Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.
A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:
Entity authentication
a method of authentication that requests a client program application, such as a browser, to supply identification when attempting to access an Internet site or specific area within that site.
Non-repudiation methods
A method is disclosed for establishing data integrity and non-repudiation without hashing and without performing a bit to bit comparison of the message
For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
There are other types of cryptographic protocols as well, and even the term itself has various different readings; Cryptographic application protocols often use one or more underlying key agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the Diffie-Hellman key exchange, which although it is only a part of TLS per se, Diffie-Hellman may be seen as a complete cryptographic protocol in itself for other applications. Cryptographic protocols can sometimes be verified formally on an abstract level.
Examples
Internet Key Exchange IPsec Kerberos Point to Point Protocol Transport Layer Security
Algorithm Types
Symmetric - There is one key both for encryption and decryption or else one key can be calculated using the other. The keys must be distributed in secret. Public Key - One key is public and is used for either encryption or decryption depending on whether the public party is sending a message or receiving it. The other key is private and allows only encryption or decryption. One key cannot be used to calculate the value of the other key.
Protocol Types
Arbitrated Protocol - A third party arbitrates the protocol to ensure no party is cheated. Adjudicated - A third party is called in only if a dispute during the execution of the protocol arises.
Self enforcing - No arbitrator is used and the protocol itself ensures fairness.
Encryption algorithms are very complex mathematical formulas and in order to be effective utilize repeated and usually shifted mathematical operations. This means that an operation is done, bits are shifted and the operation is done again. This may be repeated several times. There are several factors that affect the security of the algorithm but having the best of these factors does not ensure the algorithm will be hard to crack or break. Many algorithms operate on data in blocks. The factors that characterize algorithms are:
Key length Block length Number of rounds of identical operations called function f where data is combined with the key. The bits are shifted in various ways and recombined using various methods.
In order to determine the effectiveness of the cryptographic algorithm, experts must attempt to break it using various attacks described in the section "Security Attacks". Strength of security protocol
Use protocols that have been thoroughly analyzed and tested over time and that have well understood limitations with acceptable security risks. Use the most recent versions of protocols, which offer stronger security or fix identified weaknesses in previous versions of the protocol. Protocols are revised periodically to improve the protocol and add new benefits and features. Use the strongest security options that are available with the protocol to protect valuable information. When it is feasible, require strong cryptography and do not allow systems to default to lower strength cryptography settings unless the value of the information to be protected is low. Prohibit the use of older and weaker versions of protocols when you want to protect valuable information. For example, require Secure Sockets Layer (SSL) version 3 or TLS for secure Web communications, and prohibit less secure SSL version 2 communications.