Shai, If you say that "The cryptographic transform must therefore provide protection against ciphertext manipulation", it would sound like the proposed LRW-AES transform provides full protection. In fact, it does not. The attacker can copy back earlier content or erase a specific block, both with catastrophic consequences.
For example, when a specially crafted PS document is saved to disk, an attacker can find it by inspecting the changed blocks (since an earlier inspection). If, say, the second block contained 0, and the PS document has a comparison of the value it finds there to 0, it takes a branch, and provides a specific content. However, when an attacker changed the second block, it will not be 0, so another variant of the document is shown. This way, if an attacker can send you an important document, and later he can access your LRW-AES encrypted disk, he can change your saved document to another, completely valid one. This vulnerability has been shown to affect, PS, PDF, DOC, EXE and many other file types. Therefore, I would also suggest some weakening of the sentence in question, or deleting it. Laszlo > -------- Original Message -------- > Subject: Re: glossary term for 1619: shared media > From: Shai Halevi <[EMAIL PROTECTED]> > Date: Tue, May 23, 2006 7:30 pm > To: SISWG <[EMAIL PROTECTED]> > > Robert Snively wrote: > > [...] > > A shared media can potentially be accessed by multiple agents, thereby > > raising the possibility that an attacker can get access to the encrypted > > storage. The cryptographic transform must therefore provide protection > > against ciphertext manipulation by an attacker. > > > > RNS: Is the intent to simply prevent an attacker from > > gaining useful access to the storage? I suppose > > that also includes the possibility that multiple > > agents (whatever those are) can access and modify the > > data if authorized. However, the second > > sentence concerns me a bit, because an obvious form > > of manipulation involves writing over the ciphertext, > > something that the encryption does nothing at all to > > prevent. That may be almost as devastating as writing > > properly encrypted but unauthorized data. > > > > The second sentence might better be deleted. > > I do not understand the concern here. > > When an attacker has access to your storage, you must assume that it > can delete it. Cryptography will not help you there. It might help you, > however, in ensuring that it cannot modify the storage without being > detected. LRW does achieve that to some extent, and the "second sentence" > refers to that. You may argue that it would be more accurate if it says > "some protection" rather than "protection", but I do not see any reason > to delete it. > > -- Shai
