CN1819583A - Hierarchical tolerant invading scheme based on threshold - Google Patents

Abstract

The invention namely is: defense system + proxy server+ cost application servers+ data base management systems+ database invasion tolerant. The redundancy is combined with diverse technology. In database invasion tolerant, an improved privacy sharing scheme is adopted to build a special RSA signature system. When p and q takes safety factor, the said scheme has identical safety with original RSA signature scheme, and there is no need to make any algebraic extension for ring ZU(n).

Description

A kind of hierarchical tolerant invading scheme based on thresholding

Technical field

The invention belongs to network and information security field, be specifically related to the improvement of intrusion tolerance system structure and the raising of algorithm.

Background technology

Along with the fast development of network technology, the level of informatization of society improves constantly, and network is when bringing huge economic benefit and social benefit to people, and network security problem also becomes increasingly conspicuous.The threat of network security mainly comes from attack to network, destruction and by the invasion of network to information system.In order to resist invasion or to attack, people often use various safety systems to ensure the safety of computer system.The technology that traditional solution adopted mainly contains fire compartment wall, access control, intrusion detection, authentication, encryption etc., and the main purpose of these safe practices is defensive attack or invasion.But in fact, along with the increase of system complexity and number of users, attempt each details of system and user controlled and become very difficult, these defensive measures are invalid for some malicious attacks.Malicious attacker can obtain from the authority of internal system attacking system, and traditional safety approach is pale and weak in the face of these threats seem.Therefore, under the situation of defence failure, but how the survivability of safeguards system just becomes a focus of current safety area research.Like this, a kind of new safe practice-tolerant invading technology is more and more paid attention to by network information security researcher.Tolerant invading is the application of fault-tolerance approach in network safety filed, and the weakness of this method supposing the system can not be eliminated fully, and the unauthorized access of this weakness acquisition to system will be discerned and utilize to outside or inner malicious attacker.The target of tolerant invading is to have part invaded in system, can also keep the normal service of system under the situation of decreased performance.

Intrusion detection is a kind of method that is used for detecting information system abnormal behaviour, belongs to the Passive Defence technology after invasion.Along with development of computer, the new attack technology constantly occurs, and the form of attack is also more and more, even also may there be many mutation in a kind of invasion activity.Intrusion detection generally can only detect known and invasion that define or attack, and also has problems such as high rate of false alarm, omission and time delay on performance; Tolerant invading considers that mainly system has the ability of self diagnosis, reparation and reconstruct under the situation that invasion exists.So the tolerant invading technology not only will be considered more will solve under the situation that invasion exists invasion and the strick precaution of attacking, but the survivability of system and capability to resist destruction problem.In general, the tolerant invading technology comprises the content of two aspects: at first, the tolerant invading technology can make system have recoverability for invasion and attack---elasticity, and this mainly realizes by infringement reparation; Next is the invasion trigger, and its function realizes by intruding detection system.Requirement for trigger is that high coverage rate and the alert rate of low mistake will be arranged.High coverage rate is meant that the mistake that causes for any attack or invasion can both detect, and wrongly just should be found before being propagated by system.And in fact, therefore the speed of intrusion detection want to avoid error propagation must take suspicious transaction isolation and control measure far below the db transaction execution speed.

Purpose of the present invention

Tolerant invading scheme in the past is mostly just from the tolerance of an aspect taking into account system, and is more single.The present invention considers inbreak-tolerated scheme from the overall structure of system, a kind of hierarchical tolerant invading scheme based on thresholding is proposed, i.e. " defence system+Proxy server (brief note is PS)+COST application servers group (Application Servers)+data base management system (DBMS)+Database Intrusion tolerance ", redundancy and diversity technology are combined, adopt authentication and threshold secret sharing scheme.The present invention adopts the general safety strategy, and comprehensive multiple safety measure realizes the multilayer tolerance, and multi-faceted tolerance has guaranteed user's the authenticity and the confidentiality, integrity, and availability of confidential data.

The technical scheme of invention

The present invention proposes Pyatyi tolerant invading structure i.e. " defence system+Proxy server (brief note is PS)+COST application servers group (Application Servers)+data management system (DBMS)+Database Intrusion tolerance " on the structure of existing tolerant invading, as shown in Figure 1.

