Malicious-and Accidental-Fault Tolerance for Internet Applications
IST Research Project IST-1999-11583
1 January 2000 - 28 February 2003

Check out a summary of the project, or browse through the original project proposal.

MAFTIA involved experts from 5 countries and 6 organisations. The Industrial Advisory Board provided valuable feedback on the work of the project.

Research was organised into six workpackages.

Find out more about the key scientific results and achievements, and the benefits of this research collaboration.




Conceptual Model and Architecture
WP1 concentrated on the Conceptual Model and Architecture of attack tolerance.
Deliverables...


Dependable Middleware
WP2 developed a modular and scalable cryptographic group-oriented middleware suite
Deliverables...


Intrusion Detection
WP3 investigated ways of reducing the high rate of false positives and false negatives for existing Intrusion Detection Systems (IDSs), whilst making the IDS itself intrusion-tolerant
Deliverables...


Trusted Third Parties
WP4 designed a generic architecture for dependable Trusted Third Party (TTP) services based on results from WP2.
Deliverables...



Distributed Authorisation
In WP5, we defined a framework for access control and authorisation
Deliverables...



Verification and Assessment
WP6
worked towards formalisation of the MAFTIA conceptual model
Deliverables...

Trusted Third Parties

Trusted third parties (TTPs) play a central role in electronic commerce. Basic protocols like fair exchange and public key certification cannot operate without them. Traditionally, a TTP is implemented on a single host, so that, if used for a security-critical application such as certification of public keys, the security of the complete application relies on the integrity of this host.

We designed a generic architecture for dependable TTP services using the protocols developed in WP2. We achieved dependability by distributing the trust onto several parties, such that confidentiality and availability of the service are guaranteed even if some servers are corrupted.

The results of WP2 provide support for transactional paradigms and group membership protocols and we used these to implement a distributed TTP. This required tools from distributed cryptography or threshold cryptography, such as a distributed signature scheme and a threshold cryptosystem. Threshold schemes are non-trivial extensions of the ordinary cryptographic schemes because the secret key cannot merely be replicated at all servers: a corrupted server might disclose the key. The existing schemes for threshold cryptographic protocols have all been formulated in a synchronous environment with secure atomic broadcast available. Because these assumptions are either unrealistic or unrealistically inefficient in an Internet environment, and because cryptographic protocols cannot always be combined in a nice modular way, further work was needed in order to provide the necessary secure cryptographic tools. This included the development of distributed signature schemes and threshold cryptosystems in partial-synchrony or asynchronous communication models.

Distributing the TTP also implies changing the applications that use the TTP; for example, a user request to the TTP might be replaced by requests to a quorum of all TTP servers, or might be repeated until one TTP server answers. We therefore developed the necessary abstraction layer for the interface between client and server for TTP applications.

We provided a specification and a prototype implementation of a dependable TTP for public-key infrastructure (PKI) certification and for fair exchange. A PKI based on certification is essential for trust-management and any type of secure application. Certificates are issued by certification authorities (CA) and the topmost CA ("root CA") may become a single point of failure for the whole PKI.

Fair exchange between mutually distrusting parties is an important problem for electronic commerce. Protocols using the so-called "optimistic" approach have been proposed that rely on a TTP, but only for handling exceptions. The TTP is not involved in regular transactions if both partners comply and no messages are lost. We provided the specification and a prototype implementation of a dependable TTP for fair exchange using the optimistic approach.