| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Dependable Worm Signature Generation System Based on Threshold Signature |
| Authors | XIANG Ji GAO Neng JING Ji-Wu |
| Address | (State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049) |
| Year | 2009 |
| Issue | No.5(930¡ª939) |
| Abstract & Background | Abstract Worm Signature Generation System (WSGS) is a new sort of security systems that generate and disseminate worm signatures by deploying many monitors at different sites of the Internet. The signatures can be used by firewalls or content filters to contain the spread of worms. While it is a promising technology to combat with Internet worms, WSGS has some serious security problems. When one or a few system components are compromised and controlled by attackers, they may conceal, modify or forge worm signatures, thus make the signatures generated by WSGS undependable. Motivated by the security challenges of existing systems, this paper presents a dependable WSGS based on threshold signature technology, which generates verifiable worm signatures through digital signature, so that any parties receive the signatures can verify their correctness. Furthermore, to avoid single point of failure and provide highly attack resilient, it applied an improved two-tier threshold signature scheme to generate digital signatures. Security analysis shows that the system can tolerant various attacks to a few components.
Keywords worm signature generation system; single point of failure; digital signature; threshold signature Background This paper is based on the research results of two projects, ¡°Cross-Domain Authentication and Authorization Technology and System¡±, which is supported by the National High Technology Research and Development Program (863 Program) of China; and ¡°Large Scale Worm Simulation Platform¡±, which is supported by National Natural Science Foundation of China. After systematically researches on worm detection and prevention technologies, the authors found that worm signature generation technology and system is a active area, and there are some mature algorithms and architectures for worm signature generation and distribution. And they also found that existing systems have the same problem: single point of failure. The problem means that If one or a few nodes of the system are controlled by hackers, the system may generated fake or non-dependable worm signature. To solve the problem, the authors modify the architectures and protocols of existing systems based on threshold signature, and design/implement a dependable worm signature generation system more suitable for Internet deployment. |