Guide
Appendix B. Security scenarios
We will describe several characteristics for security models to illustrate the variety of scenarios that one can encounter.
Security models
An exhaustive list of security models would be quite long and technical, so we only list a couple of characteristics that are part of a security model. The more adversarial scenarios will often not be very likely, but they help in getting a feel of the possibilities. Be aware that organizations do not always behave malicious on their own accord – they also expose that behaviour when an attacker infiltrated (e.g. hacked) some of them and act on their behalf.
- Security type. The security of the PET can depend on the computing capabilities of an attacker. Some PETs are resistant against classical computers only, some against both classical and quantum computers, and some provide security against any (future) computer with unlimited computing power (information-theoretic security).
- Conspiring organizations. A group of organizations in a PET solution may together try to break security and infer information of another organization.
- Untrustworthy organizations. Often it is assumed that all organizations in a PET solution adhere to the agreements made and implement and execute the solution as agreed upon. Additional measures must be considered if this assumption cannot be made.