Reliability Analysis for Cryptographic Key Management

Transcription

1 Reliabiliy Analysis for Crypographic Key Managemen 1 Sheng Xiao, 2 Weibo Gong, 3 Don Towsley, 4, 5 Qingquan Zhang, 5 Ting Zhu 1 College of Informaion Science and Engineering, Hunan Universiy, China 2 Dep. Elecrical and Compuer Engineering, Universiy of Massachuses, Amhers, U.S.A. 3 Dep. Compuer Science, Universiy of Massachuses, Amhers, U.S.A. 4 Dep. Elecrical and Compuer Engineering, Universiy of Minnesoa, Twin Ciies, U.S.A. 5 Dep. Compuer Science, Sae Universiy of New York, Binghampon, U.S.A. Absrac The main duy of key managemen is o keep crypographic keys in secre. However, i is difficuly o quaniaively assess ha how well does a key managemen scheme proec he keys. In his paper, we propose o use reliabiliy heory, which was mainly used o evaluae performance persisence for engineering sysems, o esimae he performance of key managemen schemes. The reliabiliy analysis leads o couner-inuiive resuls such as he widely deployed periodic key updae scheme is ineffecive when key hefs are possible. The analysis also shows ha using password wih an elecronic securiy oken for auhenicaion is a srong securiy measure in he beginning bu is unreliable in he long run. In general, he reliabiliy analysis demonsraes ha curren key managemen schemes focus oo much on posponing he firs key hef from occurring bu lack of consideraions on quickly recovering solen keys. In he laer par of his paper, we discuss possible direcions ha may improve he reliabiliy of key managemen schemes. I. INTRODUCTION Safey of crypographic keys is a premise of informaion securiy. If adversary knows he key, even he sronges crypographic algorihms would no work. Consequenly, almos all he securiy funcions, such as auhenicaion and encrypion, would sop working. In informaion securiy sysems, key managemen schemes are designed and implemen o proec key safey. Therefore, in order o examine he level of informaion securiy, i is necessary o assess he proecion performance of key managemen schemes. There are convenional, qualiaive beliefs on he performance of key managemen schemes. For example, i is ofen advocaed ha users should change heir accoun passwords once every hree monhs. I is believed ha his securiy policy could effecively miigae he securiy hreas from password hefs. However, here is lile previous sudy ha ells us why hree monhs is an appropriae password updae period or how much safer he passwords would be afer his securiy policy had been applied. In his paper, we propose o model key safey as a reliabiliy engineering problem and apply measures from reliabiliy engineering heory as performance measures for key managemen schemes. We rea key hefs as sysem failures and key updaes as he mainenance effors ha can recover a failed sysem. The engineering reliabiliy measures, such as availabiliy, mean ime o recover, ec, are mapped ino securiy conexs. We analyze several key managemen schemes wih hese securiy reliabiliy measures. Noably, our analysis demonsraes ha he periodic key updae scheme, e.g. change password once every hree monhs, is inherenly inefficien. This finding coincides wih empirical sudies such as [1] and [2]. The analysis also shows ha by using password ogeher wih an elecronic securiy oken or a porable digial cerificae, a.k.a. wo-facor auhenicaion, he rusworhiness of auhenicaion can be improved. However, such a combinaion ends o be unreliable in he long erm. We exends reliabiliy analysis o a caegory of key managemen schemes, namely k-ou-of-n keyed sysems. Wih homogeneiy condiions, we find analyic form for he average ime ha he sysem remains in securiy. This resul furher validaes he feasibiliy of using reliabiliy analysis o evaluae key managemen performances. Afer case analyses, we summarize ha convenional key managemen designs end o focus on prevening keys from being seized by adversary and neglec he imporance of quickly replacing solen keys. A reliable key managemen scheme should ake boh aspecs ino consideraion. The main conribuions of his paper are: We model key safey problem as a reliabiliy engineering problem and ranslae reliabiliy measures o key