Adopt the entire system security strategy, comprehensive multiple safety measure and mathematical method to be guaranteeing integrality, the confidentiality of system, the availability of server and Database Systems service, as shown in Figure 2.

1 defence system

The system of defense of the first order tentatively plays the function of intrusion prevention.

The realization of 2 PS tolerant invadings

In this structure, Proxy server (PS) plays crucial effect, thereby easily becomes one of highest priority of external attack.In system's running, main PS is responsible for filtering and purifying client's service request, and effective client requests is passed to application servers group (AS).The handing-over time when breaking down in order to reduce main PS, each PS sets certain priority.Main PS sends information by its " monitor " agency regular (several seconds at interval, be called broadcast interval) to all auxiliary PS, and authenticates mutually.Simultaneously, auxiliary PS also will in time give a response the information that main PS sends, if main within a certain period of time PS does not receive replying of certain auxiliary PS, then should send warning message, shows to break down by auxiliary PS.All auxiliary PS can both receive the information that main PS sends, if all auxiliary PS do not receive the information of main PS within a certain period of time, illustrate that main PS breaks down, what this moment, auxiliary PS medium priority was the highest becomes new main PS, former main PS continues operation as auxiliary PS after fixing a breakdown.。

In order to strengthen the anti-attack ability of PS, as a dynamic virtual server, not fixing a certain PS is main PS with main PS.Externally, main PS only represents an IP address in the PS server.

Simultaneously, in order to improve the performance of tolerant invading, our CA, acting server group (PS), management server group and intruding detection system utilized capable of being combined forms a tolerant invading CA architecture, as shown in Figure 3.

When CA received certificate request, CA used its private key d that certificate is signed.CA itself preserves the private key d of oneself, and private key is stored on n the acting server by secret sharing scheme.

3 application server tolerant invading features

The inbreak-tolerated feature of application server embodies by following two aspects:

(1) different application servers run on the different platforms, and the application software of being moved adopts many version program designs, attack the destruction of causing Servers-all to prevent same kind.

(2) by the authentication of PS application server, in time find the application server that goes wrong.In addition, can also find suspicious server by monitor by main PS, and temporary transient the interruption and it get in touch, carry out troubleshooting, and this moment, other application servers continued operation.

The anti-tolerant invading principle of 4 data base management systems (DBMS)

The subscriber computer ciphertext data is stored in the data of different types base management system (DBMS) under the variety classes operating system (OS), its essence is the certain redundancy of introducing in system, different application servers operates in the different operating system, and application program adopts many version program designs.The combination of several operation systems and data base management system can be provided with extra obstacle to the assailant; because the assailant can not interiorly at one time implement effective attack to various operating systems and data base management system, thereby effective protected data library backup.All will be in the defensive measure of operating system and data base management system level by intrusion detection as prerequisite and basis.

The tolerant invading of 5 databases

Study of Intrusion Detection to database gets less at present.Because system is to intrusion detection time of affairs much larger than time that affairs are carried out, the problem that the transaction-level tolerant invading will solve is, before the malice affairs are found, how guaranteeing that the database that caused by the malice affairs damages can not spread, and the reparation that is damaged data after the malice affairs are positioned.

