Re: AES key sizes, etc.
I will take a stab at this. If I have forgotten something, please chime
in.
On Mar 23, 2004, at 11:04 AM, Williams, Jim wrote:
> 2. Is there a summary of the threat model against which the encryption
> is intended to defend?
This is intended to protect the privacy and defend against the
malleability of the ciphertext.
The attackers are
1. Passive observation of SAN traffic.
2. Access to the storage (either by accessing the SAN or getting the
storage medium itself).
3. Active man in the middle on the SAN (changing the command and/or
data).
4. Active modifications to the storage system either via the SAN,
backdoor into the storage system or removal and reinstallation of the
storage.
The security provided is
1. Privacy. One time physical access to the storage privides no
information. Observational and active attackers only know what "globs"
have changed. In r=1, a glob is 16 bytes, in r=32 a glob is 512 bytes.
2. Maliability. The attackers can only change globs to previous valid
information. Globs moved and/or modified result in no controllable
changes to the plaintext (beyond random). The goal is that the
information within the glob will become random if moved or tampered
with. (CBC, for instance, can not meet this goal).
I feel like I am missing something here.
Hope this helps.
Thank s
jim