Dolev–Yao Model
   HOME

TheInfoList



Click Here for Items Related To - Dolev–Yao Model
OR:
Dolev–Yao Model on:   [Wikipedia]   [Google]   [Amazon]

The Dolev–Yao model, named after its authors Danny Dolev and
Andrew Yao Andrew Chi-Chih Yao (; born December 24, 1946) is a Chinese computer scientist and computational theorist. He is currently a professor and the dean of Institute for Interdisciplinary Information Sciences (IIIS) at Tsinghua University. Yao use ...
, is a
formal model In logic, mathematics, computer science, and linguistics, a formal language consists of string (computer science), words whose symbol (formal), letters are taken from an alphabet (formal languages), alphabet and are well-formedness, well-formed ...
used to prove properties of interactive cryptographic protocols.


The network

The network is represented by a set of abstract machines that can exchange messages. These messages consist of formal terms. These terms reveal some of the internal structure of the messages, but some parts will hopefully remain opaque to the adversary.


The adversary

The adversary in this model can overhear, intercept, and synthesize any message and is only limited by the constraints of the cryptographic methods used. In other words: "the attacker carries the message." This
omnipotence Omnipotence is the quality of having unlimited power. Monotheistic religions generally attribute omnipotence only to the deity of their faith. In the monotheistic religious philosophy of Abrahamic religions, omnipotence is often listed as one ...
has been very difficult to model, and many threat models simplify it, as has been done for the attacker in
ubiquitous computing Ubiquitous computing (or "ubicomp") is a concept in software engineering, hardware engineering and computer science where computing is made to appear anytime and everywhere. In contrast to desktop computing, ubiquitous computing can occur using ...
.


The algebraic model

Cryptographic primitives are modeled by abstract operators. For example, asymmetric encryption for a user x is represented by the encryption function E_x and the decryption function D_x. Their main properties are that their composition is the
identity function Graph of the identity function on the real numbers In mathematics, an identity function, also called an identity relation, identity map or identity transformation, is a function that always returns the value that was used as its argument, un ...
(D_x E_x = E_x D_x = 1) and that an encrypted message E_x(M) reveals nothing about M. Unlike in the real world, the adversary can neither manipulate the encryption's bit representation nor guess the key. The attacker may, however, re-use any messages that have been sent and therefore become known. The attacker can encrypt or decrypt these with any keys he knows, to forge subsequent messages. A protocol is modeled as a set of sequential runs, alternating between queries (sending a message over the network) and responses (obtaining a message from the network).


Remark

The symbolic nature of the Dolev–Yao model makes it more manageable than computational models and accessible to
algebra Algebra () is one of the broad areas of mathematics. Roughly speaking, algebra is the study of mathematical symbols and the rules for manipulating these symbols in formulas; it is a unifying thread of almost all of mathematics. Elementary ...
ic methods but potentially less realistic. However, both kinds of models for cryptographic protocols have been related. Also, symbolic models are very well suited to show that a protocol is ''broken'', rather than secure, under the given assumptions about the attackers capabilities.


See also

*
Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
*
Cryptographic protocol A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol descr ...


References

{{DEFAULTSORT:Dolev-Yao model Computer security