The ability to secure systems that provide non-public services over public network infrastructures such as the Internet is challenging. Even when these services use cryptographically secure authentication, implementation bugs are quickly exploited by attackers to turn these services into gaping security holes. We introduce the notion of ``Cloaked Server Security,'' in which authorized users are able to easily connect to the desired service, but unauthorized users cannot determine if the server exists. We formalize this concept by using an iterative approach to carefully define the model for our adversary and the challenge presented to that adversary. In evaluating a number of common and interesting network security schemes against our definition, we find most of them lacking against even weak adversaries. However, anonymizing networks provide the most promising approach to meeting our security definition.

[Postscript(322KB)] [PDF(154KB)] [BibTeX]

[ Return to publications ]