Cryptography Reference
In-Depth Information
including ISO/IEC, NIST and IEEE, have standards that identify cryptographic
algorithms that have been widely studied by experts and recommended for
adoption. Some, but not all, of these cryptographic algorithms have proofs of
security within specific security models.
ASSESSING THE SECURITY OF A CRYPTOGRAPHIC PROTOCOL
As we will discover inChapter 9, cryptographic protocols are very complex objects
to analyse. Their security is also assessed using both informal analysis and more
rigorous formal methodologies. In addition to provable security techniques for
cryptographic protocols, there have been attempts to define logical methods of
arguing the security of a cryptographic protocol. These establish basic logical
statements relating to security and attempt to build a cryptographic protocol for
which certain security 'truths' hold.
One of the main problems with formal approaches to cryptographic protocol
analysis is that the cryptographic protocols used in real applications are often
quite complex and hard to capture in a formal model. However, even being able
to formally analyse part of a cryptographic protocol is arguably a significant
improvement on informal analysis techniques.
As well as general standards for specific types of cryptographic protocol, there
are many cryptographic applications whose underlying cryptographic protocols
are industry standards that have been approved by committees. We will discuss
several of these in Chapter 12. Where the standards body concerned has sufficient
cryptographic expertise, recommendations can be relied upon as a reasonable
means of security assessment. However, in Section 12.2 we will discuss one
case where development of an industry standard did not appear to involve the
appropriate level of cryptographic expertise.
ASSESSING THE SECURITY OF A CRYPTOSYSTEM
Hardest of all to assess is the security of an entire cryptosystem. As this
involves not just the cryptographic algorithms and protocols, but also the
wider infrastructure, we have to be realistic about the extent to which this can
be rigorously done. There are standards for many cryptosystem components,
for example key management, which can be used to benchmark such an
assessment. There are formal evaluation criteria for security products and there are
organisations that are licensed to conduct evaluations against these benchmarks.
Researchers are also looking into formal methods for evaluating the security
of particular components of the overall infrastructure, for example, formal
evaluation of the implementation of a particular cryptographic algorithm or
protocol.
We cannot capture the assessment of security of a cryptosystem in just a few
sentences. Rather, it is hoped that, by the end of this topic, the breadth of what it
might mean to assess the security of a cryptosystem should be clear.