safey measures. We analyze periodic key updae scheme and wo-facor auhenicaion scheme using reliabiliy analysis. The resuls reveal inheren weaknesses in hese wo schemes. We apply reliabiliy analysis mehods on k-ou-of-n keyed sysems and find analyic soluion o he mean ime o firs sysem failure for his ype of informaion securiy sysems. We discuss possible ways of improving reliabiliy for key managemen schemes. The res of his paper is organized as follows: Secion II presens previous sudies ha moivae and suppor our research in his paper. Secion III formulaes key safey problem from a reliabiliy engineering perspecive and discusses he securiy meanings of sysem failure rae and mainenance schedules. Secion IV presens reliabiliy analysis for periodic key updae schemes. Secion V analyzes wo-facor auhenicaion schemes which are widely used in applicaions ha /14/$ IEEE 999

2 require srong auhenicaion. Secion VI demonsraes he analyic power of reliabiliy analysis by solving he mean ime o firs sysem failure for k-ou-of-n keyed sysems. Secion VII suggess reliabiliy improvemens over curren key managemen schemes. Secion VIII concludes he paper. II. RELATED WORK A. Reliabiliy and Securiy Reliabiliy heory has been inroduced ino sofware securiy research. A series of works such as [3] and [4] rea sofware as an engineering sysem and propose o use reliabiliy measures as he securiy performance merics. A sofware sysem may be inruded and pached many imes in is life span. Models for such sofware sysems are collecively named as inrusion oleran sysems. There is a line of research ha uses sae ransiion model and sochasic process as ool o analyze he inrusion olerance of sofware sysems such as [5]. Reliabiliy and securiy are ofen invesigaed as wo independen properies in oher informaion securiy domains. The wo conceps rarely inervene wih each oher, parly because reliabiliy is more abou he long erm average and securiy is ypically viewed as an insananeous propery. To our knowledge, his paper is an early aemp o apply reliabiliy analysis on key managemen securiy. B. Key Srengh vs. Key Safey Previous works on quanifying he safey level of a crypographic key are largely associaed wih he key srengh, or more precisely, he informaion enropy conained in he key. This measure accuraely reflecs he difficuly level for an adversary o obain he key when he adversary is limied by only using brue-force search aacks. However, key srengh is inadequae o characerize key safey in general. Key enropy is less useful when adversary aemps o crack encrypion algorihms ha uilize he key. In his case, he key would be safer if less daa are encryped by he same key value [6]. When we consider sysem inrusions ha allow adversary o seize he key, he level of inrusion resisance deermines he key safey and leaves key enropy irrelevan [7]. In his paper, we argue ha reliabiliy measures could be more comprehensive in characerizing key safey from a ime series saisical perspecive. III. RELIABILITY ANALYSIS AND KEY SAFETY MODEL In his secion, we propose a reliabiliy engineering model for key safey and assign securiy meanings o reliabiliy conceps. We exensively discuss wo criical reliabiliy conceps in his model: failure disribuion and mainenance schedule. A. Reliabiliy Analysis Terminologies We use a mechanic sysem wih only one componen as he example o inroduce reliabiliy engineering conceps. The componen in his sysem is eiher properly working or malfuncioning. A malfuncioned componen, i.e. a failed componen, can be repaired and reurn o work. Over ime, he componen s failures and repairs can be modeled by an ON-OFF process X(). X() = { 1, if sysem is working, if sysem is failed. (1) The firs reliabiliy engineering meric o be inroduced is Mean Time To Failure (MTTF). MTTF is he expeced ime ha he sysem can keep working before a failure occurs. Le N f (T ) denoe he number of failures in [,T]. MTTF can be expressed as T MTTF = lim T X()d. (2) N f (T ) Similarly, we have Mean Time To Recover (MTTR), he average ime i akes o recover he sysem from a failure. MTTF is defined as MTTR = lim T T (1 X())d. (3) N f (T ) Average availabiliy is anoher widely used