TY - GEN
T1 - Modeling computational security in long-lived systems
AU - Canetti, Ran
AU - Cheung, Ling
AU - Kaynar, Dilsun
AU - Lynch, Nancy
AU - Pereira, Olivier
N1 - Funding Information:
Canetti’s work on this project was supported by NSF award #CFF-0635297 and BSF award #2006317. Cheung and Lynch were supported by NSF Award #CCR-0326227. Kaynar was supported by US Army Research Office grant #DAAD19-01-1-0485. Pereira is a Research Associate of the F.R.S.-FNRS and was supported by the Belgian Interuniversity Attraction Pole P6/26 BCRYPT.
PY - 2008
Y1 - 2008
N2 - For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are long-lived in nature; they are expected to be secure and operational for a very long time (i.e. super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol. This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for a potentially unbounded amount of real time, provided they perform only a polynomial amount of work per unit of real time. Moreover, the space used by these entities is allocated dynamically and must be polynomially bounded. We propose a new notion of long-term implementation, which is an adaptation of computational indistinguishability to the long-lived setting. We show that long-term implementation is preserved under polynomial parallel composition and exponential sequential composition. We illustrate the use of this new paradigm by analyzing some security properties of the long-lived timestamping protocol of Haber and Kamat.
AB - For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are long-lived in nature; they are expected to be secure and operational for a very long time (i.e. super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol. This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for a potentially unbounded amount of real time, provided they perform only a polynomial amount of work per unit of real time. Moreover, the space used by these entities is allocated dynamically and must be polynomially bounded. We propose a new notion of long-term implementation, which is an adaptation of computational indistinguishability to the long-lived setting. We show that long-term implementation is preserved under polynomial parallel composition and exponential sequential composition. We illustrate the use of this new paradigm by analyzing some security properties of the long-lived timestamping protocol of Haber and Kamat.
UR - http://www.scopus.com/inward/record.url?scp=54249156032&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-85361-9_12
DO - 10.1007/978-3-540-85361-9_12
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:54249156032
SN - 354085360X
SN - 9783540853602
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 114
EP - 130
BT - CONCUR 2008 - Concurrency Theory - 19th International Conference, CONCUR 2008, Proceedings
T2 - 19th International Conference on Concurrency Theory, CONCUR 2008
Y2 - 19 August 2008 through 22 August 2008
ER -