SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and 
Deployment

Fiebig, Tobias; Lichtblau, Franziska; Streibelt, Florian; Krueger, Thorben; Lexis, Pieter; Bush, Randy; Feldmann, Anja

DetailsSummary

SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Fiebig, T., Lichtblau, F., Streibelt, F., Krueger, T., Lexis, P., Bush, R., et al. (2016). SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment. Retrieved from http://arxiv.org/abs/1610.05531.

Item is Released

show all hide all

Basic

show hide

Item Permalink: https://hdl.handle.net/11858/00-001M-0000-002E-5698-D Version Permalink: https://hdl.handle.net/11858/00-001M-0000-002E-5699-B

Genre: Paper

Latex : {SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Files

show Files

hide Files

:

arXiv:1610.05531.pdf (Preprint), 391KB

View Save

File Permalink:
https://hdl.handle.net/11858/00-001M-0000-002E-569A-9

Name:
arXiv:1610.05531.pdf

Description:
File downloaded from arXiv at 2017-11-27 08:47

OA-Status:

Visibility:
Public

MIME-Type / Checksum:
application/pdf / [MD5]

Technical Metadata:

View

Copyright Date:
-

Copyright Info:
-

License:
http://arxiv.org/help/license

Locators

show

Creators

show

hide

Creators:
Fiebig, Tobias¹, Author
Lichtblau, Franziska¹, Author
Streibelt, Florian¹, Author
Krueger, Thorben¹, Author
Lexis, Pieter¹, Author
Bush, Randy¹, Author
Feldmann, Anja¹, Author

Affiliations:
1External Organizations, ou_persistent22

Content

show

hide

Free keywords: Computer Science, Cryptography and Security, cs.CR

Abstract: Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users.

Details

show

hide

Language(s): eng - English

Dates: Created: 2016-10-18Published Online: 2016

Publication Status: Published online

Pages: 26 p.

Publishing info: -

Table of Contents: -

Rev. Type: -

Identifiers: arXiv: 1610.05531
URI: http://arxiv.org/abs/1610.05531
BibTex Citekey: Fiebig2016

Degree: -

Event

show

Legal Case

show

Project information

show

Source

show