Crypto U9, Cryptographic Protocols

specification of all events needed in order to achieve a requried security goal
1. specifies 4 things
  1. protocol assumptions
  2. protocol flow
    1. communication steps in protocol
  3. protocol messages
    1. kind of content in messages
  4. protocol actions
    1. any action an entity needs to perform before sending or after receiving a message
stages of protocol design
1. 1. define protocol objectives
  1. Identify the problem trying to be solved.
2. 2. define protocol goals
  1. translate objectives into concrete security goals
3. 3. specify protocol
  1. take goals as input and determine
    1. cryptographic primitives
    2. flow
    3. actions
design challenges
1. it's hard to get the right objectives
2. it is not always straightforward to identify the right security goals for identified objectives
3. deviating from standard protocols can lead to insecure protocols
4. complicated design goals may not fit existing, standard protocols
5. modifying a standard protocol even slightly may have insecure impacts
6. hire professionals to do protocol design
protocol examples
1. PKCS
  1. specifies suite of protocols for public key cryptography
2. ISO / IEC 117700
  1. specifies suite of protocols for mutual entity authentication
3. SSL/TLS
  1. specifies protocol for setting up a secure communication channel
attacks on protocols
1. reflection
  1. http://en.wikipedia.org/wiki/Reflection_attack
2. man in the middle
  1. http://en.wikipedia.org/wiki/Man-in-the-middle_attack
3. interleaving
  1. type of man in the middle attack

Próximo

Crypto U9, Cryptographic Protocols

Descrição

Resumo de Recurso

Semelhante

	Criado por jjanesko mais de 11 anos atrás