• DocumentCode
    2415685
  • Title

    Making secure TCP connections resistant to server failures

  • Author

    Wu, Hailin ; Burt, Andrew ; Thurimella, Ramki

  • Author_Institution
    Dept. of Comput. Sci., Denver Univ., CO, USA
  • fYear
    2003
  • fDate
    8-12 Dec. 2003
  • Firstpage
    197
  • Lastpage
    206
  • Abstract
    Methods are presented to increase resiliency to server failures by migrating long running, secure TCP-based connections to backup servers, thus mitigating damage from servers disabled by attacks or accidental failures. The failover mechanism described is completely transparent to the client. Using these techniques, simple, practical systems can be built that can be retrofitted into the existing infrastructure, i.e. without requiring changes either to the TCP/IP protocol, or to the client system. The end result is a drop-in method of adding significant robustness to secure network connections such as those using the secure shell protocol (SSH). As there is a large installed universe of TCP-based user agent software, it will be some time before widespread adoption takes place of other approaches designed to withstand these kind of service failures; our methods provide an immediate way to enhance reliability, and thus resistance to attack, without having to wait for clients to upgrade software at their end. The practical viability of our approach is demonstrated by providing details of a system we have built that satisfies these requirements.
  • Keywords
    client-server systems; system recovery; telecommunication security; transport protocols; TCP/IP protocol; backup server; secure TCP connection; secure shell protocol; server failure; user agent software; Application software; Computer crashes; Computer science; Cryptography; Immune system; Network servers; Protocols; Public key; Robustness; TCPIP;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2003. Proceedings. 19th Annual
  • Print_ISBN
    0-7695-2041-3
  • Type

    conf

  • DOI
    10.1109/CSAC.2003.1254325
  • Filename
    1254325