juga
/
internet-drafts
forked from pEp.foundation/internet-drafts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

System modell + entities

Browse Source
master
iraklis 4 years ago
parent 60fddbe4e2
commit ee7bc630c9
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File

19
medup-requirements/draft-symeonidis-medup-requirements.mkd
Unescape View File

@ -162,17 +162,22 @@ can be addressed, due to conflicting requirements.
<!-- =================================================================== -->
# Problem areas
# System model
## Entities
## Trust Establishment
### Users: Sender and receiver(s)
There are the communicating parties such as the sender and receiver of messages.
Certificate directory / key packet server / trusted public key server
/ public ledger / out of bound
### Messaging operators and network nodes
Are the servers and network nodes who are responsible for message delivery and synchronization.
"Ensuring the distribution of cryptographic long-term keys and proof
of association with the owning entity"
### Third parties
It is any other entity who is interacting with the system.
# Problem areas
## Security Threats and Requirements
### Spoofing and entity authentication
@ -209,7 +214,7 @@ An adversary can sufficiently detect an IOI such as messages exchanged within th
## Information disclosure -- confidentiality
An adversary can disclose information exchanged within the system about users. It can perform a MitM aiming to learn the contents of a message the metadata information such as with whom someone is communicating with and with which frequency. It can be anyone but the users who are communicating such as the trusted key directory, messaging server, and the network nodes. The capabilities of an adversary can be local controlling one entity or channel of the network to a global adversary which can control several entities and communication links. Confidentiality of messages, together with security, needs to be guaranteed with the use of cryptographic operations such as secret sharing, symmetric, asymmetric, or homomorphic encryption.
An adversary can disclose information exchanged within the system about users. It can perform a MitM aiming to learn the contents of a message the metadata information such as with whom someone is communicating with and with which frequency. It can be anyone but the users who are communicating such as the messaging server, and the network nodes. The capabilities of an adversary can be local controlling one entity or channel of the network to a global adversary which can control several entities and communication links. Confidentiality of messages, together with security, needs to be guaranteed with the use of cryptographic operations such as secret sharing, symmetric, asymmetric, or homomorphic encryption.
## Non-repudiation and deniability

Write Preview
Loading…
Cancel
Save