meric. I characerizes he fracion of ime ha he sysem funcions properly over he oal sysem running ime. The average availabiliy is defined by inegraing X() over ime, and hen aking he limi as ime goes o infiniy, T A avg = lim X()d. (4) T T I can also be derived from MTTF and MTTR. MTTF A avg = (5) MTTF + MTTR In he key safey conex, MTTF characerizes he average ime ha a crypographic key remains unknown o adversary afer is issuance. MTTF is collecively decided by he inensiy of key sealing aacks and he srengh of proecion mechanisms deployed in key generaion, key disribuion, and sorage. MTTR defines he average ime gap beween a key being solen and he key being replaced wih a new key. MTTR is highly criical for key safey bu ofen overlooked in convenional key managemen schemes. MTTR defines he ime window ha a key-sealing adversary can aack wih he solen key. A shor MTTR means less ime o exploi he solen key and less incenive for an adversary o seal he key. Average availabiliy is a useful performance indicaor ha demonsraes he persisence of key safey by combining MTTF and MTTR. There is anoher imporan reliabiliy meric, Mean Time o Firs Sysem Failure (MTFSF), which is he average running ime from he ime a sysem sars working o is firs ever failure. In his paper, we would demonsraes ha convenional key managemen schemes focus on opimizing MTFSF insead of MTTF and MTTR. B. Key Safey Model We model he key safey saus over ime as an ON-OFF process ha coincides wih he process used o characerize he mechanic sysem above. As shown in Figure 1, an ON-OFF process X() represens he key safey over ime. X() =1denoes ha he key is safe 1

3 a ime. X() =means an adversary knows he key. The sae ransiion from ON (X() =1) o OFF (X() =) corresponds o a key hef. If a key updae occurs a ime and X() =, he process would have a sae ransiion from X() =o X() =1. 1 X() key hefs key updaes o verify he legiimacy of Inerne websies. Digial cerificaes use he periodic key updae scheme as well. Afer a period of ime, ypically a couple of years, he public key signaure for a digial cerificae would expire and he cerificae owner needs o renew his digial cerificae. We model he key safey over ime as an ON-OFF process, as shown in Figure 2. X() key hefs key updaes 1 ON OFF Fig. 1. An ON-OFF process model for key safey saus over ime. In his paper, we use key hef o represen even ha adversary obains he key, regardless of he key-obaining mehods used by he adversary. C. Failure Disribuions of Key Thefs In engineering sysems, he occurrence rae of failures is criical o characerized he sysem reliabiliy. Over he ime, if he failure rae increases, i.e. Increased Failure Rae (IFR), he sysem becomes less reliable in he long run. If he failure rae decreases, i.e. Decreased Failure Rae (DFR), he sysem gains reliabiliy over ime. The hird case is Consan Failure Rae (CFR). In he key safey conex, IFR shows ha he key managemen is loose and adversary gain advanage by accumulaing experience from previous key hefs. The fuure key hefs become easier for he adversary. DFR means he key managemen is igh and he informaion securiy sysem operaor paches key hef vulnerabiliies ahead of adversary s aacks. The sysem becomes more and more resilien o key hef aacks over ime. DFR is hard o achieve in realiy. Frequen paching is no necessarily a meri for informaion securiy because he added complexiy may implan unforeseeable vulnerabiliies when paching known issues. CFR corresponds o he simples failure disribuions. In engineering sysems, i means ha a new componen has he same expeced life span as he res life span of a currenly working componen. CFR suggess ha he failures occurrences compose a homogeneous Poisson process. This paper, as a preliminary work o bridge reliabiliy heory and crypographic key managemen, would assume ha key hefs occur a CFR. The sequence of key hefs is modeled by a ime invarian homogeneous Poisson process. D. Mainenance Schedule and Key Managemen Scheme The mechanic sysem may have a mainenance schedule ha replace he criical componen from ime o ime. In key managemen, he crypographic key is also regularly updaed. The reliabiliy analysis for