OMT: A DYNAMIC AUTHENTICATED DATA STRUCTURE FOR SECURITY KERNELS

We introduce a family of authenticated data structures — Ordered Merkle Trees (OMT) — and illustrate their utility in security kernels for a wide variety of sub-systems. Specifically, the utility of two types of OMTs: a) the index ordered merkle tree (IOMT) and b) the range ordered merkle tree (ROMT), are investigated for their suitability in security kernels for various sub-systems of Border Gateway Protocol (BGP), the Internet’s inter-autonomous system routing infrastructure. We outline simple generic security kernel functions to maintain OMTs, and sub-system specific security kernel functionality for BGP subsystems (like registries, autonomous system owners, and BGP speakers/routers), that take advantage of OMTs.

[1]  Yakov Rekhter,et al.  Application of the Border Gateway Protocol in the Internet , 1991, RFC.

[2]  Amit Saini,et al.  Authenticated Data Structures for Graph and Geometric Searching , 2014 .

[3]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[6]  Peeter Laud,et al.  Accountable certificate management using undeniable attestations , 2000, CCS.

[7]  Sergey Bratus,et al.  TOCTOU, Traps, and Trusted Computing , 2008, TRUST.

[8]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[10]  Evan R. Sparks A Security Assessment of Trusted Platform Modules Computer Science Technical Report TR2007-597 , 2007 .

[11]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[12]  Michael Gertz,et al.  A General Model for Authentic Data Publication , 2001 .

[13]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[14]  櫻井 幸一,et al.  IEEE Symposium on Security and Privacy 2014 参加報告 , 2012 .

[15]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.