Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust
نویسندگان
چکیده
Security protocols are critical for protecting modern communication infrastructures and are therefore subject to thorough analysis. However practical implementations of these protocols lack the same level of attention and thus may be more exposed to attacks. This paper discusses security assurance provided by security-typed languages when implementing cryptographic protocols. Our results are based on a case study using Jif, a Java-based security-typed language, for implementing a non-trivial cryptographic protocol that allows playing online poker without a trusted third party. The case study deploys the largest program written in a security-typed language to date and identifies insights ranging from security guarantees to useful patterns of secure programming.
منابع مشابه
An ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملUniversally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols
Symbolic analysis of cryptographic protocols is dramatically simpler than full-fledged cryptographic analysis. In particular, it is simple enough to be automated. However, symbolic analysis does not, by itself, provide any cryptographic soundness guarantees. Following recent work on cryptographically sound symbolic analysis, we demonstrate how Dolev-Yao style symbolic analysis can be used to as...
متن کاملOn the Improper Use of CRC for Cryptographic Purposes in RFID Mutual Authentication Protocols
Mutual authentication is essential to guarantee the confidentiality, integrity, and availability of an RFID system. One area of interest is the design of lightweight mutual authentication protocols that meet the limited computational and energy resources of the tags. These protocols use simple operations such as permutation and cyclic redundancy code for cryptographic purposes. However, these f...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کاملDesign of an Efficient Security Protocol Analyzer
In this paper, we present a efficient security protocol analyzer to verify cryptographic security protocols. Our analyzer verifies security protocols based on notions of provable security. The analyzer only checks whether the core properties of security protocols satisfy the notions, making it faster than previous tools. The analyzer automatically checks whether authentication and key distribut...
متن کامل