tailieunhanh - Security Models: Dolev-Yao, Semantic Security, Probabilistic Encryption and ZKIP

For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate, inject, alter, duplicate, reroute, etc Adversary may control a large number of network nodes that are geographically separated Dolev-Yao Threat Model: A very powerful adversarial model that is widely accepted as the standard by which cryptographic protocols should be evaluated Eve, the adversary, can: Obtain any message passing through the network Act as a legitimate user of the network (. can initiate a conversation with any other user) Can become the receiver to any sender Can send messages to any entity by impersonating any other entity . | Security Models: Dolev-Yao, Semantic Security, Probabilistic Encryption and ZKIP Dolev-Yao For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate, inject, alter, duplicate, reroute, etc Adversary may control a large number of network nodes that are geographically separated Dolev-Yao Threat Model: A very powerful adversarial model that is widely accepted as the standard by which cryptographic protocols should be evaluated Eve, the adversary, can: Obtain any message passing through the network Act as a legitimate user of the network (. can initiate a conversation with any other user) Can become the receiver to any sender Can send messages to any entity by impersonating any other entity Dolev-Yao, pg. 2 This seems very powerful, but not entirely so Under Dolev-Yao: Any message sent via the network is considered to have been sent by Eve Thus, any message received “might” have been . | Security Models: Dolev-Yao, Semantic Security, Probabilistic Encryption and ZKIP Dolev-Yao For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate, inject, alter, duplicate, reroute, etc Adversary may control a large number of network nodes that are geographically separated Dolev-Yao Threat Model: A very powerful adversarial model that is widely accepted as the standard by which cryptographic protocols should be evaluated Eve, the adversary, can: Obtain any message passing through the network Act as a legitimate user of the network (. can initiate a conversation with any other user) Can become the receiver to any sender Can send messages to any entity by impersonating any other entity Dolev-Yao, pg. 2 This seems very powerful, but not entirely so Under Dolev-Yao: Any message sent via the network is considered to have been sent by Eve Thus, any message received “might” have been manipulated by Eve Eve can control how things are sent What is not possible: Eve cannot guess a random number which is chosen as part of a security protocol Without knowledge of a key, Eve cannot figure out a plaintext from a ciphertext, nor can she create ciphertexts from a plaintext. Eve can’t solve the private-key pairing of a public key Eve cannot control the “memory” of a computing device of a legitimate user (. Eve can only play with the communication) Strong Security Definitions Generally, when discussing the crypto algorithms in this class, we have considered a weak confidentiality model, in which our enemy was a passive eavesdropper For real applications, however, we should consider an active adversary also– they may modify a ciphertext or calculate a plaintext and send the result to a user to get an oracle service Oracle service: A principal is used as an oracle when the principal performs a cryptographic operation inadvertantly for the attacker We should anticipate that Eve is an