第二章 Wrestling Between Safeguard and Attack
一些术语:
encryption, encipherment, decription, decipherment, cryptographic algorithms, symmetric(shared-key) cryptosystem, asymmetric(public-key) cryptosystem, principal(entity, agent, user), bad guys(attacker, adversary, enemy, intruder, eavesdropper, impostor), active attacker, insider, threat model, Malice.
entity authentication( the liveness of an identified pricipal who is intended object of the communication ),
key-encryption key, long-term key, session key, short-term key.
Perfect Encryption with Notation {M}K 一种理想的加密算法
i)Without the key K, the ciphertext {M}K doesn't provide any cryptanalysis means for finding the plaintext msg M.
ii){M}K and maybe together with some known information about the plaintext msg M donot provide any cryptanalysis means for finding the key K.
iii)Without the key K, even with the knowledge of the plaintext M, it is impossible for sb to alter {M}K without being detected by the recipient during the time of decryption.
Dolev-Yao Threat Model
In this model, Malice has the following characteristics:
- He can obtain any message passing through the network
- He is a legitimate user of the network, and thus in particular can initiate a conversation with any other user
- He will have the opportunity to become a receiver to any pricipal
- He can send messages to any principal by impersonating any other pricipal
因此在此模型中可以认为所有在网络上的消息都是被Malice处理过的。
但是,依然有一些事情是Malice所不能做到的:
- Malice cannot guess a random number which is chosen from a sufficiently large space.
- Without the correct secret(or private) key,Malice cannot retrive plaintext from given ciphertext, and cannot create valid ciphertext from given plaintext with respect to the perfect encryption algorithm.
- Malice cannot find the private component, ie., the key K.
- While Malice have control of a larget public part of our computing and communication environment, in general, he is not in control of many private areas of the computing environment, such as accessing the memory of a principal's offline computing device.
Security Properties for Authenticated Key Establishment
After the end of the protocol run:
- Only Alice and Bob (or perhaps a principal who is trusted by them ) should know K. 保密性
- Alice and Bob should know that the other principal knows K. “当场性”
- Alice and Bob should know that K is newly generated. 新鲜性