What Makes a Secure Protocol
Identify the goals of cryptographic protocols: authentication, confidentiality, integrity, and non-repudiation.
Authentication: Knowing Who You Are Talking To
Authentication is the goal of establishing the identity of communication partners. Without authentication, a protocol is vulnerable to impersonation: an attacker can pretend to be a trusted server and intercept communications. Authentication in protocols is typically achieved using digital certificates, pre-shared keys, or challenge-response mechanisms that prove knowledge of a secret without revealing it.
Confidentiality: Only Intended Parties Read Messages
Confidentiality ensures that message content is accessible only to intended recipients. It is achieved through encryption using keys known only to the parties involved. A confidentiality failure means an eavesdropper can read messages in transit. Confidentiality alone does not prevent an attacker from tampering with messages or replay attacks; it must be combined with integrity protection.
All lessons in this course
- What Makes a Secure Protocol
- SSH: Securing Remote Access
- SFTP and SCP: Secure File Transfer
- DNSSEC: Authenticating DNS Responses