[cryptography] preventing protocol failings

Steven Bellovin smb at cs.columbia.edu
Mon Jul 4 19:36:47 EDT 2011


On Jul 4, 2011, at 7:28 10PM, Sampo Syreeni wrote:

> (I'm not sure whether I should write anything anytime soon, because of Len Sassaman's untimely demise. He was an idol of sorts to me, as a guy who Got Things Done, while being of comparable age to me. But perhaps it's equally valid to carry on the ideas, as a sort of a nerd eulogy?)
> 
> Personally I've slowly come to believe that options within crypto protocols are a *very* bad idea. Overall. I mean, it seems that pretty much all of the effective, real-life security breaches over the past decade have come from protocol failings, if not trivial password ones. Not from anything that has to do with hard crypto per se.
> 
> So why don't we make our crypto protocols and encodings *very* simple, so as to resist protocol attacks? X.509 is a total mess already, as Peter Gutmann has already elaborated in the far past. Yet OpenPGP's packet format fares not much better; it might not have many cracks as of yet, but it still has a very convoluted packet structure, which makes it amenable to protocol attacks. Why not fix it into the simplest, upgradeable structure: a tag and a binary blob following it?
> 
> Not to mention those interactive protocols, which are even more difficult to model, analyze, attack, and then formally verify. In Len's and his spouse's formalistic vein, I'd very much like to simplify them into a level which is amenable to formal verification. Could we perhaps do it? I mean, that would not only lead to more easily attacked protocols, it would also lead to more security...and a eulogy to one of the new cypherpunks I most revered.
> -- 

Simplicity helps with code attacks as well as with protocol attacks, and the former are a lot more common than the latter.  That was one of our goals in JFK:

@inproceedings{aiello.bellovin.ea:efficient,
  author = {William Aiello and Steven M. Bellovin and Matt Blaze and
		  Ran Canetti and John Ioannidis and Angelos D. Keromytis and
		  Omer Reingold},
  title = {Efficient, {DoS}-Resistant, Secure Key Exchange for
		  Internet Protocols},
  booktitle = {Proceedings of the ACM Computer and Communications
		  Security (CCS) Conference},
  year = 2002,
  month = {November},
  url = {https://www.cs.columbia.edu/~smb/papers/jfk-ccs.pdf},
  psurl = {https://www.cs.columbia.edu/~smb/papers/jfk-ccs.ps}
}



		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list