SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and 
Deployment

Fiebig, Tobias; Lichtblau, Franziska; Streibelt, Florian; Krueger, Thorben; Lexis, Pieter; Bush, Randy; Feldmann, Anja

Lokale TagsFreigabegeschichteDetailsÜbersicht

SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Fiebig, T., Lichtblau, F., Streibelt, F., Krueger, T., Lexis, P., Bush, R., et al. (2016). SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment. Retrieved from http://arxiv.org/abs/1610.05531.

Item is Freigegeben

einblenden: alle ausblenden: alle

Basisdaten

einblenden: ausblenden:

Datensatz-Permalink: https://hdl.handle.net/11858/00-001M-0000-002E-5698-D Versions-Permalink: https://hdl.handle.net/21.11116/0000-000E-2494-2

Genre: Forschungspapier

Latex : {SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Dateien

einblenden: Dateien

ausblenden: Dateien

:

arXiv:1610.05531.pdf (Preprint), 391KB

Öffnen Speichern

Datei-Permalink:
https://hdl.handle.net/11858/00-001M-0000-002E-569A-9

Name:
arXiv:1610.05531.pdf

Beschreibung:
File downloaded from arXiv at 2017-11-27 08:47

OA-Status:

Sichtbarkeit:
Öffentlich

MIME-Typ / Prüfsumme:
application/pdf / [MD5]

Technische Metadaten:

Öffnen

Copyright Datum:
-

Copyright Info:
-

Lizenz:
http://arxiv.org/help/license

Externe Referenzen

einblenden:

Urheber

einblenden:

ausblenden:

Urheber:
Fiebig, Tobias¹, Autor
Lichtblau, Franziska¹, Autor
Streibelt, Florian¹, Autor
Krueger, Thorben¹, Autor
Lexis, Pieter¹, Autor
Bush, Randy¹, Autor
Feldmann, Anja¹, Autor

Affiliations:
1External Organizations, ou_persistent22

Inhalt

einblenden:

ausblenden:

Schlagwörter: Computer Science, Cryptography and Security, cs.CR

Zusammenfassung: Today's Internet utilizes a multitude of different protocols. While some of
these protocols were first implemented and used and later documented, other
were first specified and then implemented. Regardless of how protocols came to
be, their definitions can contain traps that lead to insecure implementations
or deployments. A classical example is insufficiently strict authentication
requirements in a protocol specification. The resulting Misconfigurations,
i.e., not enabling strong authentication, are common root causes for Internet
security incidents. Indeed, Internet protocols have been commonly designed
without security in mind which leads to a multitude of misconfiguration traps.
While this is slowly changing, to strict security considerations can have a
similarly bad effect. Due to complex implementations and insufficient
documentation, security features may remain unused, leaving deployments
vulnerable.
In this paper we provide a systematization of the security traps found in
common Internet protocols. By separating protocols in four classes we identify
major factors that lead to common security traps. These insights together with
observations about end-user centric usability and security by default are then
used to derive recommendations for improving existing and designing new
protocols---without such security sensitive traps for operators, implementors
and users.

Details

einblenden:

ausblenden:

Sprache(n): eng - English

Datum: Erstellt: 2016-10-18Online veröffentlicht: 2016

Publikationsstatus: Online veröffentlicht

Seiten: 26 p.

Ort, Verlag, Ausgabe: -

Inhaltsverzeichnis: -

Art der Begutachtung: -

Identifikatoren: arXiv: 1610.05531
URI: http://arxiv.org/abs/1610.05531
BibTex Citekey: Fiebig2016

Art des Abschluß: -

Datensatz

Basisdaten

Dateien

Externe Referenzen

Urheber

Inhalt

Details

Veranstaltung

Entscheidung

Projektinformation

Quelle