adds the security requirements, terminologies and the adversarial model

This commit is contained in:
Sanaz 2020-12-10 13:45:45 -08:00 committed by Sanaz Taheri Boshrooyeh
parent 82c94db89f
commit f48a8b7442
1 changed files with 23 additions and 2 deletions

View File

@ -9,9 +9,17 @@ authors: Oskar Thorén <oskar@status.im>, Dean Eigenmann <dean@status.im>, Hanno
- [Abstract](#abstract) - [Abstract](#abstract)
- [Content filtering](#content-filtering) - [Content filtering](#content-filtering)
* [Rationale](#rationale) - [Rationale](#rationale)
* [Protobuf](#protobuf) - [Security Requirements](#security-requirements)
- [Terminologies](#terminologies)
- [Adversarial Model](#adversarial-model)
- [Protobuf](#protobuf)
- [FilterRPC](#filterrpc)
- [FilterRequest](#filterrequest)
- [MessagePush](#messagepush)
- [Changelog](#changelog) - [Changelog](#changelog)
- [2.0.0-beta2](#200-beta2)
- [2.0.0-beta1](#200-beta1)
- [Copyright](#copyright) - [Copyright](#copyright)
- [References](#references) - [References](#references)
@ -44,6 +52,19 @@ It is worth noting that a light node could get by with only using the `store`
protocol to query for a recent time window, provided it is acceptable to do protocol to query for a recent time window, provided it is acceptable to do
frequent polling. frequent polling.
## Security Requirements
- **Anonymous filter**: This feature guarantees that nodes can anonymously subscribe for messages matching a content filter (i.e., without revealing their exact content filter). As such, no adversary in the `filter` protocol would be able to link peers to their subscribed content filers.
- **Prevention of Denial of Service (DoS)**: Denial of service signifies the case where an adversarial requesting node exhausts a full node's bandwidth and make it unavailable to the rest of the system. This may happen by either submitting a content filter covering all the exisiting contents (effectively applying no filter) or by launching Sybil attack (i.e., creating a large number of peers) and loading the full node with a mass of subscribtion requests.
### Terminologies
The term Personally identifiable information (PII) refers to any piece of data that can be used to uniquely identify a Peer. For example, the signature verification key, and the hash of one's IP address are unique for each peer and hence count as PII.
## Adversarial Model
- Any peer talking the `filter` protocol i.e., both the subscriber node and the queried node are considered as an adversary. Furthermore, we consider the adversary as a passive entity that attempts to collect information from other peers to conduct an attack but it does so without violating protocol definitions and instructions. For example, under the passive adversarial model, no malicious node intentionally hides the messages matching to one's subscribed content filter as it is against the description of the `filter` protocol.
- The following are not considered as part of the adversarial model: 1- An adversary with a global view of all the peers and their connections 2- An adversary that can eavesdrop on communication links between arbitrary pair of peers (unless the adversary is one end of the communication). In specific, the communication channels are assumed to be secure.
## Protobuf ## Protobuf
```protobuf ```protobuf