Virtual Threshold Security

Date: 2:00pm, June 2, 2017
Location: EE Conference Room (Mudd 1300)
Speaker:  Yotam Harchol, Postdoctoral Researcher, VMware Research

Abstract: Security network protocols such as TLS and SSH use public key cryptography for client authentication. Clients are responsible for storing and handling their private keys, but such private keys are prone to leakage and theft. In fact, many recent infamous attacks exploit stolen or leaked private keys from client machines. In this talk we present VTS - Virtual Threshold Security: a secure and fault-tolerant logically-centralized security management system. VTS leverages k-out-of-n threshold security techniques to provide a high level of security, with integrated fault-tolerance and proactive re-keying that enhances security. VTS provides secure storage and signing services, such that private keys are never stored anywhere, not even when they are used, and not even in main memory or cache. Instead, private keys are split into n shares, such that at least k shares are required in order to use a key. We employ a novel distributed algorithm to refresh the shares every few seconds to prevent many side-channel attacks. VTS also provides central auditing and logging services, so the usage of keys and login sessions can be tracked system-wide. VTS does not require modification in the server side or the security protocols. It releases the client from the liability of holding multiple, unmanaged private keys. We implemented the VTS system, and a patch for OpenSSL libcrypto for client side services. We show that the system is scalable and that the overhead in the client connection setup time is marginal. (Joint work with Ittai Abraham and Asaf Kariv)

Biography: Yotam Harchol is a postdoctoral researcher with VMware Research. He completed his PhD studies at the Hebrew University of Jerusalem, Israel. His research is focused on improved performance and security of network functions and middleboxes.

500 W. 120th St., Mudd 1310, New York, NY 10027    212-854-3105               
©2014 Columbia University