Recap of Cryptographic Protocols

Summary

In this chapter, we discussed cryptographic protocols, which provide a means for cryptographic primitives to be combined in ways that permit complex sets of security goals that can be tailored to particular application environments. We focused on a simple but artificial application to demonstrate how a cryptographic protocol can be designed and how sensitive the security of cryptographic protocols can be. We then looked at the important family of AKE protocols.

Perhaps the most important objective of this chapter was to provide an introduction to the art of designing and analyzing cryptographic protocols. Two important caveats apply:

1. We don’t recommend that anyone other than an expert attempts to design their cryptographic protocols. Unless there are no alternatives, standard cryptographic protocols should be used. It’s notoriously hard to design a secure cryptographic protocol since even minor changes to a secure protocol can result in an insecure protocol, as we have seen.

2. All our protocol analysis has been informal. There are several available techniques that formally prove the security of cryptographic protocols. While these need to be associated with some caveats of their own, their use is nonetheless preferable to the rather informal type of analysis we have conducted in this chapter. Of course, as we have seen, informal analysis is often enough to establish the insecurity of a cryptographic protocol.