| In a computer information system, a single point of failure is a critical point such that, if not working properly, it will dramatically compromise the whole system's availability. Replication of such a point may increase the system's availability but will not improve the confidentiality of the critical points as it merely introduces new single points.; The single point problem that addresses both the availability and the confidentiality issues is called the single point of attack problem and is the topic of this dissertation.; The ideal way to improve the security of systems that have single points of attack is to remove these points without sacrificing the system's functionality. This dissertation researches this topic and works on several representative examples, using secure distributed computing and threshold cryptography as primitives.; The Domain Name System (DNS) secure dynamic update is our first example. The existing approach by the Internet Engineering Task Force (IETF) may cause the failure of role separation of the zone manager and the name server administrator (thus making power abuse possible) and lead to on-line storage of a zone security related key, which becomes a single point of attack available to both inside and outside attackers. The first contribution of this dissertation is an architecture for DNS secure dynamic update, which eliminates these security compromises through threshold digital signature. Under this architecture different security levels can be achieved through proper configurations and, at the same time, genuine and secure DNS dynamic update is supported.; The second representative example is about the malicious host problem of mobile agent-based electronic commerce (MABEC). MABEC is an e-commerce approach that offers many advantages and also invites serious security problems, among which is the malicious host problem. The existing approaches to this problem, tamper detection and secrecy preservation, require the existence of an agent home which may become a single point of attack. To avoid such a single point of attack, no agent home should be expected in MABEC. A solution to the MABEC malicious host problem that satisfies the no-agent-home requirement must be capable of resisting tamper by malicious servers, during the e-commerce transaction, because there will be no subsequent places for detecting possible corruption. Based on this notion, this dissertation defines the concept of mission tamper resistance of MABEC, gives a model for this concept and investigates its realization, which becomes the second contribution of this dissertation.; In this dissertation, an implementation framework is also developed to systematically remove single points of attack from computer systems using public key cryptography. (Abstract shortened by UMI.)... |
PDF Full Text Request