mainenance scheduling opimizaion can be used as a guide o he design of key managemen schemes. IV. ANALYSIS FOR PERIODIC KEY UPDATES Periodic key updae scheme is commonly used in pracice. A noable example is he IT sysem securiy policy ha requires he users o change heir login passwords once every hree monhs. Anoher example is he digial cerificaes used T Fig. 2. An ON-OFF process model for he reliabiliy of he periodic key updae scheme The key updae period is denoed as T. In pracice, he value of T is ofen much smaller han he average ime beween wo successive key hef evens, 1/λ. We assume a mos one key hef occurs beween wo successive key updaes. MTTR of periodic key updae scheme can be calculaed by exploiing he memoryless propery of he exponenial disribuion [8]. MTTR P = kt (k 1)T (kt )λe λ d k=1 T = 1 e λt T 1 λ I follows from equaion (6) ha MTTR P is lower bounded by MTTR P > T (7) 2 for all T>and 1/λ >. Inequaliy (7) demonsraes fundamenal inefficiency of he periodic key updae scheme. The average ime o recover a solen key is always greaer han half of he key updae period. If we expec a solen crypographic key o be replaced wihin 24 hours, hen he key updae period T has o be less han 48 hours. Such a relenless key updae scheme is impracical for mos real world applicaions. On he oher hand, if T is a large, pracical value, such as T =3monhs, hen he adversary will have more han one monh o aack wih he solen key. The periodic key updae fails is purpose o promply replace he solen key. We furher examine he average availabiliy of a crypographic key wih he periodic key updae scheme, 1/λ A avg,p = = 1 1/λ + MTTR P λt (1 e λt ), (8) which represens he porion of ime ha he key is safe in a long erm. Consider an example of a hree-monh periodic password updae scheme for a user s online accoun. Suppose on average adversary needs one year o compue and crack he user s password, i.e. 1/λ = 12 monhs. The average availabiliy is less han.9. This user would expec his online accoun (6) 11

4 o be unproeced for more han a monh in a year. Even if srong password proecion echniques are applied and he password only leaked o adversary once every 1 years, he average availabiliy is sill less han.99. Users would expec averagely more han 3 days of securiy blackou each year. I is imperceivable ha any securiy sensiive ask could be performed wih his low level of reliabiliy of key safey. Pracical siuaions is worse han he above esimaion. The average enropy conained in online passwords is much less han he searching power of curren password cracking machines [9]. The ypical average ime o crack a password is on he range of minues insead of a year. Figure 3 plos he average availabiliy of he periodic key updae scheme wih various T and 1/λ. Average Availabiliy / = 1 year 1/ = 1 years V. ANALYSIS FOR TWO-FACTOR AUTHENTICATION In pracice, people also find ha he password alone is no sufficienly rusworhy o safeguard securiy sensiive accouns. Therefore, wo-facor auhenicaion schemes are proposed o provide sronger auhenicaion. The wo-facor auhenicaion scheme requires he user o submi he password and one addiional credenial, such as an elecronic securiy oken, ogeher as he proof of ideniy. An elecronic securiy oken is a porable hardware ha has been programmed o display a pseudo random code ha changes every 3 seconds. The pseudo random codes are generaed from a seed value. The auhenicaion server sores he seed value herefore i can verify if he submied pseudo code is from he user s oken by synchronously generaing he same pseudo random code. When a user aemps o login, he submis his password ogeher wih he pseudo random code displayed on his oken. The password-oken auhenicaion scheme can be characerized by a wo-componen reliabiliy model, shown as Figure 4. The password and he elecronic securiy oken are wo componens in he sysem. The auhenicaion scheme fails when boh componens fail, i.e. adversary obains boh he password and he pseudo random code (or he seed value) securiy oken 3 monhs 1 year 3 years key updae period T password Fig. 3. Average availabiliy of he periodic key updae scheme for 1/λ =1 year and 1/λ =1years. Typical key updae periods are noed on X-axis. 3 monhs corresponds o he regular web password updaes. 