Attacker Model and Security Assumptions Sample Clauses

Attacker Model and Security Assumptions. We assume the standard attacker model as defined by ▇▇▇▇▇▇▇ and Schroe- der, i.e., an attacker who has complete control over the communication channel and can eavesdrop, inject, modify, reorder or otherwise change the flow of data on the channel. Based on specific capabilities on the part of the attacker, we distinguish between passive attacks and adversaries, and ac- tive attacks. Passive attacks consist of eavesdropping on the communication channel followed by computation on the observed data with the goal of ob- taining the key. Active attacks involve manipulation of the channel, with the attacker modifying data sent over that channel or injecting his own; passive attacks may allow certain types of active attacks to be mounted. Our main focus is the security of the group key, and in the case of active adversaries, resilience against outside influence on the key. We specifically exclude the case of malicious insiders and focus on active attackers that never were members of the group. Security against passive attacks is achieved by basing the key deriva- tion procedure on some computationally hard problem that makes it infea- sible to compute the group key using only the information transmitted over the channel. The majority of proposed methods are based on some variant of the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem. To protect against active attacks, protocols have to ensure that messages sent over the channel are not modified, and that messages that were not sent by legitimate group members are rejected. This is usually achieved through the use of digital signature, but protocols based on bilinear pairings that make use of identity-based or certificateless cryptography have become an area of active research in recent years. There are two main variants of the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ problem – the Com- putational ▇▇▇▇▇▇-▇▇▇▇▇▇▇ and the Decisional Diffie ▇▇▇▇▇▇▇ problem. The original problem, used as a basis for the ▇▇▇▇▇▇-▇▇▇▇▇▇▇ protocol, is defined in the multiplicative group Zp∗ for p prime; the generalized versions are de- fined in finite cyclic groups.