Provable security refers to any type or level of security that can be proven. It is used in different ways by different fields,
Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilities of the attacker are defined by an adversarial model (also referred to as attacker model): the aim of the proof is to show that the attacker must solve the underlying hard problem in order to break the security of the modelled system. Such a proof does not consider side-channel attacks or other implementation-specific attacks, because they are usually impossible to model without implementing the system (and thus, the proof only applies to this implementation).
Outside of cryptography, the term is often used in conjunction with secure coding and security by design, both of which can rely on proofs to show the security of a particular approach. As with the cryptographic setting, this involves an attacker model and a model of the system. For example, code can be verified to match the intended functionality, described by a model: this can be done through static checking. These techniques are sometimes used for evaluating products (see Common Criteria): the security here depends not only on the correctness of the attacker model, but also on the model of the code.
Finally, the term provable security is sometimes used by sellers of security software that are attempting to sell security products like firewalls, antivirus software and intrusion detection systems. As these products are typically not subject to scrutiny, many security researchers consider this type of claim to be selling snakeoil.
... empirically secure) ---ESIGN (forgeable factor discovered does not have provable security) ---TSH-ESIGN (does not have provable security) RSA-PSS (provably secure ...
... In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically ... The proof of security (called a "reduction") is that these security requirements are met provided the assumptions about the adversary's access to the system ... was given by Goldwasser and Micali for semantic security and the construction based on the quadratic residuosity problem ...
Famous quotes containing the word security:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (18581928)