University of Hertfordshire

From the same journal

By the same authors

Security protocol deployment risk: (transcript of discussion)

Research output: Contribution to journalComment/debate

View graph of relations
Original languageEnglish
Pages (from-to)21-24
JournalLecture Notes in Computer Science
Journal publication date2011
Volume6615
DOIs
Publication statusPublished - 2011

Abstract

The level of confidence you need in the secrecy of the key you are using to upload your initials to the high score on Tour of Duty is probably different to the confidence you need to do a multi-million pound transaction. So the basic idea of this model is to classify cryptographic key sensitivity in terms of some sort of partial order: authentication master keys are more sensitive than the keys that they're used to protect; and generally a session key that is encrypted under a long term key is less sensitive than the long term key that's being used to encrypt it. If you've got the higher one, then it's possible to obtain the lower one, simply by looking at what's gone through the protocol. For example, if your protocol has got a message like that in it, then this key is below this one in the partial order.

Notes

The original publication is available at www.springerlink.com Copyright Springer [Full text of this transcript is not available in the UHRA]

ID: 344358