1 year is he ypical expiraion period for a personal digial cerificae. 3 years is he life span of he roo cerificae used by Inerne cerificae auhoriies. Consider he he digial cerificae sysem used in he Inerne. There are hundreds of roo cerificaes sored in our Inerne browsers. These roo cerificaes are he roos of he rus hierarchy in he Inerne. If adversary obains any of hese keys, he can creae fake websies ha mimic legiimae sies such as Our Inerne browser would no be able o disinguish he fake websie wih he auhenic sie. The privae keys of hese roo cerificaes are sored in op level CA companies and proeced wih exreme cauion. The roo cerificaes are updaed very infrequenly, ypically once a decade or longer. From Figure 3, we can esimae he safey requiremen for he privae keys of he Inerne roo cerificaes. The higher posiioned curve suggess ha if any adversary can obain a roo privae key in 1 years, our curren Inerne digial cerificae sysem will no be dependable because he average availabiliy of he roo cerificaes, i.e. he porion of ime ha a roo cerificae is rusworhy, is below.4. The op ier cerificae auhoriy (CA) needs o guaranee ha he key hef rae o be less han once every hundred years o provide a reasonable average availabiliy for he Inerne digial cerificae sysem. Such an assumpion may no be close o realiy [1]. Fig. 4. The combinaion of elecronic securiy oken and password improves he auhenicaion srengh. The password and he oken have disincive reliabiliy properies. The password is suscepible o various passwordsealing aacks. The failure rae of he password componen could be subsanial in pracice. On he oher hand, he password can be periodically updaed a an affordable cos. A password hef will no cause he permanen failure of he password componen. The oken has a low failure rae because i is hard o know he dynamically changing pseudo code when adversary aemps o login. I is exremely difficul o penerae he heavily proeced auhenicaion server o obain he seed value. On he oher hand, updaing he seed value would require reprogramming he oken hardware. Such an updae is complex and expensive. As a resul, he seed value almos never changes in pracice. If an adversary obains he seed value, he oken may remain in he failed sae for a long period of ime. We apply he ON-OFF modeling echnique o characerize he password-securiy oken auhenicaion scheme, as shown in Figure 5. The ON-OFF process for he auhenicaion scheme is he superposiion of he ON-OFF processes of he wo componens. In he ime period before he elecronic securiy oken componen fails, he auhenicaion oucome is always rusworhy regardless of he password safey saus. Afer he failure of he oken componen, he safey of password componen would deermine he reliabiliy of he auhenicaion oucome. If he 12

5 secre solen secre solen wo facors one facor unrusworhy securiy oken password auhenicaion Fig. 5. ON-OFF process model for he wo-facor auhenicaion scheme using securiy oken and password. failure rae of he oken componen is no zero, i.e. i will fail a some ime poin, MTTF, MTTR, and average availabiliy of he wo-facor auhenicaion scheme will be he same as hose of he password only auhenicaion scheme. For he password-oken auhenicaion scheme, is MTFSF is he average ime lengh before he firs ime boh he oken and he password fail. Because i is much harder o compromise he elecronic securiy oken han he password, we have and herefore MTFSF oken MTFSF password (9) MTFSF oken password MTFSF oken. (1) The MTFSF of password-oken auhenicaion is close o ha of securiy oken only auhenicaion. The password-oken scheme is designed in he hope ha he oken never fail. If he oken failed, he sysem would run on password-only auhenicaion for a long ime, which is unaccepable for securiy-sensiive sysems. However, we do observe failures of elecronic securiy okens occurs in pracice. One prominen inciden is he seed value hef and algorihm cracking of RSA s SecureID TM which is deployed in sensiive places such as he Penagon and Lockheed Marin Company. The seed value of SecureID TM was found o be leaked o adversarial