Security alerting system with dynamic buffer size adaption
First Claim
Patent Images
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, comprising:
- obtaining, by at least one processing device, said alert message from said Security Alerting System;
authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner;
storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and
detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
7 Assignments
0 Petitions
Accused Products
Abstract
A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server; storing the authenticated alert message in a buffer; transmitting the buffer to the server; and detecting a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein the cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that the messages are inserted in the buffer and wherein the cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that the buffers are transmitted over a network.
12 Citations
20 Claims
-
1. A method performed by a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, comprising:
-
obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
2. The method of claim 1, wherein said authenticating step further comprises the step of encrypting said alert message.
-
3. The method of claim 1, wherein said size of said buffer is increased in proportion to a time duration of a disruption of said connection.
-
4. The method of claim 1, wherein said size of said buffer is increased to a size R S(l 1), where R is an initial size of said buffer, l denotes said number of time intervals that have passed since said last alert message transmission and S denotes said increment of the buffer size per time interval.
-
5. The method of claim 1, wherein said size of said buffer is increased by adding buffer slots at a location of a current write pointer index.
-
6. The method of claim 1, further comprising the step of storing a current write pointer index value and a forward secure counter indicating a number of buffer adaptations in said buffer.
-
7. The method of claim 1, further comprising the step of evaluating sequence numbers of a plurality of said alert messages to detect a gap in said alert messages.
-
8. The method of claim 1, further comprising the step of detecting a truncation attack based on an alert message m* written in the buffer when a said size of said buffer is adjusted.
-
9. The method of claim 1, wherein said alert message has a variable size by writing said alert message into a plurality of consecutive slots of said buffer.
-
10. The method of claim 1, further comprising the step of reducing said size of said buffer when said connection is re-established.
-
11. The method of claim 10, wherein said reduction is delayed until a predefined number of said buffers have been transmitted on said re-established connection.
-
12. A non-transitory machine-readable recordable storage medium for transmitting by a host an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, wherein said non-transitory machine-readable recordable storage medium stores one or more software programs, wherein the one or more software programs when executed by one or more processing devices implement steps comprising:
-
obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
13. An apparatus of a host for transmitting an alert message from a Security Alerting System indicating a potential compromise of a protected resource to a server, the apparatus comprising:
-
a memory; and at least one processing device, coupled to the memory, operative to implement the following steps; obtaining, by at least one processing device, said alert message from said Security Alerting System; authenticating, by said at least one processing device, said alert message using a secret key known by said server, wherein said secret key evolves in a forward-secure manner; storing, by said at least one processing device, said authenticated alert message in a buffer, wherein a size of said buffer is based on a connection history of said Security Alerting System; and detecting, by said at least one processing device, a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein said cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that said messages are inserted in the buffer and wherein said cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that said buffers are transmitted over a network, wherein each cryptographic key is identified as being one of a “
message”
protection key and a “
buffer”
protection key.
-
-
14. The apparatus of claim 13, wherein said size of said buffer is increased in proportion to a time duration of a disruption of said connection.
-
15. The apparatus of claim 13, wherein said size of said buffer is increased by adding buffer slots at a location of a current write pointer index.
-
16. The apparatus of claim 13, wherein said at least one processing device is further configured to evaluate sequence numbers of a plurality of said alert messages to detect a gap in said alert messages.
-
17. The apparatus of claim 13, wherein said at least one processing device is further configured to detect a truncation attack based on an alert message m* written in the buffer when said size of said buffer is adjusted.
-
18. The apparatus of claim 13, wherein said alert message has a variable size by writing said alert message into a plurality of consecutive slots of said buffer.
-
19. The apparatus of claim 13, further comprising the step of reducing said size of said buffer when said connection is re-established.
-
20. The apparatus of claim 19, wherein said reduction is delayed until a predefined number of said buffers have been transmitted on said re-established connection.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeEmc IP Holding Company LLC (Dell Technologies Inc.)
-
Original AssigneeEmc IP Holding Company LLC (Dell Technologies Inc.)
-
InventorsJuels, Ari, Triandopoulos, Nikolaos, Bowers, Kevin D.
-
Primary Examiner(s)Hirl, Joseph P
-
Assistant Examiner(s)Bell, Kalish
-
Application NumberUS15/901,254Time in Patent Office265 DaysField of SearchUS Class CurrentCPC Class CodesG06F 11/30 MonitoringG06F 11/3003 Monitoring arrangements spe...G06F 21/554 involving event detection a...G06F 21/64 Protecting data integrity, ...G06F 2221/2101 Auditing as a secondary aspectG06F 2221/2107 File encryptionH04L 1/00 Arrangements for detecting ...H04L 9/0861 Generation of secret inform...H04L 9/32 including means for verifyi...H04L 9/3242 involving keyed hash functi...H04L 9/50 using hash chains, e.g. blo...
