How to choose the right security protocol?
Posted by davitb on 2nd November 2009
We all know that sending data over network and being sure that its confidentiality is not damaged is one of the crucial problems in security engineering. In fact, except some special cases the entire information security area is based on the problem of being able to send information from point A to point B and making sure that’s its security properties are maintained properly.
Creating secure protocols is not an easy task and this article is not intended to help you to create new protocols from the scratch. There already exist many well designed protocols which will give you all the necessary features to meet your requirements. There are many books and articles about how different secure protocols work and how they are designed. This article is not trying to describe details of these protocols rather it tries to recommend the “ideal” protocol for you, which of course doesn’t exist. The question that this article will try to answer is how you should choose the right secure protocol for your particular application.
Choosing the right protocol is also not a trivial task however I believe there are patterns which will help you to solve this task for your particular application. I’m able to recognize these patterns and I’m sure you will also be able to do it once you get the proper knowledge and experience.
We will go over the following topics:
- Data confidentiality and integrity in protocols
- Two types of security protocols
- Attacks you should worry about while thinking about protocols
- Protocol Choosing Patterns
- A demonstrative example
- Recommended references
Tags: authentication, authenticity, confidentiality, diffie-helman, eavesdropping, integrity, man-in-the-middle, replay attacks, security protocols, SPEKE, SSL
Posted in Attacking secure systems, authentication, how to design secure systems? | No Comments »