groups in May, 212 [11]. Laer, is pseudo codes generaion algorihm was also repored cracked [12]. In pracice, he MTFSF of he elecronic oken-password auhenicaion scheme may be much lower han is design expecaion. VI. ANALYSIS FOR K-OUT-OF-N KEYED SYSTEMS Pracical informaion securiy sysems ofen make a combined use of muliple, independenly managed keys. A ypical example of muli-key securiy scenarios is he use of access keys for highly classified informaion, such as plans for miliary missions. There are several keys ha handled by differen deparmens or individuals. Only when all of hese keys presen ogeher, he informaion becomes accessible. Anoher example is he access keys for a muli-user daabase. For users convenience, he daabase adminisraor may allow each user o access he enire daabase wih his/her individual key. Any of users keys can be used o pass he securiy check of his daabase sysem. The wo examples demonsrae wo possible advanages of using muliple keys over using a single key. One possible advanage of using muliple keys is ha he risk of all keys are obained by adversary is much smaller han using a single key. Anoher possible advanage is ha he access o one ou of many viable keys is subsanially more convenien han o find one paricular key. We call he prior example as he n- ou-of-n keyed sysem, and he laer example as he 1-ou-of-n keyed sysem. Each of he wo examples has is own pifall. The n-ou-ofn sysem is associaed wih a high managemen cos because if any of he n keys is los or damaged, e.g. is sorage device is malfuncioned, he enire sysem would be in panic. The 1-ouof-n sysem is associaed wih high securiy risk because if any of he n keys is solen, he sysem securiy is compromised. Therefore, i is possible o design k-ou-of-n sysems for 1 <k<nha balance he securiy risk and he managemen cos. In his secion, we apply reliabiliy analysis o general k-ou-of-n sysems and calculae heir MTFSF. The analysis would reveal he ime expecaions for hese sysems o remain in securiy since hey begin o work. To simplify he analysis, we assume ha key hefs o differen keys are independen evens. For each key, he sequence of key hef evens is modeled as a homogeneous Poisson process wih rae λ. All he n keys are never updaed. The MTFSF of a k-ou-of-n keyed sysem is he ime expecaion of is firs sysem failure, which occurs when an adversary seals k keys. Suppose he adversary obains he k- h solen key a ime T. Before ime T, exacly k 1 keys are solen. The k-h key is solen a he small ime period [T Δ, T ). The probabiliy densiy funcion for T is ( ) n p T () =k (1 e k λ ) k 1 e λ(n k) λd. (11) MTFSF of a k-ou-of-n sysem is he expecaion of T on he ime range [, ), E[T ]= = p T ()d (12) The analyic form of E[T ] can be expressed in Euler Gamma funcion Γ(n) and is logarihm derivaive Ψ(n), where Γ(n) = e n 1 d (13) and Ψ(n) d ln Γ(n). (14) dn Equaion (13) exends he facorial definiion of Gamma funcion ino complex number domain. I is sraighforward o verify ha Γ(n) =(n 1)! for n =1, 2,. We would like o menion ha here are many previous sudies on k-ou-of-n keyed securiy framework such as [13]. The analysis here no only demonsraes he feasibiliy of using 13

6 reliabiliy analysis o quanify securiy levels, bu also echoes and suppors previous sudies. For 1 <k<n, equaion (12) can be inerpreed as E[T ]= n n k (Ψ(n) Ψ(n k)) 1 λ. (15) By normalizing 1/λ =1,wehaveE[T ] for various n and k ploed in Figure 6. auhenicaion schemes. The analysis no only validaes he feasibiliy of using reliabiliy analysis on key managemen schemes, bu also sugges he necessiy of including reliabiliy requiremens in key managemen scheme designs. ACKNOWLEDGMENT This work is suppored in par by Naional Science Foundaion of China (Gran No ), Unied Saes Naional Science Foundaion gran CNS , and Hunan Universiy Young Faculy Fund Award. REFERENCES Fig. 6. VII. MTFSF for k-ou-of-n keyed sysems for various n and k REQUIREMENTS FOR RELIABLE KEY MANAGEMENT According o he analysis in previous secions, many exising key managemen schemes emphasize he criical mission of prevening crypographic keys from being solen and overlooks he imporance of long erm persisence of key