How to Evaluate the Security of Real-Life Cryptographic Protocols? - The Cases of ISO/IEC 29128 and CRYPTREC
نویسندگان
چکیده
Governments and international standards bodies have established certification procedures for security-critical technologies, such as cryptographic algorithms. Such standards have not yet been established for cryptographic protocols and hence it is difficult for users of these protocols to know whether they are trustworthy. This is a serious problem as many protocols proposed in the past have failed to achieve their stated security properties. In this paper, we propose a framework for certifying cryptographic protocols. Our framework specifies procedures for both protocol designers and evaluators for certifying protocols with respect to three different assurance levels. This framework is being standardized as ISO/IEC 29128 in ISO/IEC JTC1 SC27/WG3, in which three of the authors are project co-editors. As a case study in the application of our proposal, we also present the plan for the open evaluation of entityauthentication protocols within the CRYPTREC project. Keyword: Cryptographic protocols, formal verification, standardization
منابع مشابه
The Camellia Cipher Algorithm and Its Use With IPsec
Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and was included in the list of cryptographic techniques for Japanese e-Government systems that was selected by the Japan CRYPTREC (Cryptography Research, Evaluation Committees) [CRYPTREC]. Camellia has been submitted to several other s...
متن کاملA Detailed Exploration of Usability Statistics and Application Rating Based on Wireless Protocols
A Detailed Exploration of usability statistics and Application Rating on short-range Wireless protocols Bluetooth (IEEE 802.15.1), ZigBee (IEEE 802.15.4), Wi-Fi (IEEE 802.11) and NFC (ISO/IEC 14443) has been performed that being representing of those prominent wireless protocols evaluating their main characteristics and performances in terms of some metric such as co-existence, data rate, secur...
متن کاملIEC 60870-5-104 Protocol Security Challenges and Countermeasures Identification
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is u...
متن کاملOn the Use of Encryption in Cryptographic Protocols
In the past few years the International Organisation for Standardization (ISO) and International ElectroTechnical Commission (IEC) have been jointly developing several standards for entity authenti-cation and/or encryption key exchange. Some of the mechanisms proposed use a symmetric block encryption algorithm, in a particular mode of operation, to achieve security. In this paper a general prop...
متن کاملDetermining the appropriate methodology for the security evaluation of equipment related to information and communication technology in the power industry
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both te...
متن کامل