creating a web of trust with agents
Results 1 to 2 of 2

Thread: creating a web of trust with agents

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    creating a web of trust with agents

    Hi,

    I'm not sure if this is the right place for it. I'm thinking of creating a secure place on the internet.

    Some of my presumptions are:
    1 - That no system/network is to be trusted.
    2 - Important data should be encrypted.
    3 - The link between data and encryption key should be as secure as possible.

    What I got so far is the idea to create a path of stateless rpc proxy agents that transfer requests and answers.

    Each agent should have only knowledge of the next agent, the request/answer will carry a encrypted
    payload of passwords and requested data.

    Paths will be generated from a secure site and each agent will be informed of his part in this setup.
    This could happen to pre installed agents or by replacing agents with new agents. Ideally this reconfiguring
    of paths should happen as much as possible and with the highest randomness. Agents have to be configured
    in a fault tolerant mesh setup.

    Additionally agents would be configured to integrity check their part of the network.

    Asymmetric encryption is used to package transport data and symmetric encryption is used for database
    encryption.

    The weak point of this set up is the in memory data at the time of encryption and decryption of the data.
    And I have no Idea how to solve this.

    I'm very sure there are more weaknesses in this setup.

    All suggestions are welcome.

    Kind regards,

    Jessec

  2. #2
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    The one continuing weakness in security is the human element. You would have to have physical security on all of those agents. Unless you were making a small "internet" you'd have to have other people in the mix to help you maintain it.

    Once you bring in other people you have to consider the level of trust in all of them. I don't mean that people are necessarily evil but you'd also have to be able to trust them to do their job as completely as you would, negligence can bring down a network as quick as malevolence.
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

Similar Threads

  1. can border agents search your laptops?
    By whatever878787 in forum Security News
    Replies: 26
    Last Post: July 31st, 2006, 03:25 AM
  2. Criminal IT: Should you trust the Internet?
    By SDK in forum Miscellaneous Security Discussions
    Replies: 4
    Last Post: January 28th, 2005, 05:54 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. FBI agents train to be 14-year-old girls
    By One Who Watches in forum Tech Humor
    Replies: 9
    Last Post: June 23rd, 2003, 09:10 AM
  5. Denail Of Service FAQ
    By Ennis in forum The Security Tutorials Forum
    Replies: 4
    Last Post: November 15th, 2001, 07:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •