REMOTEGATE: Incentive-Compatible Remote Configuration of Security Gateways

TL;DR

This paper presents REMOTEGATE, an incentive-compatible protocol enabling servers to securely and reliably configure untrusted security gateways to block attack packets, using digital payments to motivate correct behavior.

Contribution

It introduces a novel interactive mechanism that ensures trustworthy remote configuration of security gateways through incentive alignment and verification.

Findings

Protocol guarantees correct rule deployment before payment

Enables scalable, incentive-driven security improvements

Supports secure, remote gateway configuration at Internet scale

Abstract

Imagine that a malicious hacker is trying to attack a server over the Internet and the server wants to block the attack packets as close to their point of origin as possible. However, the security gateway ahead of the source of attack is untrusted. How can the server block the attack packets through this gateway? In this paper, we introduce REMOTEGATE, a trustworthy mechanism for allowing any party (server) on the Internet to configure a security gateway owned by a second party, at a certain agreed upon reward that the former pays to the latter for its service. We take an interactive incentive-compatible approach, for the case when both the server and the gateway are rational, to devise a protocol that will allow the server to help the security gateway generate and deploy a policy rule that filters the attack packets before they reach the server. The server will reward the gateway only when the latter can successfully verify that it has generated and deployed the correct rule for the issue. This mechanism will enable an Internet-scale approach to improving security and privacy, backed by digital payment incentives.