Cryptography Reference
In-Depth Information
All topics on cryptography feature cryptographic protocols, but relatively fewprovide
introductions to protocols or discuss practical aspects of protocols. A relevant
introduction to practical cryptographic protocols can be found in Ferguson, Schneier
and Kohno [75].
The majority of important cryptographic protocols are essentially AKE protocols.
A comprehensive overview of the many different approaches to designing an AKE
protocol is Boyd andMathuria [40]. Menezes, vanOorschot andVanstone [123] have
a useful chapter on AKE protocols. Dent andMitchell [55] provide a summary of most
significant standards for AKE protocols, including those appearing in ISO/IEC 9798
on entity authentication [19] and ISO/IEC 11770 on key establishment [4]. The
popular Kerberos protocol is standardised in RFC 4120 [129]. SSL/TLS is one of
the most widely used AKE protocols, with the latest version of TLS being specified
by RFC 5246 [57] (see Section 12.1). The highly influential Diffie-Hellman protocol
was first proposed in Diffie and Hellman [59] and is covered by RFC 2631 [160]
and PKCS#3 [115]. CrypTool [52] includes a simulation of Diffie-Hellman. The STS
protocol is due to Diffie, van Oorschot and Wiener [61]. A popular AKE protocol
based on Diffie-Hellman is the Internet Key Exchange protocol (IKE), which is
specified in RFC 4306 [106].
Every application of cryptography involves cryptographic protocols of some
sort. One interesting set of cryptographic protocols that we made passing
reference to were those for trusted computing, see for example Mitchell [65].
O'Mahony, Peirce and Tewari [146] describe a family of cryptographic protocols
that have been proposed for electronic payment schemes. The interesting class of
manual authentication protocols involve actions by human users. These feature in
ISO/IEC 9798 [19] and are used in Bluetooth security [37]. We will look at several
more cryptographic protocols during our discussion of cryptographic applications in
Chapter 12.
1
. There are many protocols that we have to conduct during our day-to-day lives.
One example is the purchase of a property. Explain this protocol (you may
choose to discuss the slightly less complex protocol for renting a property if
you are unfamiliar with the purchase protocol), making sure you mention:
• the entities involved;
• the protocol assumptions;
• the protocol flow;
• the protocol messages;
• the protocol actions.
