145/2611462.2611474
Baron, J., Defrawy, K.E., Lampkins, J., Ostrovsky, R.: Communication-optimal proactive secret sharing for dynamic groups. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 23–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28166-7_2
Beerliová-Trubíniová, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 213–230. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_13
Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 663–680. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_39
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of AFIPS National Computer Conference, vol. 48, pp. 313–317 (1979)
Cachin, C., Kursawe, K., Lysyanskaya, A., Strobl, R.: Asynchronous verifiable secret sharing and proactive cryptosystems. In: ACM Conference on Computer and Communications Security, pp. 88–97 (2002)
Canetti, R., Herzberg, A.: Maintaining security in the presence of transient faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_38
Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002)
Chaum, D., Crépeau, C., Damgard, I.: Multiparty unconditionally secure protocols. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing. STOC 1988, pp. 11–19. ACM, New York (1988). https://doi.org/10.1145/62212.62214
Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 445–465. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_23
Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J.B., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 241–261. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_14
Desmedt, Y., Jajodia, S.: Redistributing secret shares to new access structures and its applications. Technical report ISSE TR-97-01, George Mason University, Fairfax, VA, July 1997 (1997)
Dolev, S., Garay, J., Gilboa, N., Kolesnikov, V.: Swarming secrets. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing. Allerton 2009, pp. 1438–1445, September 2009
Dolev, S., ElDefrawy, K., Lampkins, J., Ostrovsky, R., Yung, M.: Proactive secret sharing with a dishonest majority. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 529–548. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44618-9_28
Dolev, S., Garay, J.A., Gilboa, N., Kolesnikov, V.: Secret sharing Krohn-Rhodes: private and perennial distributed computation. In: Proceedings of Innovations in Computer Science - ICS 2010, 7–9 January 2011, Tsinghua University, Beijing, China, pp. 32–44 (2011). http://conference.itcs.tsinghua.edu.cn/ICS2011/content/papers/18.html
Dolev, S., Garay, J.A., Gilboa, N., Kolesnikov, V., Yuditsky, Y.: Towards efficient private distributed computation on unbounded input streams. J. Math. Cryptol. 9(2), 79–94 (2015). https://doi.org/10.1515/jmc-2013-0039
Eldefrawy, K., Ostrovsky, R., Park, S., Yung, M.: Proactive secure multiparty computation with a dishonest majority. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 200–215. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_11
Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science. SFCS 1987, pp. 427–438, IEEE Computer Society, Washington, DC (1987). https://doi.org/10.1109/SFCS.1987.4
Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Proactive RSA. In: Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology. CRYPTO 1997, pp. 440–454. Springer, London (1997). http://dl.acm.org/citation.cfm?id=646762.706164
Frankel, Y., Yung, M.: Cryptosystems robust against “dynamic faults” meet enterprise needs for organizational “change control”. In: Franklin, M. (ed.) FC 1999. LNCS, vol. 1648, pp. 241–252. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48390-X_18
Franklin, M.K., Yung, M.: Communication complexity of secure computation (extended abstract) In: STOC, pp. 699–710(1992)
Federal Trade Commission FTC: The Equifax data breach (2017). https://www.ftc.gov/equifax-data-breach. Accessed 27 Apr 2018
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing. STOC 1987, pp. 218–229. ACM, New York (1987). https://doi.org/10.1145/28395.28420
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27
Hirt, M., Maurer, U., Lucas, C.: A dynamic tradeoff between active and passive corruptions in secure multi-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 203–219. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_12
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats, 1st edn. Springer, New York (2011). https://doi.org/10.1007/978-1-4614-0977-9
LATimes: Anthem is warning consumers about its huge data breach. Here’s a translation (2016). http://www.latimes.com/business/hiltzik/la-fi-mh-anthem-is-warning-consumers-20150306-column.html. Accessed 27 Apr 2018
Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC, pp. 51–59 (1991)
Rabin, T., Ben-Or, M.: Verifiable secret sharing and multiparty protocols with honest majority. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing. STOC 1989, pp. 73–85. ACM, New York (1989). https://doi.org/10.1145/73007.73014
Schultz, D.: Mobile proactive secret sharing. Ph.D. thesis, Massachusetts Institute of Technology (2007)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Wong, T.M., Wang, C., Wing, J.M.: Verifiable secret redistribution for archive system. In: IEEE Security in Storage Workshop, pp. 94–106 (2002)
Zhou, L., Schneider, F.B., van Renesse, R.: APSS: proactive secret sharing in asynchronous systems. ACM Trans. Inf. Syst. Secur. 8(3), 259–286 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Eldefrawy, K., Ostrovsky, R., Yung, M. (2018). Theoretical Foundations for Mobile Target Defense: Proactive Secret Sharing and Secure Multiparty Computation. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-04834-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04833-4
Online ISBN: 978-3-030-04834-1
eBook Packages: Computer ScienceComputer Science (R0)