Damage the problem that can not spread for the database that how to guarantee to cause, can solve by isolation or control technology by the malice affairs.The core concept of isolation technology is: the transaction-level intrusion detection is provided with threshold T Hm and THs (value of THm and THs depends on the statistical analysis of previous attack) according to the data statistics of being attacked in the past, two kinds of other warnings of level of intrusion detection report.When unusual affairs were higher than unusual thresholding THm, these affairs were reported as malice; When unusual affairs are lower than unusual thresholding THm, and when being higher than suspicious thresholding THs, these affairs are reported as suspicious.After the malice affairs were reported, system located these affairs and reports to the police; After suspicious affairs were reported, the coordinator was isolating under the gerentocratic assistance, and Ts (and user's affairs afterwards of submitting Ts to) is redirected in the virtual isolated data storehouse, and the user is isolated there.Subsequently, if the user is proved to be malice, isolates the manager and will cancel this user's operation; If the user is not a malice, isolate the operating result importing master data base of manager with this user.The thought of control technology is: destroying the control process has a control device, these means can be controlled the mistake that may cause immediately after invasion is detected, and have one or more releasing control devices to remove to remove the object of being controlled by mistake afterwards, and the object of being cleared up.Destroy the effector and carry out control device to the control executor by sending some control commands.The deregulator carries out the releasing control device by sending some control commands to the control executor under the assistance that destroys the evaluator.The executor is according to these commands for controlling user's business accessing databases in control.And for a back problem, the reparation of corrupt data after the malice affairs are positioned, scheme can be taked to increase timestamp into the affairs of each submission, and be the affairs foundation read-write dependence graph of all submissions, B is detected as the malice affairs, all affairs after B submits to will be cancelled as long as be subjected to the B influence so, and its result does not have ruined recent release displacement with these affairs.

Adopt the safe storage structure of secret technology of sharing when storage, can adopt safe storage structure, utilize secret technology of sharing that database replication, dispersion are stored on a plurality of memory nodes, thereby guarantee the confidentiality, integrity, and availability of confidential data.Data in the database are divided into confidential data and general data according to required safe class, the backup fully of storage general data on each memory node.Confidential data takes that (t, n) threshold cryptography scheme are divided into n part with confidential data, store n memory node respectively into.Suppose that thresholding is that (t＜n), then for confidential data, when i memory node is unavailable, need only n-i＞t then can guarantee the availability and the integrality of confidential data to t; When the assailant obtained i memory node data, as long as i＜t, then the assailant can not therefrom obtain confidential data, thereby has guaranteed the confidentiality of confidential data.

At this, we adopt a kind of improved threshold schemes, and a secret S is divided into n the secret S of part ₁, S ₂..., S _n, and these part secrets are distributed to n participant (participants) P1, P2 ..., Pn administers.From P1, P2 ..., some given combination (p of Pn _iNumber more than or equal to t) can cooperation recover secret S, other combinations then can't obtain any calculating useful information about secret S, a kind of like this scheme is called secret sharing scheme, the secret S of part _i(i=1,2 ..., n) be called secret share (shares).Participant Pi is then corresponding to be called share holder (shareholders).In a secret sharing scheme with n share, utilize any t (1≤t≤n) individual or more a plurality of shares can be recovered secret S, and with any t-1 or still less a share can not obtain any useful information about secret S.

Concrete steps are as follows:

Establishment stage

(1) set up RSA (or modified R A) cryptographic system, and to establish used parameter be p, q, n, e, d chooses big prime number (disclosing) r＞n.At this moment, private key d can regard Z as _rElement on (prime field) (under this viewpoint, below the 2nd, 3 the step with Z _rBe (t, n) Threshold Secret share scheme) to key d of background field foundation based on the Lagrange interpolation;

(2) secret is chosen Z _rOn the h of multinomial at random (x), make d=h (0);

(3) choose interpolation knot x _i∈ Zr (i=1,2 ..., n) as open parameter, the secret y that calculates _i=h (x _i) mod r, and with (x _i, y _i) (i=1,2 ..., n) secret sends to corresponding participant P _iAs its secret share of holding.Note P={P ₁, P ₂..., P _nIt is the set that all share holders form;

(4) get and decide m ₀∈ Z _n ³Make m ₀At group Z _n ³In rank be λ (n) (seeing theorem 1);

(5) calculate v ₀=m ₀ ^dMod n, u ₀=m ₀ ^rMod n, and with m ₀, v ₀, u ₀Open.

Through above 5 steps, we obtain open parameter, r, x _i(i=1,2 ..., n), m ₀, v ₀, u ₀And P _iThe secret parameter y that exclusively enjoys _i=h (x _i) mod r, after secret sharer obtained these parameters, all parameters were all destroyed in the trusted party.

Be provided with ciphertext c, (be contracted notation, might as well establish t the share holder who participates in deciphering is P to any t share holder to the c deciphering according to the following procedure ₁, P ₂..., P _t).

