December 3rd, 2009, 12:36 PM
creating a web of trust with agents
I'm not sure if this is the right place for it. I'm thinking of creating a secure place on the internet.
Some of my presumptions are:
1 - That no system/network is to be trusted.
2 - Important data should be encrypted.
3 - The link between data and encryption key should be as secure as possible.
What I got so far is the idea to create a path of stateless rpc proxy agents that transfer requests and answers.
Each agent should have only knowledge of the next agent, the request/answer will carry a encrypted
payload of passwords and requested data.
Paths will be generated from a secure site and each agent will be informed of his part in this setup.
This could happen to pre installed agents or by replacing agents with new agents. Ideally this reconfiguring
of paths should happen as much as possible and with the highest randomness. Agents have to be configured
in a fault tolerant mesh setup.
Additionally agents would be configured to integrity check their part of the network.
Asymmetric encryption is used to package transport data and symmetric encryption is used for database
The weak point of this set up is the in memory data at the time of encryption and decryption of the data.
And I have no Idea how to solve this.
I'm very sure there are more weaknesses in this setup.
All suggestions are welcome.
December 4th, 2009, 09:08 AM
The one continuing weakness in security is the human element. You would have to have physical security on all of those agents. Unless you were making a small "internet" you'd have to have other people in the mix to help you maintain it.
Once you bring in other people you have to consider the level of trust in all of them. I don't mean that people are necessarily evil but you'd also have to be able to trust them to do their job as completely as you would, negligence can bring down a network as quick as malevolence.
"Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot
By whatever878787 in forum Security News
Last Post: July 31st, 2006, 03:25 AM
By SDK in forum Miscellaneous Security Discussions
Last Post: January 28th, 2005, 05:54 PM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 08:01 AM
By One Who Watches in forum Tech Humor
Last Post: June 23rd, 2003, 09:10 AM
By Ennis in forum The Security Tutorials Forum
Last Post: November 15th, 2001, 07:42 PM