RASSS: A hijack-resistant confidential information management scheme for distributed systems

In distributed systems there is often a need to store and share sensitive information (e.g., encryption keys, digital signatures, login credentials etc.) among the devices. It is also generally the case that this piece of information cannot be entrusted to any individual device since the malfunction or compromising of one node could jeopardize the security of the entire system. Even if the information is split among the devices, there is still a risk when an attacker can compromise a group of them. Therefore we have designed and implemented a secure and robust secret sharing scheme to enable a more resilient sharing of confidential information. This solution provides three important features: (i) it uses threshold secret sharing to split the information into shares to be kept by all devices in the system; so the information can only be retrieved collaboratively by groups of devices; (ii) it guarantees the privacy of the confidential information under a certain number of passive hijacking attacks; and (iii) it ensures the integrity of the confidential information against any number of hijackers who actively and collusively attack the devices. It is able to identify all the compromised devices, while still keeping the secret unforgeable to attackers.