The deciphering stage

(1) to i=1,2 ..., t, each share holder P _iCalculate

$d_i=y_i\underset{\underset{j\≠i}{j=1}}{\overset{t}{\mathrm{\Π}}}[(-x_j)/(x_i-x_j)]\mathrm{mod}r,$

$m_i=c^{d_i}\mathrm{mod}n,$

$m_{0i}={m_0}^{d_i}\mathrm{mod}n,$

And with m _i, m _0i(C can be P to be sent to appointment decrypt generation person C _iOne of).

(2) decrypt generation person C seeks k feasible (seeing theorem 2):

$\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_{0i}\≡u_0^k{v}_0\mathrm{mod}n---\left(1\right)$

And calculate

$m=c^{-\mathrm{rk}}\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_i\mathrm{mod}n---\left(2\right)$

M promptly is a ciphertext c corresponding plaintext message (seeing theorem 3).

Annotate: (x _i-x _j) ^-1Mod r can calculate at establishment stage, thereby reduces the amount of calculation in deciphering stage.

In order to resist various attack, p-1, q-1 should contain big prime factor, and this sets up the RSA system and must guarantee.Thereby might as well suppose, setting up in the process of rsa cryptosystem system, guaranteed p-1=ap ₁, q-1=bq ₁, wherein, a, b are little positive integer, p ₁, q ₁For big prime number (especially, as if a=b=2, p, q is safe prime), at this moment, can suppose p-1, the prime factor breakdown of q-1 is known.The validity and the correctness of above scheme are discussed below us under this assumption.

The mould n=pq of 1 couple of RSA of theorem, if p-1, q-1 contains big prime factor, and the prime factor breakdown is known, then multiplicative group Z _n ³Scala media is that the element of λ (n) is easily asked.In fact, Z _n ³Scala media is that the element of λ (n) has at least φ (λ (n)) individual.

Identity basis hypothesis, p-1, q-1 contain big prime factor and the prime factor breakdown is known, so the primitive root of mould p, mould q is tried to achieve easily, thereby the primitive root that might as well suppose to have mould p, mould q is gp, gq.With δ _k(a) expression integer a is about the index of mould k, then δ _p(gp)=and p-1, δ _q(gq)=q-1.Consider the congruence group

$\left\{\begin{array}{c}x\≡g_p\mathrm{mod}p\\ x\≡g_q\mathrm{mod}q\end{array}\right.$

By Chinese remainder theorem, this equation group has unique solution a mod (pq), and this Xie Shiyi asks.Know easily that again a about the index of mould n=pq is

δ _n(a)＝δ _pq(a)＝[δ _p(gp)，δ _q(gq)]＝[p-1，q-1]＝λ(n)

In other words, a is at multiplicative group Z _n ³In rank be λ (n), further, a can be at Z _n ³Middle λ (n) the rank cyclic subgroup that generates, the individual generator of the φ of this subgroup (λ (n)) is Z _n ³In the individual rank of φ (λ (n)) be the element of λ (n).The theorem conclusion is set up.

Know Z by above theorem _n ³Scala media is that the element of λ (n) is not rare.Especially, when p=2p '+1, when q=2q '+1 is safe prime, φ (λ (n))=φ (2p ')-1, q '=(p '-1) (q '-1)=(p-1-1) (q-1) ≈ 4n, i.e. Z _n ³Scala media is the about n/4 of element of λ (n).

Theorem 2 must have integer k, and 0≤k≤t-1 satisfies (1) formula.

Proof is by d _tDefinition,

Thereby, must there be integer k to satisfy integer equation: d ₁+ d ₂+ ... + d _t=h (0)+kr, thereby by 0＜d _t＜r, 0＜h (0)=d＜r knows: 0≤k≤t-1 has the integer equation for this k

$\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_0^{d_t}=m_0^{d_1+d_2+\·\·\·+d_t}=m_0^{d+\mathrm{kr}}={\left(m_0^r\right)}^k{m}_0^d$

So, by m _0i, u ₀, v ₀Definition, have

$\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_{0i}\≡\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_0^{d_i}\≡{\left(m_0^r\right)}^k{m}_0^d\≡u_0^k{v}_0\mathrm{mod}n$

Promptly (1) formula is set up.

