Cryptographic protocol
|
|
A security protocol (or cryptographic protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.
The most widely used cryptographic protocols are protocols for secure application-level data transport. A cryptographic protocol of this kind usually incorporates at least some of these aspects:
- Entity authentication
- Symmetric encryption and message authentication material construction
- Secured application-level data transport
- Non-repudiation methods
For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
There are other types of cryptographic protocols as well, and even the term itself has various different readings. For instance, TLS employs what is known as the Diffie-Hellman key exchange, an although only a part of TLS per se, it can be also seen as a complete cryptographic protocol of its own right.
Cryptographic protocols can sometimes be verified formally on an abstract level.
External links
- Secure protocols open repository (http://www.lsv.ens-cachan.fr/spore/)