I don't know if anyone else noticed this but... Storage systems are basically a subclass of protocols; they're unidirectional (with no acknowledgements). IOW, you're sending messages to yourself at some (future) point in space-time.
The recipient cannot respond, so is necessarily unauthenticated. However, the converse is not true; the sender can apply a MAC to the data to assure the recipient it has not been altered. Q: Do any storage cryptosystems do this? How do they manage the metadata? Since it is a non-interactive protocol with no recipient authentication, anyone may be the recipient, and subject it to an attack, which is necessarily passive and offline. Q: What design criteria does this imply, compared to our standard bi-directional protocols? And since it is unidirectional, any error correction must be of the FEC variety; you may not go back in time and send more data. And of course, no C/R or other protection against replay attacks. Q: What is the analog of a replay attack in the storage crypto context? Does it have something to do with not maintaining positive control of your storage media at all times? In summary, it's very much like email encryption a la GnuPG. It may be further simplified, in that the recipient and sender are generally the same person. In LUKS, we may have several passphrases that unlock the storage key (which is merely what I call "key indirection", or a K-E-K). Q: What is the meaning of this, if we recast this as a protocol? In some cases, the storage crypto may also encrypt the storage key to the pubkey for the enterprise, for key recovery reasons. Q: Are there other applications of PK in storage crypto? -- I find your ideas intriguing and would like to subscribe to your newsletter. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email [email protected] to get blacklisted.
pgpzizFg42hcQ.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