Generally speaking, threshold parameter n, t all be quite little (such as, n≤10), so by theorem 2 as seen, the integer k of seeking to satisfy (1) formula is not difficult, this programme is many a few apotype n power exponentiations, but avoided uppity continuously big multiplication of integers computing and to the expansion of ring Z λ (n), thereby be more effective.The correctness of scheme is guaranteed by theorem 3.

Introduce a lemma earlier:

Lemma 1 makes n, and the meaning above λ (n) keeps in the scheme is to any x ∈ Z _nAnd integer a, if b is a ≡ b mod λ (n), then x _a≡ x _bMod n.

3 pairs of theorems satisfy＜1〉formula integer k, order

$m=c^{-\mathrm{kr}}\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_i\mathrm{mod}n$

Then m is the plaintext with respect to ciphertext c.Wherein, mi, c, r keep the meaning in the above scheme.

Proof is by (1) and m _0i, v ₀, u ₀Definition,

$m_0^{d_1+d_2+\·\·\·+d_t}\≡\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_{0i}\≡u_0^k{v}_0\≡m_0^{\mathrm{rk}+d}\mathrm{mod}n$

Because the rank of m0 in Zn3 are λ (n), so have $\underset{i=1}{\overset{t}{\mathrm{\Σ}}}{d}_i=\mathrm{rk}+d\mathrm{mod}\mathrm{\λ}\left(0\right)$ Promptly

$d\≡\underset{i=1}{\overset{t}{\mathrm{\Σ}}}{d}_i-\mathrm{rk}\mathrm{mod}\mathrm{\λ}\left(n\right)$

Thereby, get by lemma 1

$c^{-\mathrm{kr}\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_i}=c^{-\mathrm{kr}}{c}^{d_1+d_2+\·\·\·+d_t=c^{\underset{i=1}{\overset{t}{\mathrm{\Σ}}}{d}_i-\mathrm{kr}}}\≡c^d\mathrm{mod}n$

Therefore, by the definition of m and the deciphering formula of RSA, $m=c^{-\mathrm{kr}}\underset{i=1}{\overset{t}{\mathrm{\Π}}}{m}_i\mathrm{mod}n=c^d\mathrm{mod}n$ It is ciphertext c corresponding plaintext.

The present invention mainly is on the level He on the algorithm existing structure to be improved compared with prior art, has incorporated authentication and has had the secret sharing scheme of thresholding, mainly contains following advantage:

(1) multi-level tolerance: the present invention adopts the Pyatyi structure, and except that the first order was preliminary defence, other level Four were the tolerant invading level.Each layer of computer system ecto-entad all has tolerant invading scheme, has more strengthened inbreak-tolerated degree.

(2) multi-faceted: the present invention realizes tolerant invading from four aspects such as authentication, operating system, data base administration, database.The different levels different aspect is carried out tolerant invading, thus more comprehensively, more reasonable.

(3) adopt better algorithm: the improvement project of thresholding digital signature system is applied in the tolerant invading of database, and this method is under the prerequisite that does not reduce fail safe, and is more more convenient than original algorithm, more feasible.

The present invention be in research and analysis after network intrusions behavior and the tolerance method, the Pyatyi intrusion tolerance system of " defence system+Proxy server (brief note is PS)+COST application servers group (Application Servers)+data management system (DBMS)+Database Intrusion tolerance " has been proposed.Simultaneously, the secret sharing scheme of using in the Database Intrusion tolerance has been adopted improvement project, set up the RSA signature system of a special shape, and by proving the strong collisionless and the one-way of employed Hash function, proved and worked as p, when q gets safe prime, this scheme has identical fail safe with original RSA signature scheme, because this scheme has been avoided calculating inverse element fully in any Algebraic Structure, thereby need not make any algebraic logic to ring ZU (n), more convenient in application, more effective.

