add attack on verify cap
[Imported from Trac: page NewCaps/WhatCouldGoWrong, version 7]
davidsarah
parent
c7d7682951
commit
e541673fba
|
|
@ -9,11 +9,13 @@ This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: <h
|
||||||
|4|roadblock or speedbump [2]footnote|generate (*K1enc*,*Dhash*,*V*) that hash to someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^|
|
|4|roadblock or speedbump [2]footnote|generate (*K1enc*,*Dhash*,*V*) that hash to someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^|
|
||||||
|5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the cipher's security and the secrecy of the encryption key *K1*|2^*k*^|
|
|5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the cipher's security and the secrecy of the encryption key *K1*|2^*k*^|
|
||||||
|6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force on *R* is !#2|
|
|6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force on *R* is !#2|
|
||||||
|7|unauthorized deletion|brute force KD|anyone|any one file|secrecy of *KD*|
|
|7|unauthorized deletion|brute force KD|anyone|any one file|secrecy of *KD*|2^*d*^|
|
||||||
|8|unauthorized deletion|figure out the destroy key KD from Dhash|anyone|any one file|the hash function's pre-image resistance on *Dhash*|
|
|8|unauthorized deletion|figure out the destroy key KD from Dhash|anyone|any one file|the hash function's pre-image resistance on *Dhash*|brute force on *KD* is !#7|
|
||||||
|9|denial of service|prevent access to servers holding sufficient shares (by controlling some of them, or by attacking them)|anyone|any file|not prevented by crypto|
|
|9|denial of service|prevent access to servers holding sufficient shares (by controlling some of them, or by attacking them)|anyone|any file|not prevented by crypto|n/a|
|
||||||
|
|10|cause invalid share to verify|generate (*K1enc*,*Dhash*,*V*) that hash to someone else's (*T*,*U*), and copy their *S*|anyone|any one file|the hash function's second-pre-image resistance on (*T*,*U*)|2^*t*+*u*^|
|
||||||
|
|11|undeletion|undelete a file (making it readable by existing read caps) by restoring its shares|anyone|any one file|assuming a "tombstone" is present on all relevant servers: same as !#10|2^*t*+*u*^|
|
||||||
|
|
||||||
where *k* = bitlength(*K1*), *n* = bitlength(*R*), *t* = bitlength(*T*), *d* = bitlength(*KD*).
|
where *k* = bitlength(*K1*), *n* = bitlength(*R*), *t* = bitlength(*T*), *u* = bitlength(*U*), *d* = bitlength(*KD*).
|
||||||
|
|
||||||
1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
|
1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
|
||||||
2. *roadblock*: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; *speedbump*: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (*K1enc*,*Dhash*,*V*)'s until it finds the real one
|
2. *roadblock*: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; *speedbump*: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (*K1enc*,*Dhash*,*V*)'s until it finds the real one
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue