Definitions Edit

Key exfiltration is

[t]he transmission of cryptographic keying material for an encrypted communication from a collaborator, deliberately, or unwittingly, to an attacker.[1]
the transfer of keying material for an encrypted communication from the collaborator to the attacker.[2]

Overview Edit

Key exfiltration attacks rely on passive attack for access to encrypted data, with the collaborator providing keys to decrypt the data. So the attacker undertakes the cost and risk of a passive attack, as well as additional risk of discovery via the interactions that the attacker has with the collaborator.

In this sense, static exfiltration has a lower risk profile than dynamic. In the static case, the attacker need only interact with the collaborator a small number of times, possibly only once, say to exchange a private key. In the dynamic case, the attacker must have continuing interactions with the collaborator. As noted above these interactions may real, such as in-person meetings, or virtual, such as software modifications that render keys available to the attacker. Both of these types of interactions introduce a risk that they will be discovered, e.g., by employees of the collaborator organization noticing suspicious meetings or suspicious code changes."

References Edit

  1. Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement, at 4.
  2. Pervasive Attack: A Threat Model and Problem Statement, at 9.

Source Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.