Cryptography Reference
In-Depth Information
This action should really be specified as part of the protocol itself. It is common
practice to leave certain actions as implicit in the description of a cryptographic
protocol. This, however, is slightly dangerous. For example, SSL/TLS is commonly
adopted to secure the communication channel between a client and a web browser
(see Section 12.1). During this protocol the web server provides a digitally signed
public-key certificate (see Section 11.1.2) to the client in order to facilitate entity
authentication of the web server. The implicit action of
verifying the public-key
certificate received from the web server
is often ignored, thus exposing this protocol
to a range of attacks.
9.2.4
The wider protocol design process
While the focus of this chapter is on the
design
of cryptographic protocols, it is
important to recognise that the design is only one stage in a wider process. Just
as we discussed for cryptographic primitives in Section 3.2.4, it is more likely
that security problems arise from failures to implement a cryptographic protocol
properly. This can manifest itself in numerous ways, including:
• weakness in the implementation of a specific cryptographic primitive used by
the protocol;
• instantiation of a cryptographic primitive used in the protocol by a weak
cryptographic algorithm;
• failure to implement the entire protocol correctly (for example, omitting an
important action);
• weakness in the supporting key management processes.
Coupled with the difficulties in designing secure cryptographic protocols that we
discussed in Section 9.2.2, it should be clear that the entire deployment process of
a cryptographic protocol requires great care.
In this section we will look at another simple cryptographic protocol, but one that
has more security goals than the example in Section 9.2. We argued throughout
Section 9.2 that cryptographic protocol design was best left to experts, thus
the reason for studying this simple application is to provide insight into the
complexities of cryptographic protocol design, rather than to develop proficiency
in it. There are two other reasons for studying such an example in some depth:
1. We will see that there are many different ways, each with its own subtle
advantages and disadvantages, of designing a cryptographic protocol that
meets some specific security goals.
2. While designing proprietary cryptographic protocols is not generally recom-
mended, it is useful to be able to analyse, at least at a high level, whether a
given cryptographic protocol achieves its goals.