Description of drawings

Fig. 1: the hierarchical tolerant invading structure based on thresholding is made of Pyatyi

Fig. 2: Pyatyi tolerant invading safe mode schematic diagram

Fig. 3: tolerant invading CA architecture

Embodiment

The first order: defence system: by hardware devices such as fire compartment walls, utilize and authorize, authentication, access control, safety measures such as encryption, the credible calculating of boundary Control can realize other safeguard protection of certain level.

The second level: Proxy server (brief note is PS): system centre is one or more PS, and one of them is called main PS, is responsible for filtering and purifies client's service request and effective client requests is passed to PS.PS handles client requests and the result is turned back to main PS, and main PS submits to the client through after judging with the result.Other PS helps out, and is called auxiliary PS.When main PS breaks down, one of them auxiliary PS will replace main PS and work on.

The third level: COST application server (Application Servers) group (brief note is AS): application servers group is made of a plurality of servers that have certain redundancy on function, and its major function is to provide application service for the client.These application servers run on different operating system platforms respectively, and all application servers all have identical functions, but the software of operation adopts the design of many version programs designing technique.This species diversity can stop the attack of a kind of attack strategies to main system and all standby systems effectively.The number of application server depends on the requirement of systematic function height.

The fourth stage: data base management system (DBMS) group: adopt several data base management system storage data such as Orical, DB2, SQL Server, SYBASE.Because the assailant can not be familiar with all DBMS, a kind of evil is attacked often only effective to a kind of DBMS, therefore confidential data is left in and can prevent effectively among the dissimilar DBMS that malicious attack from damaging database.

Level V: database: the tolerant invading technology is mainly considered the survival ability of system under the situation that invasion exists, and guarantees the fail safe and the robustness of system core function.In Database Intrusion tolerance, use to secret sharing scheme adopted improvement project, set up the RSA signature system of a special shape, work as p, when q gets safe prime, this scheme has identical fail safe with original RSA signature scheme, because need not make any algebraic logic, calculate easy, thereby convenient effective to ring ZU (n).

Present design has adopted multiple tolerant invading way, has avoided the defence tolerance leak because of using a kind of tolerant invading method to occur; The overall thinking tolerant invading scheme all is improved the tolerant invading ability and the fail safe of whole system; Adopt hierarchical tolerant invading scheme to make and attack the difficulty increasing, system more is difficult under attack.Every grade tolerance scheme also has nothing in common with each other, and can more fully resist attack, and the assurance system still can normally provide service under the situation that invasion exists.Particularly, adopt secret share method, the fail safe that has improved system greatly at the second level and level V.Therefore this programme is the rational and effective design.

Claims (3)

1, intrusion tolerance system is after a system suffers illegal invasion, the protection safety measure of system was all lost efficacy, the influence that perhaps can not get rid of invasion fully and caused, when perhaps some assembly of system suffers assailant's destruction, intrusion tolerance system is autodiagnosis, recovery and reconstruct in time, and can provide the required whole or service of demoting for validated user.Do as a whole; system is after suffering certain invasion; application server (or server group) not only needs to resist some attacks and finds intrusion behavior; more crucial is; can under under attack or invaded situation, still can provide its set service, the degradation service is provided in the time of necessary; and keep certain safe lowest limit, the secret and the integrality of data on the protection server.

2,, designed a kind of hierarchical tolerant invading scheme based on thresholding based on the described intrusion tolerance system of claim 1.This programme adopts the Pyatyi intrusion tolerance system of " defence system+Proxy server (brief note is PS)+COST application servers group (Application Servers)+data base management system (DBMS) group+Database Intrusion tolerance ".Adopt hierarchical tolerant invading scheme to make and attack the difficulty increasing, system has more anti-aggressive.Ask for protection the Pyatyi tolerant invading scheme.

3, intrusion tolerance system as claimed in claim 1, in the Database Intrusion tolerance, adopt the secret improvement project of sharing method, set up the RSA signature system of a special shape, work as p, when q got safe prime, this scheme had identical fail safe with original RSA signature scheme, because need not make any algebraic logic to ring ZU (n), calculate easy, thereby convenient effectively.Ask for protection the RSA signature system that improves secret sharing scheme.

Images