- Cryptographic protocol
A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:
- Key agreement or establishment
- Entity authentication
- Symmetric encryption and message authentication material construction
- Secured application-level data transport
- Non-repudiation methods
For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
There are other types of cryptographic protocols as well, and even the term itself has various readings; Cryptographic application protocols often use one or more underlying key agreement methods, which are also sometimes themselves referred to as "cryptographic protocols". For instance, TLS employs what is known as the Diffie-Hellman key exchange, which although it is only a part of TLS per se, Diffie-Hellman may be seen as a complete cryptographic protocol in itself for other applications.
Cryptographic protocols can sometimes be verified formally on an abstract level. When it is done, there is a necessity to formalize then environment in which the protocol operate in order to identify treats. This is frequently done through the Dolev-Yao model
Advanced cryptographic protocols
A wide variety of cryptographic protocols go beyond the traditional goals of data confidentiality, integrity, and authentication to also secure a variety of other desired characteristics of computer-mediated collaboration. Blind signatures can be used for digital cash and digital credentials to prove that a person holds an attribute or right without revealing that person's identity or the identities of parties that person transacted with. Secure digital time-stamping can be used to prove that data (even if confidential) existed at a certain time. Secure multiparty computation can be used to compute answers (such as determining the highest bid in an auction) based on confidential data (such as private bids), so that when the protocol is complete the participants know only their own input and the answer. Undeniable signatures include interactive protocols that allow the signer to prove a forgery and limit who can verify the signature. Deniable encryption augments standard encryption by making it impossible for an attacker to mathematically prove the existence of a plaintext message. Digital mixes create hard-to-trace communications.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Cryptographic engineering — is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data confidentiality, to authenticate people or devices, or to verify data integrity in risky environments. Cryptographic… … Wikipedia
Protocol — may also refer to:Standards in information automation: * Communications protocol * Protocol (computing) * Protocol (object oriented programming) * Cryptographic protocolProcedures for human behavior: * Protocol (diplomacy) * Protocol, a.k.a.… … Wikipedia
Cryptographic primitive — Cryptographic primitives are well established, low level cryptographic algorithms that are frequently used to build computer security systems. These routines include, but are not limited to, one way hash functions and encryption functions.… … Wikipedia
Cryptographic Modernization Program — The Cryptographic Modernization Program is a Department of Defense directed, NSA Information Assurance Directorate led effort to transform and modernize Information Assurance capabilities for the 21st century. It has three phases: Replacement All … Wikipedia
Cryptographic Message Syntax — The Cryptographic Message Syntax (CMS) is the IETF s standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data. CMS is based on the syntax of PKCS#7, which in… … Wikipedia
Cryptographic nonce — For other uses of the word, see Nonce. Typical client server communication during a nonce based authentication process including both a server nonce and a client nonce. In security engineering, nonce is an arbitrary number used only once to sign… … Wikipedia
Offline private key protocol — The offline private key protocol (OPKP) is a cryptographic protocol to prevent unauthorized access to back up or archive data. The protocol results in a public key that can be used to encrypt data and an offline private key that can later be used … Wikipedia
Interlock protocol — The interlock protocol, as described by Ron Rivest and Adi Shamir, was designed to frustrate eavesdropper attack against two parties that use an anonymous key exchange protocol to secure their conversation. A further paper proposed using it as an … Wikipedia
Authentication protocol — An authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities wishing to communicate securely.Authentication protocol may refer to: * Challenge handshake authentication protocol (CHAP) * Extensible… … Wikipedia
Time stamp protocol — The Time Stamp Protocol, or TSP is a cryptographic protocol for certifying timestamps using X.509 certificates and public key infrastructure. The timestamp is a the signer s assertion that a piece of electronic data existed at or before a… … Wikipedia