Adversary Model. In our system model, the UAVs mainly use public network based communication. Consequently, there is a possibility of various attacks by a wide range of adversaries. In this paper, we consider the following security and privacy threats:
Adversary Model. We assume a globally passive attacker that is capable of eavesdropping traffic of the entire wireless network. The attacker can eavesdrop, inject, modify, drop messages within the network at will. However, the attacker has only bounded computation capability, and is not capable of breaking the ID- based encryption system. That is, the ECDH problem and the BDH problem are assumed to be hard.
Adversary Model. The Ȃ, being a probabilistic polynomial- time Turing machine for the protocol run, might eavesdrop, modify the messages, and fully control the public channel. This activity could be represented by the understated queries: and subscriber, and it is assumed that the communication Execute (∏ Y,X ): The execute query simulates all sort of between CSj and ESP is secure. In this scenario, CSj and ESP passive attacks, while a passive attacker may intercept the might be deemed as a single member for analyzing formally. communication among ∏ and ∏ for a protocol session. X,Y Y,X
Adversary Model. We consider an adaptive Byzantine adversary that can corrupt up to t < n/2 parties at any point of a protocol execution. We refer to the actual number of corruptions during an execution of the protocol as f t. A corrupt (or malicious) party Pi is under full control of the adversary and may deviate arbitrarily from the protocol. In particular, the adversary learns Xx’s H signing key ski, which allows it to sign messages on Pi’s behalf. In addition, we allow the adversary to delete (or replace with its own) any undelivered messages of a newly corrupted party Pi that Pi sent while it was still honest. We denote the set of uncorrupted (or honest) parties as . We assume that the adversary is computationally bounded and cannot forge signatures of honest parties. In line with the literature in this area, we treat signatures as idealized primitives with perfect security. When instantiating the signature scheme with an existentially unforgeable one, we obtain protocols with non-neglible probability of failure. { } Common Coin. We assume an ideal coin-flip protocol CoinFlip that allows parties to agree with constant probability p < 1 on a random coin in 0, 1 . This protocol can be viewed as an ideal functionality [20] that upon receiving input r from t + 1 parties generates a random coin ci and sends (c(r)) to each party Pi ∈ P, where c(r) = c(r) with probability at least p. The value remains uniform from the adversary’s view until the first honest party has queried CoinFlip. Such a primitive can be achieved using verfiable random functions [21], threshold signatures [22], or verifiable secret sharing [14]. We begin by presenting definitions of well-known primitives, such as Byzan- tine agreement and graded consensus. Following this, we introduce new defini- tions for our proposed protocols: graded consensus with detection. ∈ { } ∈ { }
Adversary Model. To analyze the security of Σ5 q2 + (qs + 2N )2 AdvAKA(A) = i=1 hi + P games between a challenger which honestly executes the q A protocol and a adversary whCich can eavesdrop, modify, and fabricate the messages transmitted in public channels. For the adversary model in our proposed scheme, we follow Bellare et al.’s model [14] [50] mostly except that add two oracles 6qsign(qsign + qbf ) + (q − 1)/2 − qsign − qbf q 2qh6 + 4N · AdvECCDHP (B).
Adversary Model. The adversary in our protocol is modelled as a (q, tp, κ)-algorithm A as defined above. A can control at most q parties each with a maximum speedup of κ, such that q < ⌊κn holds. In particular, the number of adversarial parties can be at most n ⌋+1 < 2 (this is the case for κ = 1). We consider an adaptive adversary which can corrupt a party at any point during the protocol execution. Once a party has been corrupted, it can arbitrarily deviate from the protocol execution. Furthermore, it can deliver a message over the multicast channel only to a subset of honest parties. In this way, it can send different messages to different subsets of honest parties over the multicast channel. However, the adversary can not drop the messages of honest parties from the channel or delay them for longer than ∆. Our adversary is xxxxxxx, which means it can observe all the messages that the honest parties send in any round of the protocol, and then choose its own messages for that round adaptively. We notice that we consider the standard notion of an adaptive, xxxxxxx adversary, as opposed to the stronger notion of a strongly xxxxxxx (or strongly adaptive) adversary (see for e.g., [ADD+19,ACD+19,CGZ21]) who can adaptively corrupt parties and then delete messages that they sent in the same round (prior to corruption).
Adversary Model. In this work, we assume a very powerful adversary, char- acterized by both passive and active features. In detail, the adversary model assumed in our work is con- sistent with the Dolev-Yao attacker model, used by the large majority of contributions in the literature working on CBKE [30], [31]. According to the Dolev-Yao attacker model, the adversary can eavesdrop all the communications between any two involved devices, by simply tuning its radio on the same frequency and channel used by the target devices, independently from the selected communication technology. In addition, the adversary can transmit its own messages, either replaying messages previously eavesdropped on the communication channel, or forging new ad-hoc messages, impersonating any party in the system. Thanks to these powerful features, the adversary aims to
