Security Threat Model

This is the Security Threat Model pagee

Security threat model

  1. Assumptions

    1. Attacker’s capabilities

    2. Manipulation

      1. Alter any part of the data, including meta (eg, digital signatures) and routing data

      2. Reorder the data

      3. Inject any other data

      4. View the data as it is sent from A/B’s device

      5. Can completely compromise any network, data store, connection protocol, and intermediate device between A and B

    3. Assume A and B’s device is physically and operationally secure

    4. A/B can enter passphrase and submit it to the Keychain software securely

    5. No untrusted party has access to the core system functions such as memory bus, process memory, root access, etc

    6. Network connectivity is of sufficient quality to allow the transmission of the data between parties and the blockchain within reasonable delay tolerances

    7. The cost of censoring keychain extensions is prohibitively high relative to the value obtained from the censorship

      1. In proof of work system, this means that the prevailing blockchain network proof of work difficult is sufficiently high

    8. The users protect and keep confidential their respective passphrases to unlock Keychain’s gateway

    9. The end user is motivated to protect his/her data and acts accordingly in self interest to do so

    10. The end user can trust counterparties with data to which the user has given access OR accepts responsibility for sharing access to data with trusted counterparties (other users)

    11. In the case of business workflows and contracts, there is a legal basis for using digital signatures for binding contracts

  2. Classes and capabilities of attackers

    1. Weak adversary

    2. Observational

      1. All transactions on the blockchain

      2. Observe the blockchain and data transmitted without surveillance context

      3. Any messages and meta data (including dig sigs, all network packets/meta data, timestamps, etc)

      4. All data after encryption and before decryption by the keychain software

      5. Memory and disk of A/B’s local machine except the some of the process memory of Keychain’s gateway/wallet objects

      6. Current surveillance techniques such as video capture of the user, GPS/Wifi tracking, data collection through other applications, system logs

        1. Except that the user keeps his passphrase confidential

        2. Data is kept secure by the user before encrypting/signing, after decrypting/verifying

      7. Pair with any or all parties

      8. Can be known or unknown wrt the Keychain protocol

      9. Know which real-world entity or person a given certificate belongs to

      10. Know the encryption and signature schemes and associated parameters chosen by the user to secure his data

    3. Intermediate adversary

      1. Know the mapping between real-life participants and their persona IDs

      2. Knows general communication subject matter (message / timing analysis for chosen ciphertext attacks)

      3. Has access to Keychain or compatible software to perform chosen ciphertext attacks

      4. For intermediate adversaries, additional padding/timing obfuscation techniques might need to be done by the application in order to prevent the attacker from deducing the general message content.

    4. Strong adversary

      1. Controls one or more network channels, blockchain nodes, and/or data stores

      2. Has high amount of computational power

  3. Keychain Security Representations

    1. Each encrypted message is semantically secure under and adaptive chosen-ciphertext attack (IND-CCA2) for the chosen encryption scheme/parameter’s corresponding (probablistic) timeframe regardless of where the message is stored or over whichever it is transmitted

      1. the associated authenticated data is tamper evident to the recipient

      2. The recipient will be prevented from receiving the decryption result of tampered ciphertext/associated data

      3. Only recipients who have been given access to the data (as encapsulated with the data) can decrypt the data with their private keys

    2. Each digitally signed message is secure against existential forgery under an adaptive chosen message attack for the corresponding security time frame

      1. The recipient is notified if either

      2. The data, associated data, or signatures are altered externally

      3. The signer was not previously paired with (known by) the recipient

    3. A cryptoperiod is the probablistic time period it is expected to take an attacker to break the semantic security of the chosen cryptosystems used to secure data