safey. New key proecion echniques are developed o reduce he key hef rae and prolong MTFSF. However, a reliable key managemen scheme also needs o cover MTTR. A shor MTTR is essenial o limi damage caused by key hefs. Moreover, shorening MTTR can effecively lower he incenive for adversary o seal he key, and herefore indirecly reduce he key hef rae. As a summary, a reliable key managemen scheme should saisfy he following requiremens: 1) I has key proecion echniques ha can effecively limi key hef rae λ. 2) I has smar key managemen scheduling ha can quickly recover solen key and shoren MTTR. 3) Under pracical condiions, is MTFSF, MTTF, MTTR, and average availabiliy mee he users expecaion for key safey. The research on reducing key hef rae and increasing MTFSF is sill advancing each day [14][15]. On he oher side, i is wide open o explore for mehods ha can effecively decrease MTTR for various informaion securiy sysems [16][17][18][19]. VIII. CONCLUSION In his paper, we proposed a reliabiliy model o assess key safey under various key managemen schemes. Based on his model, our analysis explains why changing password every hree monhs is no an effecive securiy policy and reveals he facors associaed wih he rusworhiness of wo-facor [1] D. Florencio and C. Herley, A large-scale sudy of web password habis, in Proceedings of WWW 7, pp [2] C. Herley, So long, and no hanks for he exernaliies: he raional rejecion of securiy advice by users, in Proceedings of he 29 workshop on New securiy paradigms workshop, pp [3] B. Madan, K. Gogeva-Popsojanova, K. Vaidyanahan, and K. Trivedi, Modeling and quanificaion of securiy aribues of sofware sysems, in Proceedings of DSN 22, 22, pp [4] S. Chandra, R. A. Khan, K. Kaur, and H. Singh, Availabiliy sae ransiion model, ACM SIGSOFT Sofware Engineering Noes, vol. 36, no. 3, pp. 1 3, 211. [5] T. Uemura, T. Dohi, and N. Kaio, Availabiliy analysis of an inrusion oleran disribued server sysem wih prevenive mainenance, Reliabiliy, IEEE Transacions on, vol. 59, no. 1, pp , 21. [6] A. Biau, M. Handley, and J. Lackey, The final nail in wep s coffin, in Securiy and Privacy, 26 IEEE Symposium on, pp [7] J. Lin, J. Jing, and P. Liu, Evaluaing inrusion-oleran cerificaion auhoriy sysems, Qualiy and Reliabiliy Engineering Inernaional, vol. 28, no. 8, pp , 212. [8] S. Xiao, W. Gong, and D. Towsley, Secure wireless communicaion wih dynamic secres, in INFOCOM, 21 Proceedings IEEE, pp [9] P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Chrisin, L. F. Cranor, and J. Lopez, Guess again (and again and again): Measuring password srengh by simulaing password-cracking algorihms, in Securiy and Privacy (SP), 212 IEEE Symposium on, pp [1] N. Leavi, Inerne securiy under aack: The undermining of digial cerificaes, Compuer, vol. 44, no. 12, pp. 17 2, 211. [11] R. Koch, B. Sele, and M. Golling, Aack rends in presen compuer neworks, in Proceedings of CYCON 212, pp [12] R. Bardou, R. Focardi, Y. Kawamoo, L. Simionao, G. Seel, and J.-K. Tsay, Efficien padding oracle aacks on crypographic hardware, in Advances in Crypology, CRYPTO 212, vol. 7417, pp [13] K. Benne, C. Grohoff, T. Horozov, and I. Parascu, Efficien sharing of encryped daa, in Informaion Securiy and Privacy. Springer, 22, pp [14] T. Zhu and M. Yu, A dynamic secure qos rouing proocol for wireless ad hoc neworks, in Sarnoff Symposium, 26 IEEE, pp [15], Nis2-4: A secure qualiy of service rouing proocol for wireless ad hoc neworks, in GLOBECOM 6. IEEE, pp [16] S. Xiao, H. Pishro-Nik, and W. Gong, Dense pariy check based secrecy sharing in wireless communicaions, in Proceedings of IEEE Globecom 7, pp [17] S. Xiao and W. Gong, Mobiliy can help: Proec user ideniy wih dynamic credenial, in Mobile Daa Managemen (MDM), 21 Elevenh Inernaional Conference on, pp [18] S. Xiao, W. Gong, and D. Towsley, From uncerainy o secrecy: A dynamic approach, in Signals, Sysems and Compuers (ASILOMAR) Conference. IEEE, 21, pp [19] T. Zhu, S. Xiao, Y. Ping, D. Towsley, and W. Gong, A secure energy rouing mechanism for sharing renewable energy in smar microgrid, in Smar Grid Communicaions (SmarGridComm), 211 IEEE Inernaional Conference on, pp