Assumptions: The Trojan Horses of Secure Protocols

  • Paulo Verissimo
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1)


Secure protocols rely on a number of assumptions about the environment which, once made, free the designer from thinking about the complexity of what surrounds the execution context.

Henceforth, the designer forgets about the environment and moves on proving her algorithm correct, given the assumptions. When assumptions do not represent with sufficient accuracy the environment they are supposed to depict, they may become the door to successful attacks on an otherwise mathematically correct algorithm. Moreover, this can happen as unwitting to systems as a Trojan Horse’s action.

We wish to discuss the theoretical underpinnings of those problems and evaluate some recent research results that demonstrate a few of those limitations in actual secure protocols.


Secret Sharing Secure Protocol Trojan Horse Successful Attack Execution Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. Journal of the ACM 32(2), 374–382 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Meyer, F., Pradhan, D.: Consensus with dual failure modes. In: Proceedings of the 17th IEEE International Symposium on Fault-Tolerant Computing, pp. 214–222. IEEE Computer Society Press, Los Alamitos (1987)Google Scholar
  3. 3.
    Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. Journal of the ACM 35(2), 288–323 (1988)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Christian, F., Fetzer, C.: The timed asynchronous system model. In: Proceedings of the 28th IEEE International Symposium on Fault-Tolerant Computing, pp. 140–149. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  5. 5.
    Chandra, T., Toueg, S.: Unreliable failure detectors for reliable distributed systems. Journal of the ACM 43(2), 225–267 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Sousa, P., Neves, N.F., Verissimo, P.: How resilient are distributed f fault/intrusion-tolerant systems? In: Proceedings of the Int. Conference on Dependable Systems and Networks, pp. 98–107 (2005)Google Scholar
  7. 7.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: Proceedings of the 10th Annual ACM Symposium on Principles of Distributed Computing, pp. 51–59. ACM Press, New York (1991)CrossRefGoogle Scholar
  8. 8.
    Sousa, P., Neves, N.F., Verissimo, P.: Hidden problems of asynchronous proactive recovery. In: Third Workshop on Hot Topics in System Dependability (Hot Dep’07) (2007)Google Scholar
  9. 9.
    Verissimo, P., Casimiro, A.: The Timely Computing Base model and architecture. Transactions on Computers — Special Issue on Asynchronous Real-Time Systems 51(8) (August 2002) A preliminary version of this document appeared as Technical Report DI/FCUL TR 99-2, Department of Computer Science, University of Lisboa (April 1999)Google Scholar
  10. 10.
    Verissimo, P.: Travelling through wormholes: a new look at distributed systems models. SIGACTN: SIGACT News (ACM Special Interest Group on Automata and Computability Theory) 37(1) (Whole Number 138) (2006)Google Scholar
  11. 11.
    Verissimo, P.: Uncertainty and predictability: Can they be reconciled? In: Schiper, A., Shvartsman, A.A., Weatherspoon, H., Zhao, B.Y. (eds.) Future Directions in Distributed Computing. LNCS, vol. 2584, pp. 108–113. Springger, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Paulo Verissimo
    • 1
  1. 1.Univ. LisboaLisboaPortugal

Personalised recommendations