Security Protocols

A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.
A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.

Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:

Key agreement or establishment

In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome

Entity authentication
a method of authentication that requests a client program application, such as a browser, to supply identification when attempting to access an Internet site or specific area within that site.

Bob and Alice are sure of each other identities

Symmetric encryption and message authentication material construction

Ymmetric - key encryption are secret-key, single-key, shared-key, one-key, and private-key encryption. Symmetric-key cryptography is to be contrasted with asymmetric-key cryptography.

Secured application-level data transport

Cryptographic protocols are widely used

Non-repudiation methods
A method is disclosed for establishing data integrity and non-repudiation without hashing and without performing a bit to bit comparison of the message

For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.

There are other types of cryptographic protocols as well, and even the term itself has various different readings; Cryptographic application protocols often use one or more underlying key agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the Diffie-Hellman key exchange, which although it is only a part of TLS per se, Diffie-Hellman may be seen as a complete cryptographic protocol in itself for other applications. Cryptographic protocols can sometimes be verified formally on an abstract level.

Advanced cryptographic protocols

A wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computer-mediated collaboration. Blind signatures can be used for digital cash and digital credentials to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with. Secure digital time-stamping can be used to prove that data (even if confidential) existed at a certain time. Secure multiparty computation can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer. Undeniable signatures include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature. Deniable encryption augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plaintext message. Digital mixes create hard-to-trace communications.

Examples

Internet Key Exchange IPsec Kerberos Point to Point Protocol Transport Layer Security

Algorithm Types

There are two types of security algorithms:

Symmetric - There is one key both for encryption and decryption or else one key can be calculated using the other. The keys must be distributed in secret. Public Key - One key is public and is used for either encryption or decryption depending on whether the public party is sending a message or receiving it. The other key is private and allows only encryption or decryption. One key cannot be used to calculate the value of the other key.

Protocol Types

Arbitrated Protocol - A third party arbitrates the protocol to ensure no party is cheated. Adjudicated - A third party is called in only if a dispute during the execution of the protocol arises.

Self enforcing - No arbitrator is used and the protocol itself ensures fairness.

DEA - Data encryption algorithm

Algorithm Basics

Encryption algorithms are very complex mathematical formulas and in order to be effective utilize repeated and usually shifted mathematical operations. This means that an operation is done, bits are shifted and the operation is done again. This may be repeated several times. There are several factors that affect the security of the algorithm but having the best of these factors does not ensure the algorithm will be hard to crack or break. Many algorithms operate on data in blocks. The factors that characterize algorithms are:

Key length Block length Number of rounds of identical operations called function f where data is combined with the key. The bits are shifted in various ways and recombined using various methods.

In order to determine the effectiveness of the cryptographic algorithm, experts must attempt to break it using various attacks described in the section "Security Attacks". Strength of security protocol

Use protocols that have been thoroughly analyzed and tested over time and that have well understood limitations with acceptable security risks. Use the most recent versions of protocols, which offer stronger security or fix identified weaknesses in previous versions of the protocol. Protocols are revised periodically to improve the protocol and add new benefits and features. Use the strongest security options that are available with the protocol to protect valuable information. When it is feasible, require strong cryptography and do not allow systems to default to lower strength cryptography settings unless the value of the information to be protected is low. Prohibit the use of older and weaker versions of protocols when you want to protect valuable information. For example, require Secure Sockets Layer (SSL) version 3 or TLS for secure Web communications, and prohibit less secure SSL version 2 communications.