Paper Info
Title
How to evaluate the security of real-life cryptographic protocols? the cases of ISO/IEC 29128 and CRYPTREC
Abstract
Governments and international standards bodies have established certification procedures for security-critical technologies, such as cryptographic algorithms. Such standards have not yet been established for cryptographic protocols and hence it is difficult for users of these protocols to know whether they are trustworthy. This is a serious problem as many protocols proposed in the past have failed to achieve their stated security properties. In this paper, we propose a framework for certifying cryptographic protocols. Our framework specifies procedures for both protocol designers and evaluators for certifying protocols with respect to three different assurance levels. This framework is being standardized as ISO/IEC 29128 in ISO/IEC JTC1 SC27/WG3, in which three of the authors are project co-editors. As a case study in the application of our proposal, we also present the plan for the open evaluation of entity-authentication protocols within the CRYPTREC project.
Year
Venue
Keywords
2010
Financial Cryptography Workshops
different assurance level,international standards body,certifying protocol,iec jtc1 sc27,certification procedure,project co-editors,cryptographic protocol,cryptrec project,case study,real-life cryptographic protocol,cryptographic algorithm,internal standard,authentication protocol,formal verification
Field
DocType
Volume
Key management,Cryptographic Module Validation Program,Cryptographic protocol,Computer security,Computer science,Cryptographic primitive,Certification,Standardization,CRYPTREC,Formal verification
Conference
6054
ISSN
ISBN
Citations 
0302-9743
3-642-14991-X
9
PageRank 
References 
Authors
0.52
13
4
Name
Order
Citations
PageRank
Shin'ichiro Matsuo111616.05
Kunihiko Miyazaki220114.70
Akira Otsuka325836.20
David A. Basin44930281.93