Network Randomization Protocol: A Proactive Pseudo-Random Generator

A major security threat to any security solutions based on a centralized server is the possibility of an adversary gaining access to and taking control of the server The adversary may then learn secrets cor rupt data or send erroneous messages In practice such an adversary may be more prevalent than one would like to admit It may be a malicious hacker a virus in an application program or an unscrupulous system administrator Proactive security is a novel approach to the server security problem It uses the distribution of data and control to multiple servers and periodic refreshes be tween servers By distributing data and control one or more servers may be compromised without com promising the system Periodic refreshes between servers allow a compromised server to recover af ter the attacker leaves thereby contributing to the system security A fraction in some cases all of the servers must be compromised simultaneously in order to compromise the system This paper describes the Network Randomization Protocol NRP a proactive protocol for gener ating cryptographically secure pseudo random num bers The protocol is designed for operation in the Internet and includes defenses against clogging at tacks Issues related to the design and implementa tion of the protocol are discussed As virtually no cryptographic task is possi ble without a source of randomness or pseudo randomness NRP is an important basic building block for many cryptographic functions Further more it serves to illustrate the main ideas and intu itions of proactive security