Security alerting system with dynamic buffer size adaption
First Claim
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, comprising:
- obtaining, by at least one processing device, said alert message from said Security Alerting System;
authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner;
storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and
detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
7 Assignments
0 Petitions
Accused Products
Abstract
A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server; storing the authenticated alert message in a buffer; transmitting the buffer to the server; and detecting a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein the cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that the messages are inserted in the buffer and wherein the cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that the buffers are transmitted over a network.
12 Citations
20 Claims
-
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, comprising:
-
obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
2. The method of claim 1, wherein said authenticating step further comprises the step of encrypting said alert message.
-
3. The method of claim 1, wherein said size of said buffer is increased in proportion to a time duration of a disruption of said connection.
-
4. The method of claim 1, wherein said size of said buffer is increased to a size R S(l 1), where R is an initial size of said buffer, l denotes said number of time intervals that have passed since said last alert message transmission and S denotes said increment of the buffer size per time interval.
-
5. The method of claim 1, wherein said size of said buffer is increased by adding buffer slots at a location of a current write pointer index.
-
6. The method of claim 1, further comprising the step of storing a current write pointer index value and a forward secure counter indicating a number of buffer adaptations in said buffer.
-
7. The method of claim 1, further comprising the step of evaluating sequence numbers of a plurality of said alert messages to detect a gap in said alert messages.
-
8. The method of claim 1, further comprising the step of detecting a truncation attack based on an alert message m* written in the buffer when a said size of said buffer is adjusted.
-
9. The method of claim 1, wherein said alert message has a variable size by writing said alert message into a plurality of consecutive slots of said buffer.
-
10. The method of claim 1, further comprising the step of reducing said size of said buffer when said connection is re-established.
-
11. The method of claim 10, wherein said reduction is delayed until a predefined number of said buffers have been transmitted on said re-established connection.
-
12. A non-transitory machine-readable recordable storage medium for transmitting by a host an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, wherein said non-transitory machine-readable recordable storage medium stores one or more software programs, wherein the one or more software programs when executed by one or more processing devices implement steps comprising:
-
obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
13. An apparatus of a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, the apparatus comprising:
-
a memory; and at least one processing device, coupled to the memory, operative to implement the following steps; obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
14. The apparatus of claim 13, wherein said size of said buffer is increased in proportion to a time duration of a disruption of said connection.
-
15. The apparatus of claim 13, wherein said size of said buffer is increased by adding buffer slots at a location of a current write pointer index.
-
16. The apparatus of claim 13, wherein said at least one processing device is further configured to evaluate sequence numbers of a plurality of said alert messages to detect a gap in said alert messages.
-
17. The apparatus of claim 13, wherein said at least one processing device is further configured to detect a truncation attack based on an alert message m* written in the buffer when said size of said buffer is adjusted.
-
18. The apparatus of claim 13, wherein said alert message has a variable size by writing said alert message into a plurality of consecutive slots of said buffer.
-
19. The apparatus of claim 13, further comprising the step of reducing said size of said buffer when said connection is re-established.
-
20. The apparatus of claim 19, wherein said reduction is delayed until a predefined number of said buffers have been transmitted on said re-established connection.
Specification