Research On Intrusion Tolerant System And Its Key Techniques

Intrusion tolerance is the core of the third generation network security: survivability technology. Different from the traditional firewall and intrusion detection technologies, intrusion tolerance focuses on the impact of intrusion rather than the cause.In order to improve the existing generic service oriented intrusion tolerant system in aspect of architecture and function, this paper presents an improved adaptive intrusion tolerant system (IAITS) with improved architecture, functional modules and key techniques. From an overall consideration of the system, mixed with firewall, intrusion detection and other traditional technologies, IAITS combines redundancy, diversity and various fault tolerant techniques, thus enhancing reliability through active replication and secure multicast, reaching tradeoff between system complexity and intrusion tolerance ability by redundant design only in most vulnerable components, and supporting data protection on the basis of architecture with only a little extra cost in software and hardware by making use of topological coherence between application servers group and key share servers group.Then, research on three key techniques in the system is carried out for improvement. First, by introducing secret sharing techniques, an RSA based (t, n) signature scheme is presented to protect sensitive data. Based on Shamir secret sharing, it combines the advantages of RSA algorithm, (t, n) and VSS scheme. Second, a dynamic plurality voting algorithm is designed and implemented so as to provide more flexible input and more correct output. Its main improvement is that the parameter, involving replica's source and number, can be aptly adjusted. Meanwhile, trust degree evaluation of all replicas is established to enhance the system's adaptability. In the end, a hierarchical quantitative method of system security evaluation is presented on the proposed succinct state transition model. Different from attack rule based IDS, this method focuses on the impact rather than the reason of the attack, so it reacts to both known and unknown attacks. With easily obtained input, simple calculation and good extensibility, this method, as supplement to intrusion detection method, practically helps to trigger the reconfiguration, especially on suspicious intrusion conditions.