VPSS: a verifiable proactive secret sharing scheme in distributed systems

With the increase in the Internet usage and the load on the servers, replication is used as a standard approach for improving availability of an online service. However, replication of a secret increases vulnerability, so replication must be used in a strategic way if both security and dependability need to be addressed simultaneously. In this paper we propose a verifiable and proactive secret sharing framework in which the secret of the distributed system is sampled and the samples, called shares are scattered in the cluster and refreshed proactively in a periodic manner. In this approach, the secret is never transferred over the network and is never reconstructed at a replicated site. Our scheme increases the number of servers the adversary has to compromise in order to discover the secret, thereby hardening security. We present various algorithms to distribute, refresh, recover and reconstruct the secret in an asynchronous environment. As a proof of concept the framework has been simulated using Opnet and preliminary results are reported.