English
 
Help Privacy Policy Disclaimer
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT
  SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Fiebig, T., Lichtblau, F., Streibelt, F., Krueger, T., Lexis, P., Bush, R., et al. (2016). SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment. Retrieved from http://arxiv.org/abs/1610.05531.

Item is

Basic

show hide
Genre: Paper
Latex : {SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Files

show Files
hide Files
:
arXiv:1610.05531.pdf (Preprint), 391KB
Name:
arXiv:1610.05531.pdf
Description:
File downloaded from arXiv at 2017-11-27 08:47
OA-Status:
Visibility:
Public
MIME-Type / Checksum:
application/pdf / [MD5]
Technical Metadata:
Copyright Date:
-
Copyright Info:
-

Locators

show

Creators

show
hide
 Creators:
Fiebig, Tobias1, Author
Lichtblau, Franziska1, Author           
Streibelt, Florian1, Author           
Krueger, Thorben1, Author
Lexis, Pieter1, Author
Bush, Randy1, Author
Feldmann, Anja1, Author                 
Affiliations:
1External Organizations, ou_persistent22              

Content

show
hide
Free keywords: Computer Science, Cryptography and Security, cs.CR
 Abstract: Today's Internet utilizes a multitude of different protocols. While some of
these protocols were first implemented and used and later documented, other
were first specified and then implemented. Regardless of how protocols came to
be, their definitions can contain traps that lead to insecure implementations
or deployments. A classical example is insufficiently strict authentication
requirements in a protocol specification. The resulting Misconfigurations,
i.e., not enabling strong authentication, are common root causes for Internet
security incidents. Indeed, Internet protocols have been commonly designed
without security in mind which leads to a multitude of misconfiguration traps.
While this is slowly changing, to strict security considerations can have a
similarly bad effect. Due to complex implementations and insufficient
documentation, security features may remain unused, leaving deployments
vulnerable.
In this paper we provide a systematization of the security traps found in
common Internet protocols. By separating protocols in four classes we identify
major factors that lead to common security traps. These insights together with
observations about end-user centric usability and security by default are then
used to derive recommendations for improving existing and designing new
protocols---without such security sensitive traps for operators, implementors
and users.

Details

show
hide
Language(s): eng - English
 Dates: 2016-10-182016
 Publication Status: Published online
 Pages: 26 p.
 Publishing info: -
 Table of Contents: -
 Rev. Type: -
 Identifiers: arXiv: 1610.05531
URI: http://arxiv.org/abs/1610.05531
BibTex Citekey: Fiebig2016
 Degree: -

Event

show

Legal Case

show

Project information

show

Source

show