Item

Abstract

Today's Internet utilizes a multitude of different protocols. While some of
these protocols were first implemented and used and later documented, other
were first specified and then implemented. Regardless of how protocols came to
be, their definitions can contain traps that lead to insecure implementations
or deployments. A classical example is insufficiently strict authentication
requirements in a protocol specification. The resulting Misconfigurations,
i.e., not enabling strong authentication, are common root causes for Internet
security incidents. Indeed, Internet protocols have been commonly designed
without security in mind which leads to a multitude of misconfiguration traps.
While this is slowly changing, to strict security considerations can have a
similarly bad effect. Due to complex implementations and insufficient
documentation, security features may remain unused, leaving deployments
vulnerable.
In this paper we provide a systematization of the security traps found in
common Internet protocols. By separating protocols in four classes we identify
major factors that lead to common security traps. These insights together with
observations about end-user centric usability and security by default are then
used to derive recommendations for improving existing and designing new
protocols---without such security sensitive traps for operators, implementors
and users.